This Directive is the overall computer security policy document for the Department of Defense. The document identifies mandatory and minimum AIS security requirements. Each agency may issue its own supplementary instructions. For DOD agencies, these instructions fall within the scope of the DOD guidelines and add more specificity. Additional requirements may be necessary for selected systems, based on risk assessments.