Home > 105th Congressional Bills > H.R. 1903 (rs) To amend the National Institute of Standards and Technology Act to enhance the ability of the National Institute of Standards and Technology to improve computer security, and for other purposes. ...

H.R. 1903 (rs) To amend the National Institute of Standards and Technology Act to enhance the ability of the National Institute of Standards and Technology to improve computer security, and for other purposes. ...


Google
 
Web GovRecords.org






                                                 Union Calendar No. 139

105th CONGRESS

  1st Session

                               H. R. 1903

                          [Report No. 105-243]

_______________________________________________________________________

                                 A BILL

  To amend the National Institute of Standards and Technology Act to 
    enhance the ability of the National Institute of Standards and 
    Technology to improve computer security, and for other purposes.

_______________________________________________________________________

                           September 3, 1997

  Reported with an amendment, committed to the Committee of the Whole 
       House on the State of the Union, and ordered to be printed





                                                 Union Calendar No. 139
105th CONGRESS
  1st Session
                                H. R. 1903

                          [Report No. 105-243]

  To amend the National Institute of Standards and Technology Act to 
    enhance the ability of the National Institute of Standards and 
    Technology to improve computer security, and for other purposes.


_______________________________________________________________________


                    IN THE HOUSE OF REPRESENTATIVES

                             June 17, 1997

Mr. Sensenbrenner (for himself, Mr. Brown of California, Mrs. Morella, 
   Mr. Gordon, Mr. Davis of Virginia, Ms. Stabenow, Mr. Ehlers, Ms. 
 Jackson-Lee of Texas, Mr. Sessions, Mr. Pickering, Mr. Traficant, Mr. 
Cook, and Mr. Cannon) introduced the following bill; which was referred 
                      to the Committee on Science

                           September 3, 1997

   Additional sponsors: Mr. Gutknecht, Mr. Brady, Mrs. Tauscher, Mr. 
    Weldon of Pennsylvania, Mr. Lampson, Mr. Foley, Mr. English of 
Pennsylvania, Mr. Dan Schaefer of Colorado, Mr. Doyle, Mr. Barcia, Mr. 
      Capps, Mr. Ewing, Mr. Bartlett of Maryland, Ms. Rivers, Mr. 
              Rohrabacher, Mr. Roemer, and Mr. Nethercutt

                           September 3, 1997

  Reported with an amendment, committed to the Committee of the Whole 
       House on the State of the Union, and ordered to be printed
 [Strike out all after the enacting clause and insert the part printed 
                               in italic]
 [For text of introduced bill, see copy of bill as introduced on June 
                               17, 1997]

_______________________________________________________________________

                                 A BILL


 
  To amend the National Institute of Standards and Technology Act to 
    enhance the ability of the National Institute of Standards and 
    Technology to improve computer security, and for other purposes.

    Be it enacted by the Senate and House of Representatives of the 
United States of America in Congress assembled,

SECTION 1. SHORT TITLE.

    This Act may be cited as the ``Computer Security Enhancement Act of 
1997''.

SEC. 2. FINDINGS AND PURPOSES.

    (a) Findings.--The Congress finds the following:
            (1) The National Institute of Standards and Technology has 
        responsibility for developing standards and guidelines needed 
        to ensure the cost-effective security and privacy of sensitive 
        information in Federal computer systems.
            (2) The Federal Government has an important role in 
        ensuring the protection of sensitive, but unclassified, 
        information controlled by Federal agencies.
            (3) Technology that is based on the application of 
        cryptography exists and can be readily provided by private 
        sector companies to ensure the confidentiality, authenticity, 
        and integrity of information associated with public and private 
        activities.
            (4) The development and use of encryption technologies 
        should be driven by market forces rather than by Government 
        imposed requirements.
            (5) Federal policy for control of the export of encryption 
        technologies should be determined in light of the public 
        availability of comparable encryption technologies outside of 
        the United States in order to avoid harming the competitiveness 
        of United States computer hardware and software companies.
    (b) Purposes.--The purposes of this Act are to--
            (1) reinforce the role of the National Institute of 
        Standards and Technology in ensuring the security of 
        unclassified information in Federal computer systems;
            (2) promote technology solutions based on private sector 
        offerings to protect the security of Federal computer systems; 
        and
            (3) provide the assessment of the capabilities of 
        information security products incorporating cryptography that 
        are generally available outside the United States.

SEC. 3. VOLUNTARY STANDARDS FOR PUBLIC KEY MANAGEMENT INFRASTRUCTURE.

    Section 20(b) of the National Institute of Standards and Technology 
Act (15 U.S.C. 278g-3(b)) is amended--
            (1) by redesignating paragraphs (2), (3), (4), and (5) as 
        paragraphs (3), (4), (7), and (8), respectively; and
            (2) by inserting after paragraph (1) the following new 
        paragraph:
            ``(2) upon request from the private sector, to assist in 
        establishing voluntary interoperable standards, guidelines, and 
        associated methods and techniques to facilitate and expedite 
        the establishment of non-Federal management infrastructures for 
        public keys that can be used to communicate with and conduct 
        transactions with the Federal Government;''.

SEC. 4. SECURITY OF FEDERAL COMPUTERS AND NETWORKS.

    Section 20(b) of the National Institute of Standards and Technology 
Act (15 U.S.C. 278g-3(b)), as amended by section 3 of this Act, is 
further amended by inserting after paragraph (4), as so redesignated by 
section 3(1) of this Act, the following new paragraphs:
            ``(5) to provide guidance and assistance to Federal 
        agencies in the protection of interconnected computer systems 
        and to coordinate Federal response efforts related to 
        unauthorized access to Federal computer systems;
            ``(6) to perform evaluations and tests of--
                    ``(A) information technologies to assess security 
                vulnerabilities; and
                    ``(B) commercially available security products for 
                their suitability for use by Federal agencies for 
                protecting sensitive information in computer 
                systems;''.

SEC. 5. COMPUTER SECURITY IMPLEMENTATION.

    Section 20 of the National Institute of Standards and Technology 
Act (15 U.S.C. 278g-3) is further amended--
            (1) by redesignating subsections (c) and (d) as subsections 
        (f) and (g), respectively; and
            (2) by inserting after subsection (b) the following new 
        subsection:
    ``(c) In carrying out subsection (a)(3), the Institute shall--
            ``(1) emphasize the development of technology-neutral 
        policy guidelines for computer security practices by the 
        Federal agencies;
            ``(2) actively promote the use of commercially available 
        products to provide for the security and privacy of sensitive 
        information in Federal computer systems; and
            ``(3) participate in implementations of encryption 
        technologies in order to develop required standards and 
        guidelines for Federal computer systems, including assessing 
        the desirability of and the costs associated with establishing 
        and managing key recovery infrastructures for Federal 
        Government information.''.

SEC. 6. COMPUTER SECURITY REVIEW, PUBLIC MEETINGS, AND INFORMATION.

    Section 20 of the National Institute of Standards and Technology 
Act (15 U.S.C. 278g-3), as amended by this Act, is further amended by 
inserting after subsection (c), as added by section 5 of this Act, the 
following new subsection:
    ``(d)(1) The Institute shall solicit the recommendations of the 
Computer System Security and Privacy Advisory Board, established by 
section 21, regarding standards and guidelines that are being 
considered for submittal to the Secretary of Commerce in accordance 
with subsection (a)(4). No standards or guidelines shall be submitted 
to the Secretary prior to the receipt by the Institute of the Board's 
written recommendations. The recommendations of the Board shall 
accompany standards and guidelines submitted to the Secretary.
    ``(2) There are authorized to be appropriated to the Secretary of 
Commerce $1,000,000 for fiscal year 1998 and $1,030,000 for fiscal year 
1999 to enable the Computer System Security and Privacy Advisory Board, 
established by section 21, to identify emerging issues related to 
computer security, privacy, and cryptography and to convene public 
meetings on those subjects, receive presentations, and publish reports, 
digests, and summaries for public distribution on those subjects.''.

SEC. 7. EVALUATION OF CAPABILITIES OF FOREIGN ENCRYPTION.

    Section 20 of the National Institute of Standards and Technology 
Act (15 U.S.C. 278g-3), as amended by this Act, is further amended by 
inserting after subsection (d), as added by section 6 of this Act, the 
following new subsection:
    ``(e)(1) If the Secretary has imposed, or proposes to impose, 
export restrictions on a product that incorporates encryption 
technologies, the Institute may accept technical evidence from the 
commercial provider of the product offered to indicate that encryption 
technologies, embodied in the form of software or hardware, that are 
offered and generally available outside the United States for use, 
sale, license, or transfer (whether for consideration or not) provide 
stronger participation for privacy of computer data and transmissions 
of information in digital form than the encryption technologies 
incorporated in the commercial provider's product.
    ``(2) Within 30 days after accepting technical evidence from a 
commercial provider under paragraph (1), the Institute shall evaluate 
the accuracy and completeness of the technical evidence and transmit to 
the Secretary, and to the Committee on Science of the House of 
Representatives and the Committee on Commerce, Science, and 
Transportation of the Senate, a report containing the results of that 
evaluation. The Institute may obtain assistance from other Federal and 
private sector entities in carrying out evaluations under this 
paragraph.
    ``(3) Not later than 180 days after the date of the enactment of 
the Computer Security Enhancement Act of 1997, the Institute shall 
develop standard procedures and tests for determining the capabilities 
of encryption technologies, and shall provide information regarding 
those procedures and tests to the public.
    ``(4) The Institute may require a commercial provider seeking 
evaluation under this subsection to follow procedures and carry out 
tests developed by the Institute pursuant to paragraph (3).''.

SEC. 8. LIMITATION ON PARTICIPATION IN REQUIRING ENCRYPTION STANDARDS.

    Section 20 of the National Institute of Standards and Technology 
Act (15 U.S.C. 278g-3), as amended by this Act, is further amended by 
adding at the end the following new subsection:
    ``(h) The Institute shall not promulgate, enforce, or otherwise 
adopt standards, or carry out activities or policies, for the Federal 
establishment of encryption standards required for use in computer 
systems other than Federal Government computer systems.''.

SEC. 9. MISCELLANEOUS AMENDMENTS.

    Section 20 of the National Institute of Standards and Technology 
Act (15 U.S.C. 278g-3), as amended by this Act, is further amended--
            (1) in subsection (b)(8), as so redesignated by section 
        3(1) of this Act, by inserting ``to the extent that such 
        coordination will improve computer security and to the extent 
        necessary for improving such security for Federal computer 
        systems'' after ``Management and Budget)'';
            (2) in subsection (f), as so redesignated by section 5(1) 
        of this Act, by striking ``shall draw upon'' and inserting in 
        lieu thereof ``may draw upon'';
            (3) in subsection (f)(2), as so redesignated by section 
        5(1) of this Act, by striking ``(b)(5)'' and inserting in lieu 
        thereof ``(b)(8)''; and
            (4) in subsection (g)(1)(B)(i), as so redesignated by 
        section 5(1) of this Act, by inserting ``and computer 
        networks'' after ``computers''.

SEC. 10. FEDERAL COMPUTER SYSTEM SECURITY TRAINING.

    Section 5(b) of the Computer Security Act of 1987 (49 U.S.C. 759 
note) is amended--
            (1) by striking ``and'' at the end of paragraph (1);
            (2) by striking the period at the end of paragraph (2) and 
        inserting in lieu thereof ``; and''; and
            (3) by adding at the end the following new paragraph:
            ``(3) to include emphasis on protecting sensitive 
        information in Federal databases and Federal computer sites 
        that are accessible through public networks.''.

SEC. 11. COMPUTER SECURITY FELLOWSHIP PROGRAM.

    There are authorized to be appropriated to the Secretary of 
Commerce $250,000 for fiscal year 1998 and $500,000 for fiscal year 
1999 for the Director of the National Institute of Standards and 
Technology for fellowships, subject to the provisions of section 18 of 
the National Institute of Standards and Technology Act (15 U.S.C. 278g-
1), to support students at institutions of higher learning in computer 
security. Amounts authorized by this section shall not be subject to 
the percentage limitation stated in such section 18.

SEC. 12. STUDY OF PUBLIC KEY INFRASTRUCTURE BY THE NATIONAL RESEARCH 
              COUNCIL.

    (a) Review by National Research Council.--Not later than 90 days 
after the date of the enactment of this Act, the Secretary of Commerce 
shall enter into a contract with the National Research Council of the 
National Academy of Sciences to conduct a study of public key 
infrastructures for use by individuals, businesses, and government.
    (b) Contents.--The study referred to in subsection (a) shall--

Pages: 1 2 Next >>

Other Popular 105th Congressional Bills Documents:

1 H.R. 2317 (ih) To amend title 38, United States Code, to make permanent the Native American Veteran Housing Loan Pilot Program. ...
2 H.R. 2607 (rh) Making appropriations for the government of the District of Columbia and other activities chargeable in whole or in part against the revenues of said District for the fiscal year ending September 30, 1998, and for other purposes. %%Filename...
3 H.R. 2159 (rds) Making appropriations for foreign operations, export financing, and related programs for the fiscal year ending September 30, 1998, and for other purposes. ...
4 S. 1151 (is) To amend subpart 8 of part A of title IV of the Higher Education Act of 1965 to support the participation of low-income parents in postsecondary education through the provision of campus-based child care. ...
5 S. 758 (is) To make certain technical corrections to the Lobbying Disclosure Act of 1995. ...
6 H.R. 1703 (rfs) To amend title 38, United States Code, to provide for improvements in the system of the Department of Veterans Affairs for resolution and adjudication of complaints of employment discrimination. ...
7 H.Con.Res. 152 (eh) ...
8 S. 2562 (is) To amend title XVIII of the Social Security Act to extend for 6 months the contracts of certain managed care organizations under the Medicare program. ...
9 H.R. 4768 (ih) To designate the United States Courthouse located at 40 Centre Street in New York, New York, as the ``Thurgood Marshall United States Courthouse''. ...
10 H.R. 547 (ih) To require the Secretary of the Interior and the Secretary of Agriculture to establish grazing fees at fair market value for use of public grazing lands. ...
11 S. 1403 (rfh) To amend the National Historic Preservation Act for purposes of establishing a national historic lighthouse preservation program. ...
12 H.R. 3623 (ih) To amend the Internal Revenue Code of 1986 to simplify the individual capital gains tax for all individuals and to provide modest reductions in the capital gains tax for most individuals. ...
13 H.R. 1511 (ih) To establish a National Commission on the Cost of Higher Education. ...
14 H.R. 2055 (ih) To permit voters to vote for ``None of the Above'' in elections for Federal office and to require an additional election if ``None of the Above'' receives the most votes. ...
15 H.R. 23 (ih) To amend the Fair Labor Standards Act of 1938 to provide for legal accountability for sweatshop conditions in the garment industry, and for other purposes. ...
16 S. 1978 (is) To designate the auditorium located within the Sandia Technology Transfer Center in Albuquerque, New Mexico, as the ``Steve Schiff Auditorium''. ...
17 H.R. 1521 (ih) To amend title 49, United States Code, concerning the treatment of certain aircraft as public aircraft. ...
18 H.R. 1778 (rh) To reform the Department of Defense. ...
19 S. 852 (es) To establish nationally uniform requirements regarding the titling and registration of salvage, nonrepairable, and rebuilt vehicles. ...
20 H.Res. 394 (rh) Providing for consideration of the bill (H.R. 2515) to address the ...
21 H.R. 3816 (ih) To amend the Internal Revenue Code of 1986 to allow the deduction for contributions to medical savings accounts, and the deduction for health insurance costs, to employees of small employers that do not offer any group health plan to their...
22 S. 1418 (is) To promote the research, identification, assessment, exploration, and development of methane hydrate resources, and for other purposes. ...
23 S. 2344 (is) To amend the Agricultural Market Transition Act to provide for the advance payment, in full, of the fiscal year 1999 payments otherwise required under production flexibility contracts. ...
24 H.Res. 138 (ih) Expressing the resolve of Congress to take an active role in eliminating racism. ...
25 H.R. 1989 (ih) To amend the Outer Continental Shelf Lands Act to provide for the cancellation of 6 existing leases and to ban all new leasing activities in the area off the coast of Florida, and for other purposes. ...
26 S. 2327 (is) To provide grants to grassroots organizations in certain cities to develop youth intervention models. ...
27 H.R. 2616 (rh) To amend titles VI and X of the Elementary and Secondary Education Act of 1965 to improve and expand charter schools. ...
28 H.R. 1867 (ih) For the relief of Mr. Guy Lau and Ms. Chantal Lau Pease. ...
29 S. 1079 (es) To permit the mineral leasing of Indian land located within the Fort Berthold Indian Reservation in any case in which there is consent from a majority interest in the parcel of land under consideration for lease. ...
30 S.Res. 164 (ats) Informing the President of the United States that a quorum of each House is assembled. ...


Other Documents:

105th Congressional Bills Records and Documents

GovRecords.org presents information on various agencies of the United States Government. Even though all information is believed to be credible and accurate, no guarantees are made on the complete accuracy of our government records archive. Care should be taken to verify the information presented by responsible parties. Please see our reference page for congressional, presidential, and judicial branch contact information. GovRecords.org values visitor privacy. Please see the privacy page for more information.
House Rules:

104th House Rules
105th House Rules
106th House Rules

Congressional Bills:

104th Congressional Bills
105th Congressional Bills
106th Congressional Bills
107th Congressional Bills
108th Congressional Bills

Supreme Court Decisions

Supreme Court Decisions

Additional

1995 Privacy Act Documents
1997 Privacy Act Documents
1994 Unified Agenda
2004 Unified Agenda

Congressional Documents:

104th Congressional Documents
105th Congressional Documents
106th Congressional Documents
107th Congressional Documents
108th Congressional Documents

Congressional Directory:

105th Congressional Directory
106th Congressional Directory
107th Congressional Directory
108th Congressional Directory

Public Laws:

104th Congressional Public Laws
105th Congressional Public Laws
106th Congressional Public Laws
107th Congressional Public Laws
108th Congressional Public Laws

Presidential Records

1994 Presidential Documents
1995 Presidential Documents
1996 Presidential Documents
1997 Presidential Documents
1998 Presidential Documents
1999 Presidential Documents
2000 Presidential Documents
2001 Presidential Documents
2002 Presidential Documents
2003 Presidential Documents
2004 Presidential Documents

Home Executive Judicial Legislative Additional Reference About Privacy