Policy News/Archives

7/16/2014

DSS provides an answer to a frequently asked question on reporting conduct involving marijuana.

Q: Are contractors in states that have enacted laws authorizing the medical use of marijuana, or in states that have enacted laws authorizing the use, possession, production, processing and distribution of marijuana, required to report use, possession, production, processing, or distribution of marijuana by cleared contractor personnel?

A:YES, any of these activities must be reported as adverse information in accordance with NISPOM paragraph 1-302.a.

 

7/15/2014

DSS posts information on use of JPAS

Industrial Security Letter (ISL) 2006-01, article #3, advised contractors that the Department of Defense designated the Joint Personnel Adjudication System (JPAS) as its system of record for contractor eligibility and access to classified information. In accordance with NISPOM paragraph 2-200b, contractors are responsible for annotating and maintaining the accuracy of their employees' access records in JPAS.

The Defense Manpower Data Center (DMDC) establishes processes and procedures for the use of JPAS. In order to maintain a JPAS account, contractors must comply with DMDC's processes and procedures related to account management, control of JPAS information, and system use which can be found on the DMDC website at: https://www.dmdc.osd.mil/psawebdocs/docPage.jsp?p=JPAS

 

7/11/2014

Accountability of TS Documents on Information Systems and Electronic Information

Q: Does the requirement for 100% accountability of TS documents apply to paper documents only, or does it also apply to documents stored on electronic media?

A: The NISPOM defines a document as "Any recorded information, regardless of the nature of the medium or the method or circumstances of recording." When documents are in electronic form and stored on another medium (e.g. hard drive or optical disc) each TS document on the medium must be accounted for individually.

Q:If multiple documents are stored on the electronic media, are NISP contractors required to maintain accountability of each TS digital document stored on a system's hard drive or account for the TS hard drive only?

A: When documents are in electronic form and stored on another medium (e.g. hard drive or optical disc) each TS document on the medium must be accounted for individually, in addition to the medium itself (if removable).

Q: When electronic media (e.g. hard drive or optical disc) containing Top Secret documents are lost, should reporting identify just the media or each individual document?

A: Any such report of loss must identify each individual document and item when a loss occurs. When multiple items are placed on the same medium, each having their own control number, they must be accounted for separately.

 

5/27/2014 Clarification Regarding JCAVS Person Summary Screen PRINTOUTS:

In addition to the guidance provided by
[https://www.dmdc.osd.mil/psawebdocs/docPage.jsp?p=JPAS], the following information is provided for contractors: Industry JPAS users should continue to follow the NISPOM and the guidance in Industrial Security Letter (ISL) 2010-01, article #5. If a Government Agency asks for a printout, please notify your DSS Industrial Security Representative so that DSS can address the issue with that agency.

Contractor security functions can be accomplished without printing from JPAS.

  • If a visit requires access to classified information and JPAS is not available to verify the visitor's personnel security clearance (PCL) level, a visit authorization letter may be used. Reference NISPOM paragraph 6-104b.
  • Contractors may continue to inform employees of the status of their eligibility and access to classified information, the date of their last investigation, and consult with employees regarding their personal information in order to maintain accurate access records in JPAS in accordance with NISPOM paragraph 2-200b.

As a reminder, all JCAVS printouts must be protected from unauthorized disclosure and in accordancewith the requirements for privacy/sensitive information and For Official Use Only (FOUO), Privacy Act of 1974. Privacy Act requests must be made according to the JPAS SoRN Record Access procedures.

5/16/2014 DSS Rescinds ISL 2007-01

The guidance found in the articles in ISL 2007-01 has been incorporated into the latest version of the ODAA Process Manual v3.2, dated Nov. 15, 2013. Therefore, ISL 2007-01 is rescinded. Click here to view the ODAA Process Manual. "Click here"

 

5/07/2014 Notice for Contractors with GSA-approved Class 5 security containers manufactured by FEDSAFE.

Contractors who have GSA-approved Class 5 security containers manufactured by FEDSAFES should contact the Department of Defense Lock Program. These containers may have a condition that requires correction. The DoD Lock Program is gathering data and can provide additional information.

When contacting the DoD Lock Program please provide the following information about your FEDSAFE container:

In addition, be prepared to provide the name, phone number and email address of a point of contact for the container at your facility.

You can contact the DoD Lock Program by phone 1-800-290-7607 or email W_NAVFAC_DOD_Lock_Program_Support@navy.mil

4/25/2014 DSS releases ISL 2014-03 "GSA Containers and Verifying Recertification Labels"

ISL 2014-03 provides clarification on the procurement of GSA containers and verifying GSA recertification labels, use of DoD approved alarms systems when the contractor is located on a military installation, and clarifies UL-2050 monitoring stations. Click HERE to view ISL.

4/24/2014 DSS releases ISL 2014-02, "U.S. Department of Housing and Urban Development (HUD)"

DSS releases ISL 2014-02, updating the list of Federal agencies that have entered into an agreement with DoD for Industrial Security services. Click HERE to view ISL.

4/23/2014 DoDM 5220.22, Volume 3, “National Industrial Security Program: Procedures for Government Activities Relating to Foreign Ownership, Control or Influence (FOCI)” is released

DoDM 5220.22, Volume 3, “National Industrial Security Program: Procedures for Government Activities Relating to Foreign Ownership, Control or Influence (FOCI)” was promulgated on April 17, 2014, and replaces Directive-Type Manual (DTM) 09-019. The link to the Manual can be accessed directly at http://www.dtic.mil/whs/directives/corres/pdf/522022_vol3_2014.pdf.

This DoD policy provides guidance to Government Activities (DoD (including Defense Security Service)) and the non-DoD agencies who have entered into agreements with DoD for industrial security services) about the industrial security procedures and practices related to foreign ownership, control or influence that those Government agencies should follow when evaluating FOCI at a company in process for a facility security clearance or a contractor that already has a facility security clearance. The NISPOM (DoD 5220.22-M) continues to provide guidance to NISP contractors about actions and issues related to FOCI.

4/17/2014 DSS releases ISL 2014-01

DSS releases ISL 2014-01, "GSA Carriers for Overnight Delivery of SECRET and CONFIDENTIAL Classified Materials"; rescinding ISL 2006-02, Article 18. The ISL prohibits the use of drop boxes and provides additional guidance on documenting processes and approvals for using commercial overnight express carriers for the shipment of SECRET and CONFIDENTIAL classified information. View ISL 2014-01.

4/10/2014

DSS provides "Validation of Personnel with Eligibility for Access to Classified Information" notice to industry. Click here to view notice.

2/26/2014

Guidance on Managing Personnel Security Clearance Records in the Joint Personnel Adjudication System (JPAS) - Break in Access and Break in Employment Click Here

1/06/2014 Notice: The Derivative Classification Training job aid listed as a training resource in ISL 2013-06 has been revised.

The revision does not change the training requirements outlined in ISL 2013-06. It reflects a new page design and minor content updates that provide additional clarity to the training requirements for derivative classifiers. The link to the job aid in the ISL will direct users to the revised version or the job aid can be accessed directly here.

12/31/2013 Notice regarding contractor inadvertent exposure to classified information in the public domain

DSS reposts as a reminder the notice to Contractors cleared under the National Industrial Security Program regarding inadvertent exposure to potentially classified information in the public domain which was originally posted on 6/11/2013. Click here to read the notice.

12/03/2013 Changes to United States Postal Service Express Mail and Use of Labels

NISPOM Paragraph 5-403b allows the transmission of classified material up to the SECRET level within and directly between the United States and its territorial areas by use of U.S. Postal Service (USPS) Express Mail. Effective July 2013, the USPS changed the name of Express Mail to Priority Express Mail and updated the label to reflect that change. The new Priority Express Mail label requires that you actually check the "signature is required" box, whereas with the prior Express Mail label, the signature was automatically obtained as a part of Express Mail delivery, unless indicated otherwise. Please note that you may see use of either the "Express Mail" or "Priority Express Mail" labels until existing stocks of "Express Mail" labels are depleted. In either case, it is the sender's responsibility to ensure that the recipient's signature is obtained when sending SECRET information through the U.S. Postal Service via express mail.

10/31/2013 DSS Industrial Policy notice on derivative classification training resources "

The DTIC link for "Derivative Classification Training," http://cdsetrain.dtic.mil/derivative/index.htm listed under training resources in ISL 2013-06, "Derivative Classification Responsibilities," is now available and provides access to the derivative classification training course.

10/04/2013 DSS release of ISL 2013-06, "Derivative Classification Responsibilities"

DSS releases ISL 2013-06, which provides clarification to contractors for specific NISPOM Conforming Change 1 requirements in Chapter 4 related to derivative classification. Click here to view ISL 2013-06.

08/27/2013 DSS will resume processing Top Secret PRs for industry

Because of a funding shortfall and the impact of sequestration on the FY13Personnel Security Investigations for Industry Program budget, the Defense Security Service suspended submission of most Top Secret periodic reinvestigation (PR) requests for cleared industry personnel beginning on June 14, 2013. After carefully monitoring and managing industry submissions for initial clearance and reinvestigation requests, DSS has determined that sufficient funding is now available to resume processing deferred Top Secret PRs effective Aug. 28, 2013, for the remainder of the fiscal year. DSS will continue to closely monitor the program's expenditures and will determine if any further actions are necessary.

08/08/2013 Derivative Classification Training and Recordkeeping Guidance

Conforming Change 1 to the NISPOM in paragraph 4-102 requires that contractor cleared personnel must be trained initially and at least once every 2 years on the topics set forth in NISPOM paragraph 4-102 before being authorized to make derivative classification decisions.

The Industrial Security Letter (ISL) that provides Cognizance Security Agency guidance on implementing the training requirements for Derivative Classifiers is pending approval by the Under Secretary of Defense for Intelligence. Until the ISL is released contractors should have a plan in place FOR IMPLEMENTATION or begin initiating training to meet the requirements of Conforming Change 1. Having a plan in place or initiating training will meet the intent of the NISPOM requirements. When issued the ISL will provide a date by which training must be completed by contractors.

  • Cleared contractor cleared personnel who can document that they have completed initial derivative classifier training required by NISPOM paragraph 4-102, do not need to take additional training until 2 years have elapsed from the date of their initial training.

  • Contractors can develop and implement internal training programs or use an existing training course that includes, at a minimum, the topics set forth in NISPOM paragraph 4-102 to meet the NISPOM requirements of derivative classification training for contractor personnel who are authorized to make derivative classification decisions.

  • Contractors will retain records of the date of the most recent training (initial or refresher) and type of training derivative classifiers receive. Records of training must be available for review during DSS security vulnerability assessments. Records may consist of training attendance records, certificates, or other documentation verifying that personnel assigned duties as derivative classifiers have successfully completed the training requirements.

Training Resources

The Derivative Classification Training Job Aid at the Center for Development of Security
Excellence (CDSE) website has detailed guidance:
http://www.cdse.edu/documents/cdse/DerivativeClassification.pdf.

Contractors who wish to use CDSE products can find their courseware on derivative classification at:

In addition to the above derivative classification training, the following marking course and training material provides additional information and guidance on derivative classification marking requirements.

08/07/2013 Standard Form 312 is revised

The "Classified Information Nondisclosure Agreement, Standard Form 312 (SF 312)" was revised by the DNI to reflect language required by two new statutes; 2011 Public Law 112-74 Financial Services and General Government Appropriations Act and 2012 Public Law 112-199 Whistleblower Protection Enhancement Act (WPEA). The Office of the Director of National Intelligence posting can be found here. The revised SF 312 dated 7-2013 is posted in the General Services Administration (GSA) forms library on their website and can be directly downloaded here. There is no requirement to resign and execute a new SF 312, previously executed forms are still valid.

07/23/2013 >DSS provides an update on ISL 2013-03, "Transfers of Defense Articles to Australia without a License or Other Written Authorization"

DSS released the ISL on March 20, 2013; a final rule document was published in the Federal Register on May 30, 2013, indicating that the treaty entered into force on May 16, 2013 http://www.pmddtc.state.gov/FR/2013/78FR32362.pdf. As of May 16, 2013, the requirements of the ISL are in effect. Click here to view ISL 2013-03.

07/08/2013

DSS Industrial Policy Division post guidance on Cleared Contractors Responsibilities for Subcontractor and Self-Employed Consultants Personnel Security Clearances (PCL) and Facility Clearances (FCL).
NISPOM 2-212 authorizes Cleared Contractors to process self-incorporated consultants for a PCL provided the consultant and members of his/her
immediate family are the sole owners of the consultant's firm, and only the consultant requires access to classified information. In such cases, a facility security clearance (FCL) is not required. Should other employees of the consultant's firm require access to classified information, the cleared contractor must issue a classified subcontract to the consultant's firm and sponsor them for an FCL if they don't already have one. NISPOM 2-200b prohibits prime contractors from managing subcontractor employees' PCLs (e.g., submitting a PCL to the CSA on the subcontractor's behalf). A subcontractor must be sponsored for an FCL if one does not exist and is responsible for processing PCLs for its employees and maintaining the accuracy of the employees' access records in JPAS.

07/02/2013 DSS releases ISL 2013-05

DSS releases ISL 2013-05, to address reporting requirements of cyber intrusions under NISPOM 1-301, "Reports to be Submitted to the FBI." This ISL replaces ISL 2010-02, "Reporting Requirements for Cyber Intrusions (NISPOM 1-301)," which has been rescinded. View ISL 2013-05.

07/01/2013 AIS authorization on the DD Form 254

DSS Industrial Policy Division releases an FAQ to identify which sections in the DD Form 254 authorizes the use of Automated Information Systems by cleared contractors. Click here to view the FAQ.

06/11/2013 Notice regarding contractor inadvertent exposure to classified information in the public domain.

DSS releases notice to Contractors cleared under the National Industrial Security Program regarding inadvertent exposure to potentially classified information in the public domain. Click here to read the notice.

06/11/2013 DSS release of ISL 2013-04 "Overseas Private Investment Corporation (OPIC)"
DSS releases ISL 2013-04, updating the list of Federal agencies that have entered into an agreement with DoD for Industrial Security services. Click HERE to view ISL 2013-04.
05/22/2013 Use of Drop Boxes for Classified Overnight Delivery Prohibited
NISPOM 5-403e authorizes the use of commercial delivery companies approved by the CSA that provide nationwide, overnight service with computer tracking and reporting features for overnight transmission of SECRET and CONFIDENTIAL material.

As indicated in Industrial Security Letter (ISL) 2006-02, Article 18, "General Services Administration Carriers for Overnight Delivery of SECRET and CONFIDENTIAL Classified Information," the use of drop boxes is prohibited.
04/15/2013 Director of National Intelligence Issues New Security Clearance Guidance
On April 5, 2013, the Director of National Intelligence James R. Clapper issued new security clearance guidance containing revised instructions for completing Question 21 of the SF 86, "Questionnaire for National Security Positions." The guidance, which was issued on an interim basis pending formal revision of the policy, addresses sexual assault and the seeking of mental health counseling, and applies to all executive branch departments and agencies. More information on the guidance can be found here.
04/03/2013 DoD Releases Change 1 to DoD 5220.22-M, "National Industrial Security Program Operating Manual (NISPOM)
On March 28, 2013, the Department of Defense approved Change 1 to DoD 5220.22-M, "National Industrial Security Program Operating Manual." The change includes the addition of the Office of Personnel Management (OPM) as a NISP signatory, recognizes the Director of National Intelligence (DNI) as a Cognizant Security Agency (CSA) vice the Central Intelligence Agency (CIA), it incorporates National Policy for derivative classification and marking requirements, and incorporates US-UK Treaty provisions for the Transfers of Defense Articles to the United Kingdom without a License or Other Written Authorization. The implementation of changes to this Manual by contractors shall be effected no later than 6 months from the date of the published change, with the exception of changes related to US-UK Treaty Requirements in Chapter 10, Section 8 of this Manual, which must be implemented immediately.
Change 1 to DoD 5220.22-M can be found at: http://www.dtic.mil/whs/directives/corres/pdf/522022m.pdf
A Summary of Changes can be found at: http://www.dtic.mil/whs/directives/corres/pdf/522022m_summaryofchanges.pdf
03/25/2013 DSS releases ISL 2013-03, Transfers of Defense Articles to Australia without a License or Other Written Authorization
This Industrial Security Letter (ISL) promulgates updated guidance for information and interpretation of existing paragraphs in Chapters 4 and 10 of the National Industrial Security Program Operating Manual (NISPOM) based on the requirements of that Treaty, for exports and transfers of Defense Articles to Australia. This guidance is effective upon entry into force of the Treaty.
A Rule document will be published in the Federal Register announcing the effective date.
Click here to view ISL 2013-03.
02/27/2013 Mandatory Training for JPAS Industry Users
The Defense Manpower Data Center (DMDC) has posted guidance for mandatory Cyber Awareness Challenge and Personal Identifiable Information (PII) training. Specific guidance on the training can be found on the DMDC JPAS website in the JPAS Policy Changes document and in the JPAS Account Management Policy, paragraph 4.1.3.
02/08/2013 DSS releases ISL 2013-01, Facility Clearance (FCL) Eligibility Requirements (NISPOM 2-102b)
DSS releases ISL 2013-01, to address FCL eligibility for American Indian/Alaska Native tribal entities or those entities that are organized and existing under the laws of any of the tribes recognized by the Assistant Secretary – Indian Affairs, U.S. Department of the Interior.  The ISL further addresses FCL processing for federally-chartered tribal corporations formed under Section 17 of the Indian Reorganization Act (25 U.S.C. § 477) and companies chartered under the laws of a U.S. state, the District of Columbia, or an organized U.S. territory and owned in whole or part by Indian tribes. View ISL 2013-01.
10/19/2012 Information Security Oversight Office (ISOO) Notice 2012-04, "Additional Guidance on Standards for Security Equipment”
ISOO Notice 2012-04 provides additional guidance to the Federal government on the safeguarding of classified national security information in General Services Administration approved security containers and addresses the procurement of GSA-approved security containers. Cleared contractors under the National Industrial Security Program should be aware of the information outlined in the ISOO notice when purchasing GSA-approved security containers and are reminded that in accordance with NISPOM Chapter 5 that containers used for the safeguarding of classified material shall be GSA-approved.
For further assistance regarding these requirements for cleared contractors, contact Policy_HQ@dss.mil.
Contact isoo@nara.gov with questions regarding the ISOO Notice 2012-04.
07/20/2012 DSS Industrial Policy provides answers to FAQs regarding NATO Annual Refresher briefings.
05/22/2012 STATUS OF National Industrial Security Program Operating Manual (NISPOM) REVISION: DoD is continuing informal coordination with the National
Industrial Security Program Policy Advisory (NISPPAC) on revisions to the NISPOM, DoD Manual 5220.22-M guidance to cleared contractors.

Once the informal NISPPAC coordination is completed, DoD must:

  1. Conduct DoD formal coordination of the revised draft;
  2. Gain concurrence of the other 3 CSAs (Department of Energy, Nuclear
    Regulatory Commission and Office of the Director of National Intelligence);
  3. Consult with the 24 non-DoD agencies for which DoD provides industrial services;
  4. Post the NISPOM draft in the Federal Register for public comment; and
  5. Promulgate the revised NISPOM."
05/17/2012 DSS Releases ISL 2012-03 FSO Training (NISPOM 3-102)
DSS releases ISL 2012-03, which aligns the FSO training requirements with the recently updated FSO training curricula being delivered by the DSS Center for Development of Security Excellence. This ISL provides clarification on the FSO orientation and FSO Program Management Course requirements referenced in the NISPOM, and rescinds previously published guidance. Click here to view ISL 2012-03.
05/03/2012 Information Security Oversight Office (ISOO) Notice 2012-03, "Additional Guidance on Supplemental Controls Required for Safeguarding Classified National Security Information."
PDF ISOO Notice 2012-03 provides guidance on the requirements for intrusion detection systems (IDS) used to safeguard classified national security information as outlined in 32 CFR 2001.43(b). This guidance does not currently apply to cleared contractors. Cleared contractors must continue following the IDS requirements outlined in National Industrial Security Program Operating Manual paragraph 5-900.

Contact isoo@nara.gov with questions regarding the ISOO Notice 2012-03.

For further assistance regarding IDS requirements for cleared contractors, contact Policy_HQ@dss.mil.
05/02/2012 USD(I) reissues DoD 5100.76-M, "DoD Physical Security of Sensitive Conventional Arms, Ammunition, and Explosives (AA&E) Manual"
On April 17, 2012, the Under Secretary of Defense for Intelligence (USD(I)) reissued DoD 5100.76-M, "DoD Physical Security of Sensitive Conventional Arms, Ammunition, and Explosives (AA&E)" PDF This manual supersedes the DoD 5100.76-M manual, dated August 12, 2000.
04/25/2012 The guidance found within ISL 2012-02 is now in effect.
On April 13, 2012, Department of State announced the official enforcement of the United States (US) and the United Kingdom (UK) Defense Trade Control Treaty.  This enforcement implements the guidance of ISL 2012-02, as of April 13, 2012.  Please click here for additional information.
02/23/2012 DSS Releases ISL 2012-01
This ISL amends the list of federal agencies that DoD has entered into agreements with for industrial security services. Please PDF click here to obtain additional information.
11/14/2011 Attention All Users
September 14, 2011, the Deputy Secretary of Defense released the "Improving Implementation of Policy Guidance for Foreign Ownership, Control, or Influence (FOCI)" memorandum. This is an internal memorandum that directs actions by the heads of the Military Departments, Defense Agencies and other DoD Components. It does not direct actions by our Industry partners.
05/02/2011 DSS releases ISL 2011-02
This ISL provides guidance regarding Puerto Rico birth certificates as acceptable proof of citizenship when issued on or after, July 1, 2010. This ISL also clarifies when COMSEC material is considered "proscribed"
information. Please PDF click here to obtain additional information.
02/11/2011 DSS provides notice to contractors cleared under the National Industrial Security Program (NISP) regarding protecting classified information and the integrity of government data on cleared contractor information technology (IT) systems. The widespread distribution of the documents posted on WikiLeaks has prompted the requirement to use other than normal spill procedures, as identified in this notice:
In light of the damage caused to our national security by the unauthorized disclosure of U.S. Government documents by WikiLeaks, the Acting Undersecretary of Defense (Intelligence) directed the Defense Security Service to notify cleared companies of their obligations to protect classified information and to follow established and authorized procedures for accessing classified information. This notice reiterates basic, existing obligations and principles governing the protection of classified information for contractors cleared under the NISP. PDF Click here to view the notice.
01/24/2011 DSS Guidance to Industry Reference USCYBERCOM Communications Tasking Order (CTO) 10-133, "Protection of Classified Information on Department of Defense (DoD) Secret Internet Protocol Router Network (SIPRnet)":
DSS understands there have been several questions regarding the issuance of the recent USCYBERCOM CTO 10-133. Please be advised this issuance applies only to contractors with whose information systems have connectivity to the SIPRNet. Additional guidance can be obtained through your local DSS ISFO/ODAA representative.
12/13/2010 DSS provides a security reminder to Industry regarding accessing publically posted classified information:
Industry is reminded that accessing or downloading classified or potentially classified information to an IT system not certified and accredited to process classified information constitutes a security violation. PDF Click here for additional information.
07/14/2008 Use of non-GSA-approved security containers NISPOM paragraph 5-303 applies to contractors the provision of Classified National Security Information Directive No. 1 which prohibits the use of non-GSA-approved security containers for the storage of classified material effective October 1, 2012. The Department of Defense will not waive the requirement to terminate the use of non-GSA approved security containers for the storage of classified information. PDF More guidance is available here.
12/08/2008 Reminder from Defense Security Service - NISPOM Requirement to Check for Malicious Code On Nov. 15, 2008, the Commander, U.S. Strategic Command released the message, SUBJ: Suspension of Removable Flash Media (FOUO). DSS has received questions from cleared contractors on whether the message applies to them. The order to suspend the use of removable flash media applies to DoD networks and computer systems only. The message does not apply to contractor systems. Cleared contractors are reminded that their classified security programs are governed by the National Industrial Security Program Operating Manual (NISPOM).

NISPOM paragraph 8-305 requires that all Information Systems (IS), regardless of their operating system, be protected against malicious code. NISPOM paragraph 8-101f(5) requires that the Information Systems Security Manager (ISSM) implement and maintain security features, policies, and procedures that detect and deter incidents caused by malicious code, viruses, intruders or unauthorized modifications to software or hardware.

Removable media may have embedded malicious software (malware). The NISPOM paragraph 8-302 requirement to examine all commercial hardware and software before being placed into use on the IS applies to such removable media. Software must be tested to ensure that it does not contain features detrimental to the security of the IS. All security-related software must be tested to verify that the security features function as specified. The ISSM has the responsibility to ensure that IS employs the appropriate software to check and remove viruses or other malicious code and that all files, data, or external communications are checked before being introduced into the IS.

DSS recommends that contractors increase their awareness of and vigilance against potential security and cyber threats through the application of best security practices whether at work, home, or on travel.