15 USC 278g-3: Computer standards program
Result 208 of 7737
   
 
<< Previous   TITLE 15 / CHAPTER 7 / § 278g-3   Next >>
15 USC 278g-3: Computer standards program Text contains those laws in effect on January 16, 1996
From Title 15-COMMERCE AND TRADECHAPTER 7-NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY
Jump To: Source CreditReferences In TextPrior ProvisionsAmendmentsMiscellaneous

§278g–3. Computer standards program

(a) Development of standards, guidelines, methods, and techniques for computer systems

The Institute shall-

(1) have the mission of developing standards, guidelines, and associated methods and techniques for computer systems;

(2) except as described in paragraph (3) of this subsection (relating to security standards), develop uniform standards and guidelines for Federal computer systems, except those systems excluded by section 2315 of title 10 or section 3502(2) 1 of title 44;

(3) have responsibility within the Federal Government for developing technical, management, physical, and administrative standards and guidelines for the cost-effective security and privacy of sensitive information in Federal computer systems except-

(A) those systems excluded by section 2315 of title 10 or section 3502(2) 1 of title 44; and

(B) those systems which are protected at all times by procedures established for information which has been specifically authorized under criteria established by an Executive order or an Act of Congress to be kept secret in the interest of national defense or foreign policy,


the primary purpose of which standards and guidelines shall be to control loss and unauthorized modification or disclosure of sensitive information in such systems and to prevent computer-related fraud and misuse;

(4) submit standards and guidelines developed pursuant to paragraphs (2) and (3) of this subsection, along with recommendations as to the extent to which these should be made compulsory and binding, to the Secretary of Commerce for promulgation under section 759(d) of title 40;

(5) develop guidelines for use by operators of Federal computer systems that contain sensitive information in training their employees in security awareness and accepted security practice, as required by section 5 of the Computer Security Act of 1987; and

(6) develop validation procedures for, and evaluate the effectiveness of, standards and guidelines developed pursuant to paragraphs (1), (2), and (3) of this subsection through research and liaison with other government and private agencies.

(b) Technical assistance and implementation of standards developed

In fulfilling subsection (a) of this section, the Institute is authorized-

(1) to assist the private sector, upon request, in using and applying the results of the programs and activities under this section;

(2) to make recommendations, as appropriate, to the Administrator of General Services on policies and regulations proposed pursuant to section 759(d) of title 40;

(3) as requested, to provide to operators of Federal computer systems technical assistance in implementing the standards and guidelines promulgated pursuant to section 759(d) of title 40;

(4) to assist, as appropriate, the Office of Personnel Management in developing regulations pertaining to training, as required by section 5 of the Computer Security Act of 1987;

(5) to perform research and to conduct studies, as needed, to determine the nature and extent of the vulnerabilities of, and to devise techniques for the cost-effective security and privacy of sensitive information in Federal computer systems; and

(6) to coordinate closely with other agencies and offices (including, but not limited to, the Departments of Defense and Energy, the National Security Agency, the General Accounting Office, the Office of Technology Assessment, and the Office of Management and Budget)-

(A) to assure maximum use of all existing and planned programs, materials, studies, and reports relating to computer systems security and privacy, in order to avoid unnecessary and costly duplication of effort; and

(B) to assure, to the maximum extent feasible, that standards developed pursuant to subsection (a)(3) and (5) of this section are consistent and compatible with standards and procedures developed for the protection of information in Federal computer systems which is authorized under criteria established by Executive order or an Act of Congress to be kept secret in the interest of national defense or foreign policy.

(c) Protection of sensitive information

For the purposes of-

(1) developing standards and guidelines for the protection of sensitive information in Federal computer systems under subsections (a)(1) and (a)(3) of this section, and

(2) performing research and conducting studies under subsection (b)(5) of this section,


the Institute shall draw upon computer system technical security guidelines developed by the National Security Agency to the extent that the Institute determines that such guidelines are consistent with the requirements for protecting sensitive information in Federal computer systems.

(d) Definitions

As used in this section-

(1) the term "computer system"-

(A) means any equipment or interconnected system or subsystems of equipment that is used in the automatic acquisition, storage, manipulation, management, movement, control, display, switching, interchange, transmission, or reception, of data or information; and

(B) includes-

(i) computers;

(ii) ancillary equipment;

(iii) software, firmware, and similar procedures;

(iv) services, including support services; and

(v) related resources as defined by regulations issued by the Administrator for General Services pursuant to section 759 of title 40;


(2) the term "Federal computer system"-

(A) means a computer system operated by a Federal agency or by a contractor of a Federal agency or other organization that processes information (using a computer system) on behalf of the Federal Government to accomplish a Federal function; and

(B) includes automatic data processing equipment as that term is defined in section 759(a)(2) of title 40;


(3) the term "operator of a Federal computer system" means a Federal agency, contractor of a Federal agency, or other organization that processes information using a computer system on behalf of the Federal Government to accomplish a Federal function;

(4) the term "sensitive information" means any information, the loss, misuse, or unauthorized access to or modification of which could adversely affect the national interest or the conduct of Federal programs, or the privacy to which individuals are entitled under section 552a of title 5 (the Privacy Act), but which has not been specifically authorized under criteria established by an Executive order or an Act of Congress to be kept secret in the interest of national defense or foreign policy; and

(5) the term "Federal agency" has the meaning given such term by section 472(b) of title 40.

(Mar. 3, 1901, ch. 872, §20, as added Jan. 8, 1988, Pub. L. 100–235, §3(2), 101 Stat. 1724 ; amended Aug. 23, 1988, Pub. L. 100–418, title V, §5115(a)(1), 102 Stat. 1433 .)

References in Text

Section 3502 of title 44, referred to in subsec. (a)(2), (3)(A), which in par. (2) defined "automatic data processing" and "automatic data processing equipment", was omitted in the general amendment of chapter 35 of Title 44, Public Printing and Documents, by Pub. L. 104–13, §2, May 22, 1995, 109 Stat. 163 . Pub. L. 104–13 enacted a new section 3502 of Title 44 which defines "information technology".

Section 5 of the Computer Security Act of 1987, referred to in subsecs. (a)(5) and (b)(4), is section 5 of Pub. L. 100–235, Jan. 8, 1988, 101 Stat. 1729 , which is set out as a note under section 759 of Title 40, Public Buildings, Property, and Works.

Prior Provisions

A prior section 20 of act Mar. 3, 1901, ch. 872, was renumbered section 22 and is classified to section 278h of this title.

Amendments

1988-Pub. L. 100–418 substituted "Institute" for "National Bureau of Standards" in introductory provisions of subsecs. (a) and (b) and wherever appearing in closing provisions of subsec. (c).

Computer Security

Nothing in amendment by Pub. L. 100–235 which enacted this section to be construed to constitute authority to withhold information sought under section 552 of Title 5, Government Organization and Employees, or to authorize any Federal agency to limit, restrict, regulate, or control collection, maintenance, disclosure, use, transfer, or sale of any information that is privately owned information, disclosable under section 552 of Title 5 or other law requiring or authorizing public disclosure of information, or public domain information, see section 8 of Pub. L. 100–235, set out as a note under section 759 of Title 40, Public Buildings, Property, and Works.

Section Referred to in Other Sections

This section is referred to in sections 272, 278g–4 of this title; title 40 section 759.

1 See References in Text note below.