114 STAT. 1654A-266 PUBLIC LAW 106-398 —APPENDIX Subtitle G—Government Information Security Reform SEC. 1061. COORDINATION OF FEDERAL INFORMATION POLICY. Chapter 35 of title 44, United States Code, is amended by inserting at the end the following new subchapter: " SUBCHAPTER II—INFORMATION SECURITY "§3531. Purposes "The purposes of this subchapter are the following: "(1) To provide a comprehensive framework for establishing and ensuring the effectiveness of controls over information resources that support Federal operations and assets. "(2)(A) To recognize the highly networked nature of the Federal computing environment including the need for Federal Government interoperability and, in the implementation of improved security management measures, assure that opportunities for interoperability are not adversely affected. "(B) To provide effective governmentwide management and oversight of the related information security risks, including coordination of information security efforts throughout the civilian, national security, and law enforcement communities. "(3) To provide for development and maintenance of minimum controls required to protect Federal information and information systems. "(4) To provide a mechanism for improved oversight of Federal agency information security programs. "§ 3532. Definitions "(a) Except as provided under subsection (b), the definitions under section 3502 shall apply to this subchapter. "(b) In this subchapter: "(1) The term 'information technology' has the meaning given that term in section 5002 of the Clinger-Cohen Act of 1996 (40 U.S.C. 1401). "(2) The term 'mission critical system' means any telecommunications or information system used or operated by an agency or by a contractor of an agency, or other organization on behalf of an agency, that— "(A) is defined as a national security system under section 5142 of the Clinger-Cohen Act of 1996 (40 U.S.C. 1452); "(B) is protected at all times by procedures established for information which has been specifically authorized under criteria established by an Executive order or an Act of Congress to be classified in the interest of national defense or foreign policy; or "(C) processes any information, the loss, misuse, disclosure, or unauthorized access to or modification of, would have a debilitating impact on the mission of an agency. "§ 3533. Authority and functions of the Director "(a)(1) The Director shall establish governmentwide policies for the management of programs that—
�
