Page:United States Statutes at Large Volume 101 Part 3.djvu/426

This page needs to be proofread.

PUBLIC LAW 100-000—MMMM. DD, 1987

101 STAT. 1724

PUBLIC LAW 100-235—JAN. 8, 1988

Public Law 100-235 100th Congress An Act Jan. 8, 1988 [H.R. 145]

Computer Security Act of 1987. Classified information. 40 USC 759 note. 40 USC 759 note.

To provide for a computer standards program within the National Bureau of Standards, to provide for Government-wide computer security, and to provide for the training in security matters of persons who are involved in the management, operation, and use of Federal computer systems, and for other purposes.

Be it enacted by the Senate and House of Representatives of the United States of America in Congress assembled, SECTION 1. SHORT TITLE.

This Act may be cited as the "Computer Security Act of 1987". SEC. 2. PURPOSE.

(a) IN GENERAL.—The Congress declares that improving the security and privacy of sensitive information in Federal computer systems is in the public interest, and hereby creates a means for establishing minimum acceptable security practices for such systems, without limiting the scope of security mesisures already planned or in use. (h) SPECIFIC PURPOSES.—The purposes of this Act a r e CD by amending the Act of March 3, 1901, to assign to the National Bureau of Standards responsibility for developing standards and guidelines for Federal computer systems, including responsibility for developing standards and guidelines needed to assure the cost-effective security and privacy of sensitive information in Federal computer systems, drawing on the technical advice and assistance (including work products) of the National Security Agency, where appropriate; (2) to provide for promulgation of such standards and guidelines by amending section 111(d) of the Federal Property and Administrative Services Act of 1949; (3) to require establishment of security plans by all operators of Federal computer systems that contain sensitive information; and (4) to require mandatory periodic training for all persons involved in management, use, or operation of Federal computer systems that contain sensitive information. SEC. 3. ESTABLISHMENT OF COMPUTER STANDARDS PROGRAM. 15 USC 272.

15 USC 278h. 15 USC 278g-3.

The Act of March 3, 1901 (15 U.S.C. 271-278h), is amended— (1) in section 2(f), by striking out "and" at the end of paragraph (18), by striking out the period at the end of paragraph (19) and inserting in lieu thereof: "; and", and by inserting after such paragraph the following: "(20) the study of computer systems (as that term is defined in section 20(d) of this Act) and their use to control machinery and processes."; (2) by redesignating section 20 as section 22, and by inserting after section 19 the following new sections: "SEC. 20. (a) The National Bureau of Standards shall—