Incorporated in the foundation of the DISS system, the following policies help to maintain the confidentiality, integrity, and availability of DISS. DOD Instruction 8500.01 mandates annual Information Assurance training and proper handling of Personally Identifiable Information, or PII. DOD 5220.22M, otherwise known as the NISPOM, has been implemented in the Code of Federal Regulations. 32 CFR Part 117 is the new location for the National Industrial Security Program Operating Manual (NISPOM), which requires annual training of security principles and responsibilities. 32 CFR Part 117 is the Security Officer’s primary reference for industrial security policy. Lastly, the ISL 2012-03, mandates that FSOs and other contractor personnel performing security duties complete their security training considered appropriate by the cognizant security agency.