Well to me a policy is not dependant on an application/OS.
Policies are instructions indicating management?s intent about the operations of the organization. They are high level statements that provide guidance to workers who need to make basic development decisions. Policies are generalized requirements that can contain goals, objectives, controls and responsibilities.
Standards make specific mention of technologies, methodologies, implementation features and other detail factors. They often include specific numeric values (i.e. password length), the names of products, languages or specific technologies to be adhered to. These may change with every new technological need.
Procedures are specific instructions detailing the process required to meet the policy or standards.
I think the best place for you to start is http://www.cisecurity.org/ they have a benchmarking tool for Linux that would probably get you started on the correct security set up for that environmen.
Sorry to be so long winded.