The document discusses building an information assurance framework with policies, procedures, and infrastructure. It defines the difference between policies, which are strategic, and procedures, which are tactical. An information assurance infrastructure establishes security practices through documentation. It should specify steps to ensure security, make the process clear, and describe how practices will be established and enforced. The infrastructure is tailored to the organization through policies, procedures, and work instructions documented in an Information Assurance Manual. Disciplined performance and establishing the right security culture are important to ensure the infrastructure functions properly.