In this lesson students will learn about the importance of Information Protection Processes and Procedures within the overarching NIST CSF Program. In this lesson we will clarify some of the technical requirements used to establishing Information Protection Processes and Procedures. These requirements include baselining configurations, secure system development lifecycle, change control, backups, response plans, human resources, compliance with policies, regulations, and vulnerability management. In this lesson we will review many valuable considerations for the establishment of Information Protection Processes and Procedures. We will also provide an exercise for students to practice their newfound knowledge and develop new Cybersecurity skills.