A network security policy (NSP) is a generic document that outlines rules for computer network access, determines how policies are enforced and lays out some of the basic architecture of the company security/ network security environment.
[1] The document itself is usually several pages long and written by a committee.
A security policy is a complex document, meant to govern data access, web-browsing habits, use of passwords, encryption, email attachments and more.
Understanding what information and services are available and to which users, as well as what the potential is for damage and whether any protection is already in place to prevent misuse are important when writing a network security policy.
The National Institute of Standards and Technology provides an example security-policy guideline.