Home > 106th Congressional Bills > H.R. 2413 (ih) To amend the National Institute of Standards and Technology Act to enhance the ability of the National Institute of Standards and Technology to improve computer security, and for other purposes. [Introduced in House] ...

H.R. 2413 (ih) To amend the National Institute of Standards and Technology Act to enhance the ability of the National Institute of Standards and Technology to improve computer security, and for other purposes. [Introduced in House] ...


Google
 
Web GovRecords.org


  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
106th CONGRESS
  2d Session
                                H. R. 2413

_______________________________________________________________________

                                 AN ACT


 
  To amend the National Institute of Standards and Technology Act to 
    enhance the ability of the National Institute of Standards and 
    Technology to improve computer security, and for other purposes.

    Be it enacted by the Senate and House of Representatives of the 
United States of America in Congress assembled,

SECTION 1. SHORT TITLE.

    This Act may be cited as the ``Computer Security Enhancement Act of 
2000''.

SEC. 2. FINDINGS AND PURPOSES.

    (a) Findings.--The Congress finds the following:
            (1) The National Institute of Standards and Technology has 
        responsibility for developing standards and guidelines needed 
        to ensure the cost-effective security and privacy of sensitive 
        information in Federal computer systems.
            (2) The Federal Government has an important role in 
        ensuring the protection of sensitive, but unclassified, 
        information controlled by Federal agencies.
            (3) Technology that is based on the application of 
        cryptography exists and can be readily provided by private 
        sector companies to ensure the confidentiality, authenticity, 
        and integrity of information associated with public and private 
        activities.
            (4) The development and use of encryption technologies by 
        industry should be driven by market forces rather than by 
        Government imposed requirements.
    (b) Purposes.--The purposes of this Act are to--
            (1) reinforce the role of the National Institute of 
        Standards and Technology in ensuring the security of 
        unclassified information in Federal computer systems; and
            (2) promote technology solutions based on private sector 
        offerings to protect the security of Federal computer systems.

SEC. 3. SECURITY OF FEDERAL COMPUTERS AND NETWORKS.

    Section 20(b) of the National Institute of Standards and Technology 
Act (15 U.S.C. 278g-3(b)) is amended--
            (1) by redesignating paragraphs (4) and (5) as paragraphs 
        (7) and (8), respectively; and
            (2) by inserting after paragraph (3) the following new 
        paragraphs:
            ``(4) except for national security systems, as defined in 
        section 5142 of Public Law 104-106 (40 U.S.C. 1452), to provide 
        guidance and assistance to Federal agencies for protecting the 
        security and privacy of sensitive information in interconnected 
        Federal computer systems, including identification of 
        significant risks thereto;
            ``(5) to promote compliance by Federal agencies with 
        existing Federal computer information security and privacy 
        guidelines;
            ``(6) in consultation with appropriate Federal agencies, 
        assist Federal response efforts related to unauthorized access 
        to Federal computer systems;''.

SEC. 4. COMPUTER SECURITY IMPLEMENTATION.

    Section 20 of the National Institute of Standards and Technology 
Act (15 U.S.C. 278g-3) is further amended--
            (1) by redesignating subsections (c) and (d) as subsections 
        (e) and (f), respectively; and
            (2) by inserting after subsection (b) the following new 
        subsection:
    ``(c)(1) In carrying out subsection (a)(2) and (3), the Institute 
shall--
            ``(A) emphasize the development of technology-neutral 
        policy guidelines for computer security and electronic 
        authentication practices by the Federal agencies;
            ``(B) promote the use of commercially available products, 
        which appear on the list required by paragraph (2), to provide 
        for the security and privacy of sensitive information in 
        Federal computer systems;
            ``(C) develop qualitative and quantitative measures 
        appropriate for assessing the quality and effectiveness of 
        information security and privacy programs at Federal agencies;
            ``(D) perform evaluations and tests at Federal agencies to 
        assess existing information security and privacy programs;
            ``(E) promote development of accreditation procedures for 
        Federal agencies based on the measures developed under 
        subparagraph (C);
            ``(F) if requested, consult with and provide assistance to 
        Federal agencies regarding the selection by agencies of 
        security technologies and products and the implementation of 
        security practices; and
            ``(G)(i) develop uniform testing procedures suitable for 
        determining the conformance of commercially available security 
        products to the guidelines and standards developed under 
        subsection (a)(2) and (3);
            ``(ii) establish procedures for certification of private 
        sector laboratories to perform the tests and evaluations of 
        commercially available security products developed in 
        accordance with clause (i); and
            ``(iii) promote the testing of commercially available 
        security products for their conformance with guidelines and 
        standards developed under subsection (a)(2) and (3).
    ``(2) The Institute shall maintain and make available to Federal 
agencies and to the public a list of commercially available security 
products that have been tested by private sector laboratories certified 
in accordance with procedures established under paragraph (1)(G)(ii), 
and that have been found to be in conformance with the guidelines and 
standards developed under subsection (a)(2) and (3).
    ``(3) The Institute shall annually transmit to the Congress, in an 
unclassified format, a report containing--
            ``(A) the findings of the evaluations and tests of Federal 
        computer systems conducted under this section during the 12 
        months preceding the date of the report, including the 
        frequency of the use of commercially available security 
        products included on the list required by paragraph (2);
            ``(B) the planned evaluations and tests under this section 
        for the 12 months following the date of the report; and
            ``(C) any recommendations by the Institute to Federal 
        agencies resulting from the findings described in subparagraph 
        (A), and the response by the agencies to those 
        recommendations.''.

SEC. 5. COMPUTER SECURITY REVIEW, PUBLIC MEETINGS, AND INFORMATION.

    Section 20 of the National Institute of Standards and Technology 
Act (15 U.S.C. 278g-3), as amended by this Act, is further amended by 
inserting after subsection (c), as added by section 4 of this Act, the 
following new subsection:
    ``(d)(1) The Institute shall solicit the recommendations of the 
Computer System Security and Privacy Advisory Board, established by 
section 21, regarding standards and guidelines that are being 
considered for submittal to the Secretary in accordance with subsection 
(a)(4). The recommendations of the Board shall accompany standards and 
guidelines submitted to the Secretary.
    ``(2) There are authorized to be appropriated to the Secretary 
$1,030,000 for fiscal year 2001 and $1,060,000 for fiscal year 2002 to 
enable the Computer System Security and Privacy Advisory Board, 
established by section 21, to identify emerging issues related to 
computer security, privacy, and cryptography and to convene public 
meetings on those subjects, receive presentations, and publish reports, 
digests, and summaries for public distribution on those subjects.''.

SEC. 6. LIMITATION ON PARTICIPATION IN REQUIRING ENCRYPTION AND 
              ELECTRONIC AUTHENTICATION STANDARDS.

    Section 20 of the National Institute of Standards and Technology 
Act (15 U.S.C. 278g-3), as amended by this Act, is further amended by 
adding at the end the following new subsection:
    ``(g) The Institute shall not promulgate, enforce, or otherwise 
adopt standards or policies for the Federal establishment of encryption 
and electronic authentication standards required for use in computer 
systems other than Federal Government computer systems.''.

SEC. 7. MISCELLANEOUS AMENDMENTS.

    Section 20 of the National Institute of Standards and Technology 
Act (15 U.S.C. 278g-3), as amended by this Act, is further amended--
            (1) in subsection (b)(8), as so redesignated by section 
        3(1) of this Act, by inserting ``to the extent that such 
        coordination will improve computer security and to the extent 
        necessary for improving such security for Federal computer 
        systems'' after ``Management and Budget)'';
            (2) in subsection (e), as so redesignated by section 4(1) 
        of this Act, by striking ``shall draw upon'' and inserting in 
        lieu thereof ``may draw upon'';
            (3) in subsection (e)(2), as so redesignated by section 
        4(1) of this Act, by striking ``(b)(5)'' and inserting in lieu 
        thereof ``(b)(7)''; and
            (4) in subsection (f)(1)(B)(i), as so redesignated by 
        section 4(1) of this Act, by inserting ``and computer 
        networks'' after ``computers''.

SEC. 8. FEDERAL COMPUTER SYSTEM SECURITY TRAINING.

    Section 5(b) of the Computer Security Act of 1987 (40 U.S.C. 759 
note) is amended--
            (1) by striking ``and'' at the end of paragraph (1);
            (2) by striking the period at the end of paragraph (2) and 
        inserting in lieu thereof ``; and''; and
            (3) by adding at the end the following new paragraph:
            ``(3) to include emphasis on protecting sensitive 
        information in Federal databases and Federal computer sites 
        that are accessible through public networks.''.

SEC. 9. COMPUTER SECURITY FELLOWSHIP PROGRAM.

    There are authorized to be appropriated to the Secretary of 
Commerce $500,000 for fiscal year 2001 and $500,000 for fiscal year 
2002 for the Director of the National Institute of Standards and 
Technology for fellowships, subject to the provisions of section 18 of 
the National Institute of Standards and Technology Act (15 U.S.C. 278g-
1), to support students at institutions of higher learning in computer 
security. Amounts authorized by this section shall not be subject to 
the percentage limitation stated in such section 18.

SEC. 10. STUDY OF ELECTRONIC AUTHENTICATION TECHNOLOGIES BY THE 
              NATIONAL RESEARCH COUNCIL.

    (a) Review by National Research Council.--Not later than 90 days 
after the date of the enactment of this Act, the Secretary of Commerce 
shall enter into a contract with the National Research Council of the 
National Academy of Sciences to conduct a study of electronic 
authentication technologies for use by individuals, businesses, and 
government.
    (b) Contents.--The study referred to in subsection (a) shall--
            (1) assess technology needed to support electronic 
        authentication technologies;
            (2) assess current public and private plans for the 
        deployment of electronic authentication technologies;
            (3) assess interoperability, scalability, and integrity of 
        private and public entities that are elements of electronic 
        authentication technologies; and
            (4) address such other matters as the National Research 
        Council considers relevant to the issues of electronic 
        authentication technologies.
    (c) Interagency Cooperation With Study.--All agencies of the 
Federal Government shall cooperate fully with the National Research 
Council in its activities in carrying out the study under this section, 
including access by properly cleared individuals to classified 
information if necessary.
    (d) Report.--Not later than 18 months after the date of the 
enactment of this Act, the Secretary of Commerce shall transmit to the 
Committee on Science of the House of Representatives and the Committee 
on Commerce, Science, and Transportation of the Senate a report setting 
forth the findings, conclusions, and recommendations of the National 
Research Council for public policy related to electronic authentication 
technologies for use by individuals, businesses, and government. The 
National Research Council shall not recommend the implementation or 
application of a specific electronic authentication technology or 
electronic authentication technical specification for use by the 
Federal Government. Such report shall be submitted in unclassified 
form.
    (e) Authorization of Appropriations.--There are authorized to be 
appropriated to the Secretary of Commerce $450,000 for fiscal year 
2001, to remain available until expended, for carrying out this 
section.

SEC. 11. PROMOTION OF NATIONAL INFORMATION SECURITY.

    The Under Secretary of Commerce for Technology shall--
            (1) promote an increased use of security techniques, such 
        as risk assessment, and security tools, such as cryptography, 
        to enhance the protection of the Nation's information 
        infrastructure;
            (2) establish a central repository of information for 
        dissemination to the public to promote awareness of information 
        security vulnerabilities and risks; and
            (3) in a manner consistent with section 12(d) of the 
        National Technology Transfer and Advancement Act of 1995 (15 
        U.S.C. 272 nt), promote the development of national standards-
        based infrastructures needed to support government, commercial, 
        and private uses of encryption technologies for confidentiality 
        and authentication.

SEC. 12. ELECTRONIC AUTHENTICATION INFRASTRUCTURES.

    (a) Electronic Authentication Infrastructures.--
            (1) Technology-neutral guidelines and standards.--Not later 
        than 18 months after the date of the enactment of this Act, the 
        Director, in consultation with industry and appropriate Federal 
        agencies, shall develop technology-neutral guidelines and 
        standards, or adopt existing technology-neutral industry 
        guidelines and standards, for electronic authentication 
        infrastructures to be made available to Federal agencies so 
        that such agencies may effectively select and utilize 

Pages: 1 2 Next >>

Other Popular 106th Congressional Bills Documents:

1 S. 2263 (pcs) To amend the Internal Revenue Code of 1986 to institute a Federal fuels tax holiday. [Placed on Calendar Senate] ...
2 H.R. 4578 (enr) Making appropriations for the Department of the Interior and related agencies for the fiscal year ending September 30, 2001, and for other purposes. [Enrolled bill] ...
3 S. 1894 (es) To provide for the conveyance of certain land to Park County, Wyoming. [Engrossed in Senate] ...
4 H.R. 4521 (rh) To direct the Secretary of the Interior to authorize and provide funding for rehabilitation of the Going-to-the-Sun Road in Glacier National Park, to authorize funds for maintenance of utilities related to the Park, and for other purposes....
5 H.Res. 385 (eh) [Engrossed in House] ...
6 H.R. 4982 (ih) To prohibit the unauthorized destruction, modification, or alteration of product batch codes to protect consumer health and safety and assist with law enforcement efforts, and for other purposes. [Introduced in House] ...
7 S. 56 (is) To repeal the Federal estate and gift taxes and the tax on generation- skipping transfers. [Introduced in Senate] ...
8 S. 2784 (is) Entitled ``Santa Rosa and San Jacinto Mountains National Monument Act of 2000''. [Introduced in Senate] ...
9 S. 55 (is) To amend the Internal Revenue Code of 1986 to limit the tax rate for certain small businesses, and for other purposes. [Introduced in Senate] ...
10 H.R. 3030 (rs) To designate the facility of the United States Postal Service located at 757 Warren Road in Ithaca, New York, as the ``Matthew F. McHugh Post Office''. [Reported in Senate] ...
11 H.R. 1605 (ih) To designate the United States courthouse building located at 402 North Walnut Street and Prospect Avenue in Harrison, Arkansas, as the ``Judge J. Smith Henley Federal Building''. [Introduced in House] ...
12 H.R. 1833 (eh) To authorize appropriations for fiscal years 2000 and 2001 for the [Engrossed in House] ...
13 S. 2011 (is) To amend title 18, United States Code, to expand the prohibition on stalking, and for other purposes. [Introduced in Senate] ...
14 H.R. 3900 (ih) To repeal the authority of the Federal Deposit Insurance Corporation and the Board of Governors of the Federal Reserve System to impose examination fees on State depository institutions. [Introduced in House] ...
15 H.R. 4772 (ih) To provide for prices of pharmaceutical products that are fair to the producer and the consumer, and for other purposes. [Introduced in House] ...
16 H.R. 2392 (es2) ...
17 H.R. 2766 (ih) To amend title 49, United States Code, relating to inspection of commercial motor vehicles entering the United States along the United States-Mexico border, and for other purposes. [Introduced in House] ...
18 H.R. 4920 (ih) To improve service systems for individuals with developmental disabilities, and for other purposes. [Introduced in House] ...
19 H.R. 1086 (ih) To reform the manner in which firearms are manufactured and distributed by providing an incentive to State and local governments to bring claims for the rising costs of gun violence in their communities. [Introduced in House] ...
20 H.R. 4811 (pp) Making appropriations for foreign operations, export financing, and related programs for the fiscal year ending September 30, 2001, and for other purposes. [Public Print] ...
21 H.R. 4259 (eh) To require the Secretary of the Treasury to mint coins in commemoration of the National Museum of the American Indian of the Smithsonian Institution, and for other purposes. [Engrossed in House] ...
22 S. 700 (is) To amend the National Trails System Act to designate the Ala Kahakai Trail as a National Historic Trail. [Introduced in Senate] ...
23 H.R. 5142 (ih) To amend title XVIII of the Social Security Act to provide under [Introduced in House] ...
24 H.R. 5449 (ih) To amend title XVIII of the Social Security Act to combat fraud and abuse under the Medicare Program with respect to partial hospitalization services. [Introduced in House] ...
25 S. 2089 (is) To amend the Foreign Intelligence Surveillance Act of 1978 to modify procedures relating to orders for surveillance and searches for foreign intelligence purposes, and for other purposes. [Introduced in Senate] ...
26 S. 1513 (rs) For the relief of Jacqueline Salinas and her children Gabriela Salinas, Alejandro Salinas, and Omar Salinas. [Reported in Senate] ...
27 S. 3116 (is) To amend the Harmonized Tariff Schedule of the United States to prevent circumvention of the sugar tariff-rate quotas. [Introduced in Senate] ...
28 S. 297 (is) To amend title 37, United States Code, to authorize members of the uniformed services to participate in the Thrift Savings Plan; and for other purposes. [Introduced in Senate] ...
29 H.R. 1553 (ih) To authorize appropriations for fiscal year 2000 and fiscal year 2001 [Introduced in House] ...
30 S. 3131 (is) To amend title XVIII of the Social Security Act to ensure that the [Introduced in Senate] ...


Other Documents:

106th Congressional Bills Records and Documents

GovRecords.org presents information on various agencies of the United States Government. Even though all information is believed to be credible and accurate, no guarantees are made on the complete accuracy of our government records archive. Care should be taken to verify the information presented by responsible parties. Please see our reference page for congressional, presidential, and judicial branch contact information. GovRecords.org values visitor privacy. Please see the privacy page for more information.
House Rules:

104th House Rules
105th House Rules
106th House Rules

Congressional Bills:

104th Congressional Bills
105th Congressional Bills
106th Congressional Bills
107th Congressional Bills
108th Congressional Bills

Supreme Court Decisions

Supreme Court Decisions

Additional

1995 Privacy Act Documents
1997 Privacy Act Documents
1994 Unified Agenda
2004 Unified Agenda

Congressional Documents:

104th Congressional Documents
105th Congressional Documents
106th Congressional Documents
107th Congressional Documents
108th Congressional Documents

Congressional Directory:

105th Congressional Directory
106th Congressional Directory
107th Congressional Directory
108th Congressional Directory

Public Laws:

104th Congressional Public Laws
105th Congressional Public Laws
106th Congressional Public Laws
107th Congressional Public Laws
108th Congressional Public Laws

Presidential Records

1994 Presidential Documents
1995 Presidential Documents
1996 Presidential Documents
1997 Presidential Documents
1998 Presidential Documents
1999 Presidential Documents
2000 Presidential Documents
2001 Presidential Documents
2002 Presidential Documents
2003 Presidential Documents
2004 Presidential Documents

Home Executive Judicial Legislative Additional Reference About Privacy