The document issued by Triffid Corporation explaining its commitment to best practices is a ______, and the SANS documents are ______.

The correct answer identifies the document issued by Triffid Corporation as a policy and categorizes the SANS documents as standards. A policy serves as a guiding principle that outlines an organization's approach to managing its operations concerning certain areas, such as cybersecurity best practices. It reflects the organization's commitment to certain behaviors or goals, guiding decision-making and establishing expectations for employees.

In this context, the SANS documents are categorized as standards. Standards provide specific criteria or benchmarks that must be met in order to comply with an overarching policy. They offer detailed guidance on how to achieve the objectives laid out in the policy, often including technical specifications or best practices that help ensure consistent implementation across the organization.

Understanding the distinction between policy and standards is critical in cybersecurity management, as policies provide the high-level framework and intent, while standards lay out the practical applications of meeting those objectives. The other answer choices do not appropriately match the definitions and intended uses of these terms within the context of organizational practices.