Over the last few years IL7 have accumulated over 40 policies derived from the USA NIST Cyber Assurance Framework. NIST has many controls and is mandated for federal departments in the USA. The private sector can take advantage of the best practices developed by US government and follow the guidelines, achieve the outcomes to IDENTIFY threats, PROTECT assets, DETECT, vulnerabilities and attacks, RESPOND to attackers and RECOVER from security events. There are two spreadsheets which list all NIST controls and relate them to the phases of security management.  

​

Here are also a sample of policies you can download: