Forums / Political & Legal / Cyber Security CZAR & PL100-235 (Jan 1987)

The President recently announced the intention of opening a Cyber Security
CZAR Office. If you will read PL100-235 a community of agencies have been doing exactly that. These agencies have worked together for a couple of decades. The two primary players are the National Institute of Standards and technology(NIST) (previously the Bureau of Standards) for Unclassified Systems and technologies & the National Security Agency (NSA) for Classified systems and technologies.
The NIST had funding directed to it but was only given a pittance to accomplish their requirements under the law. The NSA receives its funding for Information Assurance through the DOD. In 2008 the Congress voted a significant funding increase for Information Assurance. But, will the agencies needing the money ever see it ????
Remember these folks have been working the issue for some time (visit their sites (nist.gov & nsa.gov)).
So, somebody tell me why the f--- we need another f------ layer of Bureaucracy. To do what, figure out how to control the net in the U.S.. China got that figured out.
The czar thing really irks me I'll have to go back to some of my Political Science, Marxist/Leninist doctrine theory and puke on it.
enjoy !
101 STAT. 1724
Public Law 100-235

100th Congress

An Act

To provide for a computer standards program within the National Bureau of Standards to provide for Government-wide computer

security, and to provide for the training in security matters of persons who are involved in the management, operation, and use of

Federal computer systems, and for other purposes.

Be it enacted by the Senate and House of Representatives of the

United States of America in Congress assembled,

SECTION 1. SHORT TITLE.

Classified

information. This Act may be cited as the "Computer Security Act of 1987".

40 USC 759 note. SEC. 2. PURPOSE.

(a) IN GENERAL.-The Congress declares that improving the security and privacy of sensitive information in

Federal computer systems is in the public interest, and hereby creates a means for establishing minimum acceptable security practices

for such systems, without limiting the scope of security measures already planned or in use.

(b) SPECIFIC PURPOSES.-The purposes of this Act are:

(1) by amending the Act of March 3, 1901, to assign to the National Bureau of Standards responsibility for developing standards and

guidelines for Federal computer systems, including responsibility for developing standards and guidelines needed to assure the

cost-effective security and privacy of sensitive information in Federal computer systems, drawing on technical advice and assistance

(including work products) of National Security Agency, where appropriate;

(2) to provide for promulgation of such standards and guidelines by amending section 111(d) of the Federal Property and

Administrative Services Act of 1949;

(3) to require establishment of security plans by all operators of Federal computer systems that contain sensitive information;

(4) to require mandatory periodic training for all persons involved in management, use, or operation of Federal computer systems that

contain sensitive information.

SEC. 3. ESTABLISHMENT OF COMPUTER STANDARDS PROGRAM.The Act of March 3, 1901 (15 U.S.C. 271-278h), is amended (1) in

section 2(f), by striking out "and" at the end of paragraph (18), by striking out the period at the end of paragraph (19) and inserting in

lieu thereof: "; and", and by inserting after such paragraph the following: "(20) the study of computer systems (as that term is defined

in section 20(d) of this Act) and their use to control machinery and processes (2) by redesignating section 20 as section 22, and by

inserting after section 19 the following new sections:

15 USC 278g-3. "SEC. 20. (a) The National Bureau of Standards shallI

"(1) have the mission of developing standards, guidelines, and associated methods and techniques for computer systems;

"(2) except as described in paragraph (3) of this subsection (relating to security standards), develop uniform standards

and guidelines for Federal computer systems, except those systems excluded by section 2315 of title 10, United States

Code, or section 35020 of title 44, United States Code;

"(3) have responsibility within the Federal Government for developing technical, management, physical, and administrative

standards and guidelines for the cost-effective security and privacy of sensitive information in Federal computer

systems except-

" (

States Code; and

"(B) those systems which are protected at all times by procedures established for information which has been

specifically authorized under criteria established by an Executive order or an Act of Congress to be kept secret in the

interest of national defense or foreign policy, the primary purpose of which standards and guidelines shall be to control

loss and unauthorized modification or disclosure of sensitive information in such systems and to prevent computer--

related fraud and misuse;

"(4) submit standards and guidelines developed pursuant to paragraphs (2) and (3) of this subsection, along with recommendations

as to the extent to which these should be made compulsory and binding, to the Secretary of Commerce for

promulgation under section 111(d) of the Federal Property and Administrative Services Act of 1949;

"(5) develop guidelines for use by operators of Federal computer systems that contain sensitive information in training

their employees in security awareness and accepted security practice, as required by section 5 of the Computer Security Act

of 1987; and

"(6) develop validation procedures for, and evaluate the effectiveness of, standards and guidelines developed pursuant to

paragraphs (1), (2), and (3) of this subsection through research and liaison with other government and private agencies.

In fulfilling subsection (a) of this section, the National Bureau of Standards is authorized-

"(1) to assist the private sector, upon request, in using and applying the results of the programs and activities under this

section;

"(2) to make recommendations, as appropriate, to the Administrator of General Services on policies and regulations

proposed pursuant to section 111(d) of the Federal Property and Administrative Services Act of 1949;

"(3) as requested, to provide to operators of Federal computer systems technical assistance in implementing the standards

and guidelines promulgated pursuant to section 111(d) of the Federal Property and Administrative Services Act of 1949;

"(4) to assist, as appropriate, the Office of Personnel Management in developing regulations pertaining to training, as required

by section 5 of the Computer Security Act of 1987;

"(5) to perform research and to conduct studies, as needed, to determine the nature and extent of the vulnerabilities of, and to

devise techniques for the cost-effective security and privacy of sensitive information in Federal computer systems; and (6) to

coordinate closely with other agencies and offices (including, but not limited to, the Departments of Defense a Energy, the

National Security Agency, the General Accounting, Office, the Office of Technology Assessment, and the Office of

Management and Budget)-(A) to assure maximum use of all existing and planned programs, materials, studies, and reports

relating to computer systems security and privacy, in order to avoid unnecessary and costly duplication of effort; and (13) to

assure, to the maximum extent feasible, that standards developed pursuant to subsection (a) (3) and (5) are consistent and

compatible with standards and procedures developed for the protection of information in Federal Computer systems which is

authorized under criteria established by Executive order or an Act of Congress to be kept secret in the interest of national

defense or foreign policy. (c) For the purposes of-(1) developing standards and guidelines for the protection of sensitive

information in Federal computer systems under subsections (a) and (3), and (2) performing research and conducting studies

under subsection (b5), the National Bureau of Standards shall draw upon computer system technical security guidelines

developed by the National Security Agency to the extent that the National Bureau of Standards determines that such guidelines

are consistent with.the requirements for protecting sensitive information in Federal computer systems.(d) As used in this

section- the term computer system-(A) means any equipment or interconnected system or subsystems of equipment that is used

in the automatic acquisition, storage, manipulation, management, movement, control, display, switching, interchange, transmission,

or reception, of data or information; and (11) includes-A) computers;(H) ancillary equipment; software, firmware, and

similar procedures; services, including support services; and related resources as defined by regulations issued by the

Administrator for General Services pursuant to section 111 of the Federal Property and Administrative Services Act of 1949;

the term 'Federal computer system'-(A) means a computer system operated by a Federal agency or by a contractor of a Federal

agency or other organization that processes information (using a computer system) on behalf of the Federal Government to

accomplish a Federal function; and(B) includes automatic data processing equipment as that term is defined in section 111(a2)

of the Federal Property and Administrative Services Act of 1949; (3) the term 'operator of a Federal computer system' means a

Federal agency, contractor of a Federal agency, or other organization that processes information using a computer system on

behalf of the Federal Government to accomplish a Federal function; (4) the term 'sensitive information' means any information,

the loss, misuse, or unauthorized access to or modification of which could adversely affect the national interest or the conduct of

Federal programs, or the privacy to which individuals are entitled under section 552a of title 5, United States Code (the Privacy

Act), but which has not been specifically authorized under criteria established by an Executive order or an Act of Congress to be

kept secret in the interest of national defense or foreign policy; and (5) the term 'Federal agency' has the meaning given such

term by section 3(b) of the Federal Property and Administrative Services Act of 1949.

In addition there is a board that supervises and defines the requirementss of specific products to meet security needs

v/r Charley
(look behind all of that outer space stuff)