3 templates mapped to SOC 2 (CC6.1, CC6.6).
Comprehensive password management policy incorporating the latest NIST, CIS Controls v8, and ISO 27001:2022 requirements. Includes modern authentication methods (MFA, passkeys, passwordless), breach prevention controls, and enterprise password manager guidance. Ready to customize and implement.
Comprehensive data classification policy establishing multi-tier classification framework, automated discovery and labeling, AI/ML training data governance, cloud data tagging, cross-border transfer classification, and privacy-by-design integration with DLP and compliance frameworks.
Comprehensive policy for secure management of secrets including API keys, passwords, certificates, cryptographic keys, and credentials. Covers secret types, vault requirements, rotation policies, access controls, audit logging, emergency access, prohibited practices (hardcoding), and scanning for exposed secrets.