(a) The concern. Noncompliance with rules, procedures, guidelines, or regulations pertaining to information technology systems may raise security concerns about an individual's trustworthiness, willingness, and ability to properly protect classified systems, networks, and information. Information Technology Systems include all related equipment used for the communication, transmission, processing, manipulation, and storage of classified or sensitive information.
(b) Conditions that could raise a security concern and may be disqualifying include: (1) Illegal or unauthorized entry into any information technology system;
(2) Illegal or unauthorized modification, destruction, manipulation or denial of access to information residing on an information technology system;
(3) Removal (or use) of hardware, software, or media from any information technology system without authorization, when specifically prohibited by rules, procedures, guidelines or regulations;
(4) Introduction of hardware, software, or media into any information technology system without authorization, when specifically prohibited by rules, procedures, guidelines or regulations.
(c) Conditions that could mitigate security concerns include: (1) The misuse was not recent or significant;
(2) The conduct was unintentional or inadvertent;
(3) The introduction or removal of media was authorized;
(4) The misuse was an isolated event;
(5) The misuse was followed by a prompt, good faith effort to correct the situation.