DODD 5200.28, DEPARTMENT OF DEFENSE DIRECTIVE: SECURITY REQUIREMENTS FOR AUTOMATED INFORMATION SYSTEMS (AISs) (21-MAR-1988)

DODD 5200.28, DEPARTMENT OF DEFENSE DIRECTIVE: SECURITY REQUIREMENTS FOR AUTOMATED INFORMATION SYSTEMS (AISs) (21-MAR-1988)., This Directive: 1.1. Reissues and revises reference (a) to update uniform policy in addition to the policy set forth in reference (b) for the safeguarding of classified, sensitive unclassified, and unclassified information processed in AISs. 1.2. Updates the DoD-wide program for Automated Information System (AIS) security. 1.3. Provides mandatory, minimum AIS security requirements. More stringent requirements may be necessary for selected systems based on an assessment of acceptable levels of risk. 1.4. Promotes the use of cost-effective, computer-based (e.g., hardware, software, and firmware controls) security features for AISs. However, it is emphasized that system users have a personal responsibility to protect classified information under subparagraph 10-101.a. of reference (b). 1.5. Requires a more accurate specification of overall DoD security requirements for AISs that process classified or sensitive unclassified information. 1.6. Stresses the importance of a life-cycle management approach to implementing computer security requirements.