Home > 106th Congressional Bills > H.R. 2413 (ih) To amend the National Institute of Standards and Technology Act to enhance the ability of the National Institute of Standards and Technology to improve computer security, and for other purposes. [Introduced in House] ...

H.R. 2413 (ih) To amend the National Institute of Standards and Technology Act to enhance the ability of the National Institute of Standards and Technology to improve computer security, and for other purposes. [Introduced in House] ...


Google
 
Web GovRecords.org


  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
106th CONGRESS
  2d Session
                                H. R. 2413

_______________________________________________________________________

                                 AN ACT


 
  To amend the National Institute of Standards and Technology Act to 
    enhance the ability of the National Institute of Standards and 
    Technology to improve computer security, and for other purposes.

    Be it enacted by the Senate and House of Representatives of the 
United States of America in Congress assembled,

SECTION 1. SHORT TITLE.

    This Act may be cited as the ``Computer Security Enhancement Act of 
2000''.

SEC. 2. FINDINGS AND PURPOSES.

    (a) Findings.--The Congress finds the following:
            (1) The National Institute of Standards and Technology has 
        responsibility for developing standards and guidelines needed 
        to ensure the cost-effective security and privacy of sensitive 
        information in Federal computer systems.
            (2) The Federal Government has an important role in 
        ensuring the protection of sensitive, but unclassified, 
        information controlled by Federal agencies.
            (3) Technology that is based on the application of 
        cryptography exists and can be readily provided by private 
        sector companies to ensure the confidentiality, authenticity, 
        and integrity of information associated with public and private 
        activities.
            (4) The development and use of encryption technologies by 
        industry should be driven by market forces rather than by 
        Government imposed requirements.
    (b) Purposes.--The purposes of this Act are to--
            (1) reinforce the role of the National Institute of 
        Standards and Technology in ensuring the security of 
        unclassified information in Federal computer systems; and
            (2) promote technology solutions based on private sector 
        offerings to protect the security of Federal computer systems.

SEC. 3. SECURITY OF FEDERAL COMPUTERS AND NETWORKS.

    Section 20(b) of the National Institute of Standards and Technology 
Act (15 U.S.C. 278g-3(b)) is amended--
            (1) by redesignating paragraphs (4) and (5) as paragraphs 
        (7) and (8), respectively; and
            (2) by inserting after paragraph (3) the following new 
        paragraphs:
            ``(4) except for national security systems, as defined in 
        section 5142 of Public Law 104-106 (40 U.S.C. 1452), to provide 
        guidance and assistance to Federal agencies for protecting the 
        security and privacy of sensitive information in interconnected 
        Federal computer systems, including identification of 
        significant risks thereto;
            ``(5) to promote compliance by Federal agencies with 
        existing Federal computer information security and privacy 
        guidelines;
            ``(6) in consultation with appropriate Federal agencies, 
        assist Federal response efforts related to unauthorized access 
        to Federal computer systems;''.

SEC. 4. COMPUTER SECURITY IMPLEMENTATION.

    Section 20 of the National Institute of Standards and Technology 
Act (15 U.S.C. 278g-3) is further amended--
            (1) by redesignating subsections (c) and (d) as subsections 
        (e) and (f), respectively; and
            (2) by inserting after subsection (b) the following new 
        subsection:
    ``(c)(1) In carrying out subsection (a)(2) and (3), the Institute 
shall--
            ``(A) emphasize the development of technology-neutral 
        policy guidelines for computer security and electronic 
        authentication practices by the Federal agencies;
            ``(B) promote the use of commercially available products, 
        which appear on the list required by paragraph (2), to provide 
        for the security and privacy of sensitive information in 
        Federal computer systems;
            ``(C) develop qualitative and quantitative measures 
        appropriate for assessing the quality and effectiveness of 
        information security and privacy programs at Federal agencies;
            ``(D) perform evaluations and tests at Federal agencies to 
        assess existing information security and privacy programs;
            ``(E) promote development of accreditation procedures for 
        Federal agencies based on the measures developed under 
        subparagraph (C);
            ``(F) if requested, consult with and provide assistance to 
        Federal agencies regarding the selection by agencies of 
        security technologies and products and the implementation of 
        security practices; and
            ``(G)(i) develop uniform testing procedures suitable for 
        determining the conformance of commercially available security 
        products to the guidelines and standards developed under 
        subsection (a)(2) and (3);
            ``(ii) establish procedures for certification of private 
        sector laboratories to perform the tests and evaluations of 
        commercially available security products developed in 
        accordance with clause (i); and
            ``(iii) promote the testing of commercially available 
        security products for their conformance with guidelines and 
        standards developed under subsection (a)(2) and (3).
    ``(2) The Institute shall maintain and make available to Federal 
agencies and to the public a list of commercially available security 
products that have been tested by private sector laboratories certified 
in accordance with procedures established under paragraph (1)(G)(ii), 
and that have been found to be in conformance with the guidelines and 
standards developed under subsection (a)(2) and (3).
    ``(3) The Institute shall annually transmit to the Congress, in an 
unclassified format, a report containing--
            ``(A) the findings of the evaluations and tests of Federal 
        computer systems conducted under this section during the 12 
        months preceding the date of the report, including the 
        frequency of the use of commercially available security 
        products included on the list required by paragraph (2);
            ``(B) the planned evaluations and tests under this section 
        for the 12 months following the date of the report; and
            ``(C) any recommendations by the Institute to Federal 
        agencies resulting from the findings described in subparagraph 
        (A), and the response by the agencies to those 
        recommendations.''.

SEC. 5. COMPUTER SECURITY REVIEW, PUBLIC MEETINGS, AND INFORMATION.

    Section 20 of the National Institute of Standards and Technology 
Act (15 U.S.C. 278g-3), as amended by this Act, is further amended by 
inserting after subsection (c), as added by section 4 of this Act, the 
following new subsection:
    ``(d)(1) The Institute shall solicit the recommendations of the 
Computer System Security and Privacy Advisory Board, established by 
section 21, regarding standards and guidelines that are being 
considered for submittal to the Secretary in accordance with subsection 
(a)(4). The recommendations of the Board shall accompany standards and 
guidelines submitted to the Secretary.
    ``(2) There are authorized to be appropriated to the Secretary 
$1,030,000 for fiscal year 2001 and $1,060,000 for fiscal year 2002 to 
enable the Computer System Security and Privacy Advisory Board, 
established by section 21, to identify emerging issues related to 
computer security, privacy, and cryptography and to convene public 
meetings on those subjects, receive presentations, and publish reports, 
digests, and summaries for public distribution on those subjects.''.

SEC. 6. LIMITATION ON PARTICIPATION IN REQUIRING ENCRYPTION AND 
              ELECTRONIC AUTHENTICATION STANDARDS.

    Section 20 of the National Institute of Standards and Technology 
Act (15 U.S.C. 278g-3), as amended by this Act, is further amended by 
adding at the end the following new subsection:
    ``(g) The Institute shall not promulgate, enforce, or otherwise 
adopt standards or policies for the Federal establishment of encryption 
and electronic authentication standards required for use in computer 
systems other than Federal Government computer systems.''.

SEC. 7. MISCELLANEOUS AMENDMENTS.

    Section 20 of the National Institute of Standards and Technology 
Act (15 U.S.C. 278g-3), as amended by this Act, is further amended--
            (1) in subsection (b)(8), as so redesignated by section 
        3(1) of this Act, by inserting ``to the extent that such 
        coordination will improve computer security and to the extent 
        necessary for improving such security for Federal computer 
        systems'' after ``Management and Budget)'';
            (2) in subsection (e), as so redesignated by section 4(1) 
        of this Act, by striking ``shall draw upon'' and inserting in 
        lieu thereof ``may draw upon'';
            (3) in subsection (e)(2), as so redesignated by section 
        4(1) of this Act, by striking ``(b)(5)'' and inserting in lieu 
        thereof ``(b)(7)''; and
            (4) in subsection (f)(1)(B)(i), as so redesignated by 
        section 4(1) of this Act, by inserting ``and computer 
        networks'' after ``computers''.

SEC. 8. FEDERAL COMPUTER SYSTEM SECURITY TRAINING.

    Section 5(b) of the Computer Security Act of 1987 (40 U.S.C. 759 
note) is amended--
            (1) by striking ``and'' at the end of paragraph (1);
            (2) by striking the period at the end of paragraph (2) and 
        inserting in lieu thereof ``; and''; and
            (3) by adding at the end the following new paragraph:
            ``(3) to include emphasis on protecting sensitive 
        information in Federal databases and Federal computer sites 
        that are accessible through public networks.''.

SEC. 9. COMPUTER SECURITY FELLOWSHIP PROGRAM.

    There are authorized to be appropriated to the Secretary of 
Commerce $500,000 for fiscal year 2001 and $500,000 for fiscal year 
2002 for the Director of the National Institute of Standards and 
Technology for fellowships, subject to the provisions of section 18 of 
the National Institute of Standards and Technology Act (15 U.S.C. 278g-
1), to support students at institutions of higher learning in computer 
security. Amounts authorized by this section shall not be subject to 
the percentage limitation stated in such section 18.

SEC. 10. STUDY OF ELECTRONIC AUTHENTICATION TECHNOLOGIES BY THE 
              NATIONAL RESEARCH COUNCIL.

    (a) Review by National Research Council.--Not later than 90 days 
after the date of the enactment of this Act, the Secretary of Commerce 
shall enter into a contract with the National Research Council of the 
National Academy of Sciences to conduct a study of electronic 
authentication technologies for use by individuals, businesses, and 
government.
    (b) Contents.--The study referred to in subsection (a) shall--
            (1) assess technology needed to support electronic 
        authentication technologies;
            (2) assess current public and private plans for the 
        deployment of electronic authentication technologies;
            (3) assess interoperability, scalability, and integrity of 
        private and public entities that are elements of electronic 
        authentication technologies; and
            (4) address such other matters as the National Research 
        Council considers relevant to the issues of electronic 
        authentication technologies.
    (c) Interagency Cooperation With Study.--All agencies of the 
Federal Government shall cooperate fully with the National Research 
Council in its activities in carrying out the study under this section, 
including access by properly cleared individuals to classified 
information if necessary.
    (d) Report.--Not later than 18 months after the date of the 
enactment of this Act, the Secretary of Commerce shall transmit to the 
Committee on Science of the House of Representatives and the Committee 
on Commerce, Science, and Transportation of the Senate a report setting 
forth the findings, conclusions, and recommendations of the National 
Research Council for public policy related to electronic authentication 
technologies for use by individuals, businesses, and government. The 
National Research Council shall not recommend the implementation or 
application of a specific electronic authentication technology or 
electronic authentication technical specification for use by the 
Federal Government. Such report shall be submitted in unclassified 
form.
    (e) Authorization of Appropriations.--There are authorized to be 
appropriated to the Secretary of Commerce $450,000 for fiscal year 
2001, to remain available until expended, for carrying out this 
section.

SEC. 11. PROMOTION OF NATIONAL INFORMATION SECURITY.

    The Under Secretary of Commerce for Technology shall--
            (1) promote an increased use of security techniques, such 
        as risk assessment, and security tools, such as cryptography, 
        to enhance the protection of the Nation's information 
        infrastructure;
            (2) establish a central repository of information for 
        dissemination to the public to promote awareness of information 
        security vulnerabilities and risks; and
            (3) in a manner consistent with section 12(d) of the 
        National Technology Transfer and Advancement Act of 1995 (15 
        U.S.C. 272 nt), promote the development of national standards-
        based infrastructures needed to support government, commercial, 
        and private uses of encryption technologies for confidentiality 
        and authentication.

SEC. 12. ELECTRONIC AUTHENTICATION INFRASTRUCTURES.

    (a) Electronic Authentication Infrastructures.--
            (1) Technology-neutral guidelines and standards.--Not later 
        than 18 months after the date of the enactment of this Act, the 
        Director, in consultation with industry and appropriate Federal 
        agencies, shall develop technology-neutral guidelines and 
        standards, or adopt existing technology-neutral industry 
        guidelines and standards, for electronic authentication 
        infrastructures to be made available to Federal agencies so 
        that such agencies may effectively select and utilize 

Pages: 1 2 Next >>

Other Popular 106th Congressional Bills Documents:

1 S. 299 (rs) To elevate the position of Director of the Indian Health Service within the Department of Health and Human Services to Assistant Secretary for Indian Health, and for other purposes. [Reported in Senate] ...
2 S. 2386 (rs) To extend the Stamp Out Breast Cancer Act. [Reported in Senate] ...
3 H.R. 3362 (ih) For the relief of Valerie Santil. [Introduced in House] ...
4 H.Res. 575 (eh) [Engrossed in House] ...
5 H.R. 1167 (eah) [Engrossed Amendment House] ...
6 S. 2421 (rs) To direct the Secretary of the Interior to conduct a study of the suitability and feasibility of establishing an Upper Housatonic Valley National Heritage Area in Connecticut and Massachusetts. [Reported in Senate] ...
7 H.R. 4281 (rds) To establish, wherever feasible, guidelines, recommendations, and [Received in the Senate] ...
8 S. 1211 (rs) To amend the Colorado River Basin Salinity Control Act to authorize additional measures to carry out the control of salinity upstream of Imperial Dam in a cost-effective manner. [Reported in Senate] ...
9 H.Con.Res. 90 (ih) Expressing the sense of Congress that all Members mourn the loss of life at Columbine High School in Littleton, Colorado, and condemn this and previous incidents of deadly violence in our Nation's schools. [Introduced in House] %%Filena...
10 H.R. 4241 (enr) To designate the facility of the United States Postal Service located at 1818 Milton Avenue in Janesville, Wisconsin, as the ``Les Aspin Post Office Building''. [Enrolled bill] ...
11 H.R. 589 (ih) To amend the Internal Revenue Code of 1986 to reduce the special deduction for the living expenses of Members of Congress to $1. [Introduced in House] ...
12 H.R. 2014 (rh) To prohibit a State from imposing a discriminatory commuter tax on nonresidents. [Reported in House] ...
13 H.R. 4711 (ih) To establish an Office of Community Economic Adjustment in the Economic [Introduced in House] ...
14 H.R. 809 (rh) To amend the Act of June 1, 1948, to provide for reform of the Federal Protective Service. [Reported in House] ...
15 H.Res. 157 (ih) Expressing the sense of the House of Representatives in support of America's teachers. [Introduced in House] ...
16 H.R. 5319 (ih) To expand the teacher loan forgiveness programs under the guaranteed and direct student loan programs, and for other purposes. [Introduced in House] ...
17 H.R. 2614 (eas) [Engrossed Amendment Senate] ...
18 S. 1756 (is) To enhance the ability of the National Laboratories to meet Department of Energy missions, and for other purposes. [Introduced in Senate] ...
19 H.R. 5010 (eh) To provide for a circulating quarter dollar coin program to commemorate the District of Columbia, the Commonwealth of Puerto Rico, Guam, American Samoa, the United States Virgin Islands, and the Commonwealth of the Northern Mariana Islands,...
20 H.R. 4425 (eas) [Engrossed Amendment Senate] ...
21 S. 1039 (is) For the relief of Renato Rosetti. [Introduced in Senate] ...
22 H.Res. 201 (ih) Recognizing the importance for families to pledge to each other to be organ and tissue donors. [Introduced in House] ...
23 S. 361 (es) To direct the Secretary of the Interior to transfer to John R. and Margaret J. Lowe of Big Horn County, Wyoming, certain land so as to correct an error in the patent issued to their predecessors in interest. [Engrossed in Senate] ...
24 S. 869 (rh) For the relief of Mina Vahedi Notash. [Reported in House] ...
25 S. 2195 (rs) To amend the Reclamation Wastewater and Groundwater Study and Facilities Act to authorize the Secretary of the Interior to participate in the design, planning, and construction of the Truckee watershed reclamation project for the reclamation...
26 H.Res. 73 (eh) [Engrossed in House] ...
27 H.Res. 649 (ih) Urging the President to continue efforts to support programs and activities that provide food to the needy and school-age children in developing countries. [Introduced in House] ...
28 H.R. 4275 (enr) To establish the Colorado Canyons National Conservation Area and the Black Ridge Canyons Wilderness, and for other purposes. [Enrolled bill] ...
29 S. 2744 (is) To ensure fair play for family farms. [Introduced in Senate] ...
30 H.R. 4286 (enr) To provide for the establishment of the Cahaba River National Wildlife Refuge in Bibb County, Alabama. [Enrolled bill] ...


Other Documents:

106th Congressional Bills Records and Documents

GovRecords.org presents information on various agencies of the United States Government. Even though all information is believed to be credible and accurate, no guarantees are made on the complete accuracy of our government records archive. Care should be taken to verify the information presented by responsible parties. Please see our reference page for congressional, presidential, and judicial branch contact information. GovRecords.org values visitor privacy. Please see the privacy page for more information.
House Rules:

104th House Rules
105th House Rules
106th House Rules

Congressional Bills:

104th Congressional Bills
105th Congressional Bills
106th Congressional Bills
107th Congressional Bills
108th Congressional Bills

Supreme Court Decisions

Supreme Court Decisions

Additional

1995 Privacy Act Documents
1997 Privacy Act Documents
1994 Unified Agenda
2004 Unified Agenda

Congressional Documents:

104th Congressional Documents
105th Congressional Documents
106th Congressional Documents
107th Congressional Documents
108th Congressional Documents

Congressional Directory:

105th Congressional Directory
106th Congressional Directory
107th Congressional Directory
108th Congressional Directory

Public Laws:

104th Congressional Public Laws
105th Congressional Public Laws
106th Congressional Public Laws
107th Congressional Public Laws
108th Congressional Public Laws

Presidential Records

1994 Presidential Documents
1995 Presidential Documents
1996 Presidential Documents
1997 Presidential Documents
1998 Presidential Documents
1999 Presidential Documents
2000 Presidential Documents
2001 Presidential Documents
2002 Presidential Documents
2003 Presidential Documents
2004 Presidential Documents

Home Executive Judicial Legislative Additional Reference About Privacy