This directive and other guidance establish policy for information protection and personnel security.