Deep Thoughts Blog

← Back to all writing

Network+ Exam

Documentation and Process

October 29, 2025

#network+

Documentation and Process

Administrative (Management) Controls — What to Know for Network+

Big Picture

Administrative controls = management decisions that direct technical + physical security.
Think top-down: Governance → Policies → Standards/Baselines → Procedures & Guidelines.

Governance

IT Governance: overall framework that aligns security with business goals (roles, accountability, risk appetite, compliance).
Examples: adopting NIST CSF, ISO 27001, setting risk tolerance, audit cadence.

Policies (High-Level “What & Why”)

Define intent, scope, and responsibilities. Mandatory.
Types you’ll see on exams:
- Organizational (Program/EISP): company-wide direction (who owns security, objectives).
- System-Specific (SSSP): requirements for a particular tech/system (e.g., “VPN policy for Remote Access Server”).
- Issue-Specific (ISSP): focused topic (e.g., Acceptable Use, Password Policy, Email/AI/Cloud policy).

Exam Tip: Policy = management intent; no step-by-step detail.

Standards (Mandatory “How Much/How Exactly”)

Implement the policy with uniform, measurable requirements.
Examples: “Passwords ≥ 14 chars, MFA required; TLS 1.3 only; AES-256 at rest; log retention 365 days.”

Baselines (Mandatory Minimums)

The minimum acceptable security configuration across similar assets.
Examples: “Windows Server baseline: disable SMBv1, enable host firewall, audit categories X/Y/Z, CIS level-1 controls enabled.”

Must Know: Baseline = minimum; Standard = exact specification.

Procedures (Mandatory “How-To Steps”)

Detailed, step-by-step instructions anyone can follow.
Examples: “Join host to domain → apply baseline GPO → enroll EDR → verify logs in SIEM.”

Guidelines (Recommended “Best Practice”)

Advisory, allow exceptions with approval.
Example: “Video editors may exceed default 1 TB storage; request up to 5 TB with manager sign-off.”

Why “Administrative” Controls Matter

Drive technical (firewalls, EDR, ACLs) and physical (badges, cameras, mantraps) controls.
Enable auditability, consistency, and compliance.
Most important part: people follow clear rules that are enforced and reviewed.

Quick Examples (tie it together)

Policy: “All remote access must be secure.”
Standard: “Only TLS 1.3; MFA via TOTP; VPN must be WireGuard or IKEv2.”
Baseline: “Remote laptops: full-disk encryption, EDR, CIS-L1, auto-patch ≤ 7 days.”
Procedure: “Create VPN account → enroll MFA → install client → validate connection logs.”
Guideline: “Preferred MFA app: Authenticator X; Y allowed if traveling without smartphone.”

Common Documentation

Asset. Management

IP Address Management (IPAM)

common agreements

product lifecycle -

change management

Configuration management

patch management