Security Requirements for Automated Information Systems (AISs)

Abstract

This Directive: 1. Reissues and revises reference (a) to update uniform policy in addition to the policy set forth in reference (b) for the safeguarding of classified, sensitive unclassified, and unclassified information processed in AISs. 2. Updates the DoD-wide program for Automated Information System (AIS) security. 3. Provides mandatory, minimum AIS security requirements. More stringent requirements may be necessary for selected systems based on an assessment of acceptable levels of risk. 4. Promotes the use of cost-effective, computer-based (e.g., hardware, software, and firmware controls) security features for AISs. However, it is emphasized that system users have a personal responsibility to protect classified information under subparagraph 10-101.a. of reference (b). 5. Requires a more accurate specification of overall DoD security requirements for AISs that process classified or sensitive unclassified information. 6. Stresses the importance of a life-cycle management approach to implementing computer security requirements.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
Mar 21, 1988
Accession Number
ADA272815

Entities

Organizations

  • Office Of The Under Secretary Of Defense

Tags

Communities of Interest

  • Cyber
  • Human Systems

DTIC Thesaurus Topics

  • Command And Control
  • Communication Systems
  • Computer Access Control
  • Computer Network Security
  • Computers
  • Control Systems
  • Cybersecurity
  • Denial Of Service Attack
  • Department Of Defense
  • Governments
  • Information Systems
  • Life Cycles
  • National Security
  • Risk
  • Risk Analysis
  • Test And Evaluation
  • Training

Fields of Study

  • Computer science

Readers

  • Defense Financial Management and Audit.
  • Geospatial Intelligence and Artificial Intelligence Analytics
  • Software Engineering

Technology Areas

  • Cyber