This standard comes in two sections. Host security and end user security. End user security primarely focuses on what end users should do to keep enterprise security tight. For example, length and complexity of passwords that should be used. The host security section is targeted at systems administrators and architects.