each laptop, it may need specific rules so that every device that
            links will be secure. Usually, the baseline is a minimum
            requirement so that no equipment is allowed to communicate at
            a configuration lower than the benchmark.



            Guidelines

            As compared to policy, procedures, standards, and baselines
            (which are all mandatory requirements), instructions are
            recommendations. A guideline is a suggestion often of how to
            be compliant with necessary provisions. Guidelines may suggest
            how to create a secure password, or they may recommend how
            often to check for updates to anti-virus signature files.
            Instructions may be used to advise how to select products for
            purchase or what to look for in a review of system operations or
            processes. Guidelines provide answers to questions, advice on
            how to comply with requirements, and make security "simple"
            and understandable for users. An excellent example of the role
            of guidelines is the relationship between ISO/IEC27001 and
            ISO/IEC27002. ISO/IEC27001 is a certifiable standard that
            outlines the requirements for an Information Security
            Management System. In contrast, ISO/IEC27002 is a Code of
            Practice, a guidance document that describes the controls an
            organization could use if they wanted to be compliant with
            ISO/IEC27001.