 |
|
Compliance Officer Portal - FISMA Compliance
SEC. 301. INFORMATION SECURITY. (a) SHORT TITLE — This title may be cited as the ‘‘Federal Information Security Management Act of 2002’’. (b) INFORMATION SECURITY— (1) IN GENERAL —Chapter 35 of title 44, United States Code, is amended by adding at the end the following new subchapter: ‘‘SUBCHAPTER III—INFORMATION SECURITY ‘‘§3541. Purposes ‘‘The purposes of this subchapter are to— ‘‘(1) provide a comprehensive framework for ensuring the effectiveness of information security controls over information resources that support Federal operations and assets; ‘‘(2) recognize the highly networked nature of the current Federal computing environment and provide effective government wide management and oversight of the related information security risks, including coordination of information security efforts throughout the civilian, national security, and law enforcement communities; ‘‘(3) provide for development and maintenance of minimum controls required to protect Federal information and information systems; ‘‘(4) provide a mechanism for improved oversight of Federal agency information security programs; ‘‘(5) acknowledge that commercially developed information security products offer advanced, dynamic, robust, and effective information security solutions, reflecting market solutions for the protection of critical information infrastructures important to the national defense and economic security of the nation that are designed, built, and operated by the private sector; and ‘‘(6) recognize that the selection of specific technical hardware and software information security solutions should be left to individual agencies from among commercially developed products. ----------------------------------------------------------------------------------------------------------------------------------------------------------------------- Organizations in all sectors of the economy depend upon information systems and communications networks, and share common requirements to protect sensitive information. ITL works with industry and government to establish secure information technology systems for protecting the integrity, confidentiality, reliability, and availability of information. Under FISMA Act of 2002, the Computer Security Division of the Information Technology Laboratory (ITL) develops computer security prototypes, tests, standards, and procedures to protect sensitive information from unauthorized access or modification. Focus areas include cryptographic technology and applications, advanced authentication, public key infrastructure, internetworking security, criteria and assurance, and security management and support. These publications present the results of NIST studies, investigations, and research on information technology security issues. The publications are issued as Special Publications (Spec. Pubs.), NISTIRs (Internal Reports), and ITL (formerly CSL) Bulletins. Special Publications series include the Spec. Pub. 500 series (Information Technology) and the Spec. Pub. 800 series (Computer Security). Computer security-related Federal Information Processing Standards (FIPS) are also included. The FISMA Implementation Project was established in January 2003 to produce several key security standards and guidelines required by Congressional legislation. These publications include FIPS 199, FIPS 200, and NIST Special Publications 800-53, 800-59, and 800-60. Additional security guidance documents are being developed in support of the project while not called out directly in the FISMA legislation. These publications include NIST Special Publications 800-37, 800-53, and 800-53A. It should be noted that the Computer Security Division continues to produce other security standards and guidelines in support of FISMA. These publications can be located by visiting the division's Publications To learn more: http://csrc.nist.gov ----------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
|
|
