1.1. Reissues and revises reference (a) to update uniform policy in
addition to the policy set forth in reference (b)
for the safeguarding of
classified, sensitive unclassified, and unclassified information processed in
AISs.
1.2. Updates the DoD-wide program for Automated Information System (AIS)
security.
1.3. Provides mandatory, minimum AIS security requirements. More stringent
requirements may be necessary for selected systems based on an assessment of
acceptable levels of risk.
1.4. Promotes the use of cost-effective,
computer-based (e.g., hardware, software, and firmware controls) security
features for AISs. However, it is emphasized that system users have a personal
responsibility to protect classified information under subparagraph 10-101.a. of
reference (b).
1.5. Requires a more accurate specification of overall DoD security
requirements for AISs that process classified or sensitive unclassified
information.
1.6. Stresses the importance of a life-cycle management approach to
implementing computer security requirements.
