This document provides guidance on the enterprise protective security architecture and the framework of protective security policies, processes and types of controls necessary to mitigate and manage security risks across the protective security domains, including: a)    security governance; b)    personnel security; c)    information security; d)    cybersecurity; e)    physical security. This document is applicable for any organization.