The tip of the spear for every cybersecurity program should be a robust set of cybersecurity documentation that defines required activities and expected behavior. For most organizations, cybersecurity documentation includes policies, standards, and procedures, although other kinds, such as regulations and guidelines, may exist as well. The implementation of cybersecurity documentation is a governance control that can lessen risk and comply with legal and regulatory requirements.