From a high level point of view, a good security policy should balance security risk against your business’ needs. Security policy should be written in a pro-active way – that is, it shouldn’t describe what is forbidden, but instead what should be done, and how to do it. It is best to implement security policy using SCAP documents, for ease of automation. Security policy must incorporate any mandatory government and industry requirements, and should be regularly updated and maintained.
The SCAP Security Guide is not just one security policy, but a whole number of them. For each platform, there are several profiles which provide security policies implemented according to security baselines. You can view the guide by clicking the respective link.
These guides to secure configuration of following platforms with following profiles are currently available in upstream: