The Security Baseline is a company's record of:
- National security assets they maintain under their control
- Security controls currently in place to protect those assets.
The Security Baseline becomes a part of the facility's Tailored Security Plan (TSP). The Security Baseline, once established, will be a "living" document that is updated as needed when the assets at a facility change.
Security Controls are the processes and procedures your facility has in place to protect your national security assets. Security Controls may include physical security measures, such as a Closed Area or CCTV cameras; or they may include policies you have in place that employees must follow, such as visit procedures or security education requirements, that direct employees regarding how to protect your assets. A contractor may choose to reference Security Controls as outlined in an existing Standard Practice Procedure (SPP) or other company policy document, rather than reiterate those controls in the Security Baseline. When this is done, the SPP or other policy document(s) becomes an addendum to the Tailored Security Plan (TSP).
The Security Baseline should not contain any classified information. However, due to the sensitive nature of the information being provided in a Security Baseline, these documents should be transmitted between the contractor and DSS via full encryption. If you are able to send encrypted emails with a Common Access Card (CAC) or other Personal Identify Verification (PIV) credential, you may transmit a Security Baseline in this manner once you and your DSS Representative have exchanged email certificates. If you do not have a CAC or PIV, you may transmit your Security Baseline to DSS using the U.S. Army Aviation and Missile Research Development and Engineering Center Safe Access File Exchange (AMRDEC SAFE) site. Please see the guide below regarding how to use AMRDEC Safe for encrypted file exchange.
For access to resources that will assist you in creating a Security Baseline (when directed by DSS to do so), please select the Resources below.
Toolkit feedback/suggestions? Email firstname.lastname@example.org.