§3541. Purposes

The purposes of this subchapter are to-

(1) provide a comprehensive framework for ensuring the effectiveness of information security controls over information resources that support Federal operations and assets;

(2) recognize the highly networked nature of the current Federal computing environment and provide effective governmentwide management and oversight of the related information security risks, including coordination of information security efforts throughout the civilian, national security, and law enforcement communities;

(3) provide for development and maintenance of minimum controls required to protect Federal information and information systems;

(4) provide a mechanism for improved oversight of Federal agency information security programs;

(5) acknowledge that commercially developed information security products offer advanced, dynamic, robust, and effective information security solutions, reflecting market solutions for the protection of critical information infrastructures important to the national defense and economic security of the nation that are designed, built, and operated by the private sector; and

(6) recognize that the selection of specific technical hardware and software information security solutions should be left to individual agencies from among commercially developed products.

(Added Pub. L. 107–347, title III, §301(b)(1), Dec. 17, 2002, 116 Stat. 2946 .)

Effective Date

Pub. L. 107–347, title IV, §402(b), Dec. 17, 2002, 116 Stat. 2962 , provided that: "Title III [see Short Title of 2002 Amendments note set out under section 101 of this title] and this title [enacting provisions set out as a note under section 3601 of this title] shall take effect on the date of enactment of this Act [Dec. 17, 2002]."