DOD Directive 5200.28

Citation
DOD Directive 5200.28, Security Requirements for Automated Information Systems (AISs) (March 21, 1988).

Overview
This Directive is the overall computer security policy document for the Department of Defense. The document identifies mandatory and minimum AIS security requirements. Each agency may issue its own supplementary instructions. For DOD agencies, these instructions fall within the scope of the DOD guidelines and add more specificity. Additional requirements may be necessary for selected systems, based on risk assessments.