The Security Baseline is a company's record of:
- National security assets they maintain under their control
- Security controls currently in place to protect those assets.
The Security Baseline becomes a part of the facility's Tailored Security Plan (TSP). The Security Baseline, once established, will be a "living" document that is updated as needed when the assets at a facility change.
Security Controls are the processes and procedures your facility has in place to protect your national security assets. Security Controls may include physical security measures, such as a Closed Area or CCTV cameras; or they may include policies you have in place that employees must follow, such as visit procedures or security education requirements, that direct employees regarding how to protect your assets. A contractor may choose to reference Security Controls as outlined in an existing Standard Practice Procedure (SPP) or other company policy document, rather than reiterate those controls in the Security Baseline. When this is done, the SPP or other policy document(s) becomes an addendum to the Tailored Security Plan (TSP).
The Security Baseline should not contain any classified information. However, due to the sensitive nature of the information being provided in a Security Baseline, these documents should be transmitted between the contractor and DSS via the National Industrial Security System (NISS) "Messaging" function. The NISS "Messaging" function enables the transmittal of files, and all NISS messages are automatically encrypted. Please see the Job Aid below for information about how to use this feature of NISS.
For access to resources that will assist you in creating a Security Baseline (when directed by DSS to do so), please select the Resources below.
Toolkit feedback/suggestions? Email email@example.com.