Which term represents a formal policy baseline that defines how governance policies should be implemented across the organization?

A standard is a formal baseline that translates governance policies into concrete, organization-wide rules for how things should be implemented. It fixes specific requirements that must be followed so the policy intent is carried out consistently across the organization. For example, a standard might specify minimum password length and complexity, approved encryption algorithms, or patch management timelines, ensuring all departments meet the same security expectations. Standards sit between high-level policies and the procedures used to implement them: policy states the goal; standard defines the exact constraints to meet that goal; procedures describe the exact steps to comply. This is different from a Security Requirements Traceability Matrix, which maps requirements to controls for verification, from stakeholders, who are people with an interest, and from a technical control, which is a specific safeguard implemented on systems.