Frameworks and documented guidelines that establish security requirements, controls, and best practices for protecting organizational assets and information systems. It plays a critical role in protecting organizational assets and maintaining a strong security posture.