Page:United States Statutes at Large Volume 101 Part 3.djvu/428

This page needs to be proofread.

PUBLIC LAW 100-000—MMMM. DD, 1987

101 STAT. 1726

PUBLIC LAW 100-235—JAN. 8, 1988

devise techniques for the cost-effective security and privacy of sensitive information in Federal computer systems; and "(6) to coordinate closely with other agencies and offices (including, but not limited to, the Departments of Defense and Energy, the National Security Agency, the General Accounting Office, the Office of Technology Assessment, and the Office of Management and Budget)— "(A) to assure maximum use of all existing and planned programs, materials, studies, and reports relating to computer systems security and privacy, in order to avoid unnecessary and costly duplication of effort; and "(B) to assure, to the maximum extent feasible, that standards developed pursuant to subsection (a)(3) and (5) are consistent and compatible with standards and procedures developed for the protection of information in Federal computer systems which is authorized under criteria established by Executive order or an Act of Congress to be kept secret in the interest of national defense or foreign policy. "(c) For the purposes of— "(1) developing standards and guidelines for the protection of sensitive information in Federal computer systems under subsections (a)(1) and (a)(3), and "(2) performing research and conducting studies under subsection (b)(5), the National Bureau of Standards shall draw upon computer system technical security guidelines developed by the National Security Agency to the extent that the National Bureau of Standards determines that such guidelines are consistent with the requirements for protecting sensitive information in Federal computer systems. "(d) As used in this section— "(1) the term 'computer system'— "(A) means any equipment or interconnected system or subsystems of equipment that is used in the automatic acquisition, storage, manipulation, management, movement, control, display, switching, interchange, transmission, or reception, oi data or information; and "(B) includes— "(i) computers; "(ii) ancillary equipment; "(iii) software, firmware, and similar procedures; "(iv) services, including support services; and "(v) related resources as defined by regulations issued by the Administrator for General Services pursuant to section 111 of the Federal Property and Administrative Services Act of 1949; "(2) the term 'Federal computer system'— "(A) means a computer system operated by a Federal agency or by a contractor of a Federal agency or other organization that processes information (using a computer system) on behalf of the Federal Government to accomplish a Federal function; and "(B) includes automatic data processing equipment as that term is defined in section lll(a)(2) of the Federal Property and Administrative Services Act of 1949; "(3) the term 'operator of a Federal computer system' means a Federal agency, contractor of a Federal agency, or other organization that processes information using a computer