| Javascript Feeds RSS Feed Security Dashboard | SearchSecurity.com |
|
U.S. Government IT Security Laws Several laws have been passed to secure those doors of ill-intent while maintaining windows for the public. One such law is the Federal Information Security and Management Act (FISMA).
05/20/2004
|
|
A Guide to Government Security Mandates To reverse a trend of weak security in government computer systems, Congress has passed legislation that requires federal agencies to more effectively manage the security of its IT systems. A fundamental component of this improved security management is System Certification. System Certification provides a holistic view of the state of security for each system by identifying the risks associated with the system, identifying the countermeasures implemented to mitigate those risks, explaining how security is implemented, planning for system downtimes and emergencies, and providing a formal plan to improve the security in any one of these areas. This document identifies each major component of the System Certification process and provides an overview of each. This document endeavors to provide the reader with a solid understanding of the certification process, the order in which the steps should be completed, and some lessens learned from actual experience.
05/20/2004
|
|
OMB Circular No. A-130 Circular No A-130 provides uniform government-wide information resources management policies as required by the Paperwork Reduction Act of 1980. As amended by the Paperwork Reduction Act of 1995, 44 USC Chapter 35. This Transmittal Memorandum contains updated guidance on the "Security of Federal Automated Information Systems," Appendix III and makes minor technical revisions to the Circular to reflect the Paperwork Reduction Act of 1995 (P.L. 104-13). The Circular is reprinted in its entirety for convenience.
By U.S Office of Management & Budget, 05/20/2004
|
|
Presidential Decision Directive 63 This White Paper explains key elements of the Clinton Administration's policy on critical infrastructure protection. It is intended for dissemination to all interested parties in both the private and public sectors. It will also be used in U.S. Government professional education institutions, such as the National Defense University and the National Foreign Affairs Training Center, for coursework and exercises on interagency practices and procedures. Wide dissemination of this unclassified White Paper is encouraged by all agencies of the U.S. Government.
By Clinton Administration, 05/20/2004
|
|
Federal Information Security Management Act Overview of the Federal Information Security Management Act (FISMA) of 2002. The purposes of this subchapter are to (1) provide a comprehensive framework for ensuring the effectiveness of information security controls over information resources that support Federal operations and assets; (2) recognize the highly networked nature of the current Federal computing environment and provide effective governmentwide management and oversight of the related information security risks, including coordination of information security efforts throughout the civilian, national security, and law enforcement communities;
By U.S Congress, 05/20/2004
|
|
National Security Presidential Directive 1. The National Security Act of 1947, as amended, established the National Security Council to advise the President with respect to the integration of domestic, foreign, and military policies relating to national security. National security includes the defense of the United States of America, protection of our constitutional system of government, and the advancement of United States interests around the globe. National security also depends on America's opportunity to prosper in the world economy. That remains its purpose. The NSC shall advise and assist me in integrating all aspects of national security policy as it affects the United States - domestic, foreign, military, intelligence, and economics (in conjunction with the National Economic Council (NEC)). The National Security Council system is a process to coordinate executive departments and agencies in the effective development and implementation of those national security policies.
By George W. Bush, 05/20/2004
|
|
Presidential Decision Directive/NSC - 29 The end of the Cold War has dramatically changed the threats that defined the security policies and procedures for protecting our government's information, facilities and people. While some threats have been reduced, others have remained relatively stable or have increased. Our understanding of the range of issues that affect our national security continues to evolve. Economic issues are of increasing concern and are competing with traditional political and military issues for resources and attention. Technologies, from those used to create weapons of mass destruction to those that interconnect our computers, are evolving and proliferating. With this greater diversity of threats, there is wide recognition that the security policies, practices and procedures developed during the Cold War must be reexamined and changed. We require a new security process based on sound threat analysis and risk management practices.
By William J. Clinton, 05/20/2004
|
|
Computer Security Act of 1987 In 1987, the US Congress, led by Rep Jack Brooks, enacted a law reaffirming that the National Institute for Standards and Technology (NIST), a division of the Department of Commerce, was responsible for the security of unclassified, non-military government computer systems, under the law, the role of the National Security Agency (NSA) was limited to providing technical assistance in the civilian security realm. Congress rightly felt that it was inappropriate for a military intelligence agency to have control over the dissemination of unclassified information. The law was enacted after President Reagan issued the controversial National Security Decision Directive (NSDD) 145 in 1984. The Reagan directive gave NSA control over all government computer systems containing "sensitive but unclassified" information. This was followed by a second directive issued by National Security Advisor John Poindexter that extended NSA authority over non-government computer systems.
By U.S Congress, 05/20/2004
|
