Home > 106th Congressional Bills > H.R. 2413 (ih) To amend the National Institute of Standards and Technology Act to enhance the ability of the National Institute of Standards and Technology to improve computer security, and for other purposes. [Introduced in House] ...

H.R. 2413 (ih) To amend the National Institute of Standards and Technology Act to enhance the ability of the National Institute of Standards and Technology to improve computer security, and for other purposes. [Introduced in House] ...


Google
 
Web GovRecords.org


  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
106th CONGRESS
  2d Session
                                H. R. 2413

_______________________________________________________________________

                                 AN ACT


 
  To amend the National Institute of Standards and Technology Act to 
    enhance the ability of the National Institute of Standards and 
    Technology to improve computer security, and for other purposes.

    Be it enacted by the Senate and House of Representatives of the 
United States of America in Congress assembled,

SECTION 1. SHORT TITLE.

    This Act may be cited as the ``Computer Security Enhancement Act of 
2000''.

SEC. 2. FINDINGS AND PURPOSES.

    (a) Findings.--The Congress finds the following:
            (1) The National Institute of Standards and Technology has 
        responsibility for developing standards and guidelines needed 
        to ensure the cost-effective security and privacy of sensitive 
        information in Federal computer systems.
            (2) The Federal Government has an important role in 
        ensuring the protection of sensitive, but unclassified, 
        information controlled by Federal agencies.
            (3) Technology that is based on the application of 
        cryptography exists and can be readily provided by private 
        sector companies to ensure the confidentiality, authenticity, 
        and integrity of information associated with public and private 
        activities.
            (4) The development and use of encryption technologies by 
        industry should be driven by market forces rather than by 
        Government imposed requirements.
    (b) Purposes.--The purposes of this Act are to--
            (1) reinforce the role of the National Institute of 
        Standards and Technology in ensuring the security of 
        unclassified information in Federal computer systems; and
            (2) promote technology solutions based on private sector 
        offerings to protect the security of Federal computer systems.

SEC. 3. SECURITY OF FEDERAL COMPUTERS AND NETWORKS.

    Section 20(b) of the National Institute of Standards and Technology 
Act (15 U.S.C. 278g-3(b)) is amended--
            (1) by redesignating paragraphs (4) and (5) as paragraphs 
        (7) and (8), respectively; and
            (2) by inserting after paragraph (3) the following new 
        paragraphs:
            ``(4) except for national security systems, as defined in 
        section 5142 of Public Law 104-106 (40 U.S.C. 1452), to provide 
        guidance and assistance to Federal agencies for protecting the 
        security and privacy of sensitive information in interconnected 
        Federal computer systems, including identification of 
        significant risks thereto;
            ``(5) to promote compliance by Federal agencies with 
        existing Federal computer information security and privacy 
        guidelines;
            ``(6) in consultation with appropriate Federal agencies, 
        assist Federal response efforts related to unauthorized access 
        to Federal computer systems;''.

SEC. 4. COMPUTER SECURITY IMPLEMENTATION.

    Section 20 of the National Institute of Standards and Technology 
Act (15 U.S.C. 278g-3) is further amended--
            (1) by redesignating subsections (c) and (d) as subsections 
        (e) and (f), respectively; and
            (2) by inserting after subsection (b) the following new 
        subsection:
    ``(c)(1) In carrying out subsection (a)(2) and (3), the Institute 
shall--
            ``(A) emphasize the development of technology-neutral 
        policy guidelines for computer security and electronic 
        authentication practices by the Federal agencies;
            ``(B) promote the use of commercially available products, 
        which appear on the list required by paragraph (2), to provide 
        for the security and privacy of sensitive information in 
        Federal computer systems;
            ``(C) develop qualitative and quantitative measures 
        appropriate for assessing the quality and effectiveness of 
        information security and privacy programs at Federal agencies;
            ``(D) perform evaluations and tests at Federal agencies to 
        assess existing information security and privacy programs;
            ``(E) promote development of accreditation procedures for 
        Federal agencies based on the measures developed under 
        subparagraph (C);
            ``(F) if requested, consult with and provide assistance to 
        Federal agencies regarding the selection by agencies of 
        security technologies and products and the implementation of 
        security practices; and
            ``(G)(i) develop uniform testing procedures suitable for 
        determining the conformance of commercially available security 
        products to the guidelines and standards developed under 
        subsection (a)(2) and (3);
            ``(ii) establish procedures for certification of private 
        sector laboratories to perform the tests and evaluations of 
        commercially available security products developed in 
        accordance with clause (i); and
            ``(iii) promote the testing of commercially available 
        security products for their conformance with guidelines and 
        standards developed under subsection (a)(2) and (3).
    ``(2) The Institute shall maintain and make available to Federal 
agencies and to the public a list of commercially available security 
products that have been tested by private sector laboratories certified 
in accordance with procedures established under paragraph (1)(G)(ii), 
and that have been found to be in conformance with the guidelines and 
standards developed under subsection (a)(2) and (3).
    ``(3) The Institute shall annually transmit to the Congress, in an 
unclassified format, a report containing--
            ``(A) the findings of the evaluations and tests of Federal 
        computer systems conducted under this section during the 12 
        months preceding the date of the report, including the 
        frequency of the use of commercially available security 
        products included on the list required by paragraph (2);
            ``(B) the planned evaluations and tests under this section 
        for the 12 months following the date of the report; and
            ``(C) any recommendations by the Institute to Federal 
        agencies resulting from the findings described in subparagraph 
        (A), and the response by the agencies to those 
        recommendations.''.

SEC. 5. COMPUTER SECURITY REVIEW, PUBLIC MEETINGS, AND INFORMATION.

    Section 20 of the National Institute of Standards and Technology 
Act (15 U.S.C. 278g-3), as amended by this Act, is further amended by 
inserting after subsection (c), as added by section 4 of this Act, the 
following new subsection:
    ``(d)(1) The Institute shall solicit the recommendations of the 
Computer System Security and Privacy Advisory Board, established by 
section 21, regarding standards and guidelines that are being 
considered for submittal to the Secretary in accordance with subsection 
(a)(4). The recommendations of the Board shall accompany standards and 
guidelines submitted to the Secretary.
    ``(2) There are authorized to be appropriated to the Secretary 
$1,030,000 for fiscal year 2001 and $1,060,000 for fiscal year 2002 to 
enable the Computer System Security and Privacy Advisory Board, 
established by section 21, to identify emerging issues related to 
computer security, privacy, and cryptography and to convene public 
meetings on those subjects, receive presentations, and publish reports, 
digests, and summaries for public distribution on those subjects.''.

SEC. 6. LIMITATION ON PARTICIPATION IN REQUIRING ENCRYPTION AND 
              ELECTRONIC AUTHENTICATION STANDARDS.

    Section 20 of the National Institute of Standards and Technology 
Act (15 U.S.C. 278g-3), as amended by this Act, is further amended by 
adding at the end the following new subsection:
    ``(g) The Institute shall not promulgate, enforce, or otherwise 
adopt standards or policies for the Federal establishment of encryption 
and electronic authentication standards required for use in computer 
systems other than Federal Government computer systems.''.

SEC. 7. MISCELLANEOUS AMENDMENTS.

    Section 20 of the National Institute of Standards and Technology 
Act (15 U.S.C. 278g-3), as amended by this Act, is further amended--
            (1) in subsection (b)(8), as so redesignated by section 
        3(1) of this Act, by inserting ``to the extent that such 
        coordination will improve computer security and to the extent 
        necessary for improving such security for Federal computer 
        systems'' after ``Management and Budget)'';
            (2) in subsection (e), as so redesignated by section 4(1) 
        of this Act, by striking ``shall draw upon'' and inserting in 
        lieu thereof ``may draw upon'';
            (3) in subsection (e)(2), as so redesignated by section 
        4(1) of this Act, by striking ``(b)(5)'' and inserting in lieu 
        thereof ``(b)(7)''; and
            (4) in subsection (f)(1)(B)(i), as so redesignated by 
        section 4(1) of this Act, by inserting ``and computer 
        networks'' after ``computers''.

SEC. 8. FEDERAL COMPUTER SYSTEM SECURITY TRAINING.

    Section 5(b) of the Computer Security Act of 1987 (40 U.S.C. 759 
note) is amended--
            (1) by striking ``and'' at the end of paragraph (1);
            (2) by striking the period at the end of paragraph (2) and 
        inserting in lieu thereof ``; and''; and
            (3) by adding at the end the following new paragraph:
            ``(3) to include emphasis on protecting sensitive 
        information in Federal databases and Federal computer sites 
        that are accessible through public networks.''.

SEC. 9. COMPUTER SECURITY FELLOWSHIP PROGRAM.

    There are authorized to be appropriated to the Secretary of 
Commerce $500,000 for fiscal year 2001 and $500,000 for fiscal year 
2002 for the Director of the National Institute of Standards and 
Technology for fellowships, subject to the provisions of section 18 of 
the National Institute of Standards and Technology Act (15 U.S.C. 278g-
1), to support students at institutions of higher learning in computer 
security. Amounts authorized by this section shall not be subject to 
the percentage limitation stated in such section 18.

SEC. 10. STUDY OF ELECTRONIC AUTHENTICATION TECHNOLOGIES BY THE 
              NATIONAL RESEARCH COUNCIL.

    (a) Review by National Research Council.--Not later than 90 days 
after the date of the enactment of this Act, the Secretary of Commerce 
shall enter into a contract with the National Research Council of the 
National Academy of Sciences to conduct a study of electronic 
authentication technologies for use by individuals, businesses, and 
government.
    (b) Contents.--The study referred to in subsection (a) shall--
            (1) assess technology needed to support electronic 
        authentication technologies;
            (2) assess current public and private plans for the 
        deployment of electronic authentication technologies;
            (3) assess interoperability, scalability, and integrity of 
        private and public entities that are elements of electronic 
        authentication technologies; and
            (4) address such other matters as the National Research 
        Council considers relevant to the issues of electronic 
        authentication technologies.
    (c) Interagency Cooperation With Study.--All agencies of the 
Federal Government shall cooperate fully with the National Research 
Council in its activities in carrying out the study under this section, 
including access by properly cleared individuals to classified 
information if necessary.
    (d) Report.--Not later than 18 months after the date of the 
enactment of this Act, the Secretary of Commerce shall transmit to the 
Committee on Science of the House of Representatives and the Committee 
on Commerce, Science, and Transportation of the Senate a report setting 
forth the findings, conclusions, and recommendations of the National 
Research Council for public policy related to electronic authentication 
technologies for use by individuals, businesses, and government. The 
National Research Council shall not recommend the implementation or 
application of a specific electronic authentication technology or 
electronic authentication technical specification for use by the 
Federal Government. Such report shall be submitted in unclassified 
form.
    (e) Authorization of Appropriations.--There are authorized to be 
appropriated to the Secretary of Commerce $450,000 for fiscal year 
2001, to remain available until expended, for carrying out this 
section.

SEC. 11. PROMOTION OF NATIONAL INFORMATION SECURITY.

    The Under Secretary of Commerce for Technology shall--
            (1) promote an increased use of security techniques, such 
        as risk assessment, and security tools, such as cryptography, 
        to enhance the protection of the Nation's information 
        infrastructure;
            (2) establish a central repository of information for 
        dissemination to the public to promote awareness of information 
        security vulnerabilities and risks; and
            (3) in a manner consistent with section 12(d) of the 
        National Technology Transfer and Advancement Act of 1995 (15 
        U.S.C. 272 nt), promote the development of national standards-
        based infrastructures needed to support government, commercial, 
        and private uses of encryption technologies for confidentiality 
        and authentication.

SEC. 12. ELECTRONIC AUTHENTICATION INFRASTRUCTURES.

    (a) Electronic Authentication Infrastructures.--
            (1) Technology-neutral guidelines and standards.--Not later 
        than 18 months after the date of the enactment of this Act, the 
        Director, in consultation with industry and appropriate Federal 
        agencies, shall develop technology-neutral guidelines and 
        standards, or adopt existing technology-neutral industry 
        guidelines and standards, for electronic authentication 
        infrastructures to be made available to Federal agencies so 
        that such agencies may effectively select and utilize 

Pages: 1 2 Next >>

Other Popular 106th Congressional Bills Documents:

1 H.R. 2427 (ih) To amend the Clean Air Act to remove a provision limiting States to proportionately less assistance than their respective populations and tax payments to the Federal Government. [Introduced in House] ...
2 H.R. 5137 (ih) To amend the Public Health Service Act to provide for a national media campaign to reduce and prevent underage drinking in the United States. [Introduced in House] ...
3 S. 1224 (is) To amend the Elementary and Secondary Education Act of 1965 to encourage students, including young women, to pursue demanding careers and higher education degrees in mathematics, science, engineering, and technology. [Introduced in Senate] %%...
4 S. 1844 (es) To amend part D of title IV of the Social Security Act to provide for an alternative penalty procedure with respect to compliance with requirements for a State disbursement unit. [Engrossed in Senate] ...
5 S. 1692 (es) To amend title 18, United States Code, to ban partial-birth abortions. [Engrossed in Senate] ...
6 H.R. 1572 (ih) To require the adoption and utilization of digital signatures by Federal agencies and to encourage the use of digital signatures in private sector electronic transactions. [Introduced in House] ...
7 H.Con.Res. 244 (enr) [Enrolled bill] ...
8 H.R. 4870 (ih) To make technical corrections in patent, copyright, and trademark laws. [Introduced in House] ...
9 H.R. 161 (ih) To amend title XIX of the Social Security Act to restrict imposition of [Introduced in House] ...
10 H.R. 197 (rs) To designate the facility of the United States Postal Service at 410 North 6th Street in Garden City, Kansas, as the ``Clifford R. Hope Post Office''. [Reported in Senate] ...
11 H.R. 4123 (ih) To modify the project for flood control, Yazoo Backwater Area, Yazoo Basin, Mississippi, to authorize the Secretary of the Army to make payments to local interests as compensation for certain reductions in local tax revenues. [Introduced in...
12 S.Res. 393 (ats) Commemorating the life of Gwendolyn Brooks of Chicago, Illinois. [Agreed to Senate] ...
13 S. 1708 (is) To amend the Employee Retirement Income Security Act of 1974 and the [Introduced in Senate] ...
14 S. 1387 (pcs) To extend certain trade preferences to sub-Saharan African countries. [Placed on Calendar Senate] ...
15 H.R. 5615 (ih) To prohibit the use of Federal funds for the conduct or support of programs of HIV testing that fail to make every reasonable effort to inform the individuals of the results of the testing. [Introduced in House] ...
16 H.R. 4577 (pp) Making appropriations for the Departments of Labor, Health and Human Services, and Education, and related agencies for the fiscal year ending September 30, 2001, and for other purposes. [Public Print] ...
17 S. 1571 (is) To amend title 38, United States Code, to provide for permanent eligibility of former members of the Selected Reserve for veterans housing loans. [Introduced in Senate] ...
18 H.R. 592 (rs) To designate a portion of Gateway National Recreation Area as ``World War Veterans Park at Miller Field''. [Reported in Senate] ...
19 H.R. 4447 (enr) To designate the facility of the United States Postal Service located at 919 West 34th Street in Baltimore, Maryland, as the ``Samuel H. Lacy, Sr. Post Office Building''. [Enrolled bill] ...
20 H.R. 5413 (ih) To require the Secretary of Transportation to issue regulations addressing safety concerns in minimizing delay for automobile traffic at railroad grade crossings. [Introduced in House] ...
21 H.R. 2296 (eh) To amend the Revised Organic Act of the Virgin Islands to provide that the number of members on the legislature of the Virgin Islands and the number of such members constituting a quorum shall be determined by the laws of the Virgin Islands...
22 S. 769 (is) To provide a final settlement on certain debt owed by the city of Dickinson, North Dakota, for construction of the bascule gates on the Dickinson Dam. [Introduced in Senate] ...
23 S. 2646 (is) To suspend temporarily the duty on machines, and their parts, for use in the manufacture of digital versatile discs (DVDs). [Introduced in Senate] ...
24 S. 1750 (rs) To reduce the incidence of child abuse and neglect, and for other purposes. [Reported in Senate] ...
25 H.R. 3456 (enr) To amend statutory damages provisions of title 17, United States Code. [Enrolled bill] ...
26 H.R. 4787 (ih) (Original Signature of Member) [Introduced in House] ...
27 H.R. 1727 (ih) To eliminate the fees associated with Forest Service special use permits that authorize a church to use structures and improvements on National Forest System lands for religious or educational purposes. [Introduced in House] ...
28 H.R. 144 (ih) To encourage States to enact laws to prohibit the sale of tobacco products to individuals under the age of 18. [Introduced in House] ...
29 H.R. 193 (rs) To designate a portion of the Sudbury, Assabet, and Concord Rivers as a component of the National Wild and Scenic Rivers System. [Reported in Senate] ...
30 H.R. 5036 (enr) To amend the Dayton Aviation Heritage Preservation Act of 1992 to clarify the areas included in the Dayton Aviation Heritage National Historical Park and to authorize appropriations for that park. [Enrolled bill] ...


Other Documents:

106th Congressional Bills Records and Documents

GovRecords.org presents information on various agencies of the United States Government. Even though all information is believed to be credible and accurate, no guarantees are made on the complete accuracy of our government records archive. Care should be taken to verify the information presented by responsible parties. Please see our reference page for congressional, presidential, and judicial branch contact information. GovRecords.org values visitor privacy. Please see the privacy page for more information.
House Rules:

104th House Rules
105th House Rules
106th House Rules

Congressional Bills:

104th Congressional Bills
105th Congressional Bills
106th Congressional Bills
107th Congressional Bills
108th Congressional Bills

Supreme Court Decisions

Supreme Court Decisions

Additional

1995 Privacy Act Documents
1997 Privacy Act Documents
1994 Unified Agenda
2004 Unified Agenda

Congressional Documents:

104th Congressional Documents
105th Congressional Documents
106th Congressional Documents
107th Congressional Documents
108th Congressional Documents

Congressional Directory:

105th Congressional Directory
106th Congressional Directory
107th Congressional Directory
108th Congressional Directory

Public Laws:

104th Congressional Public Laws
105th Congressional Public Laws
106th Congressional Public Laws
107th Congressional Public Laws
108th Congressional Public Laws

Presidential Records

1994 Presidential Documents
1995 Presidential Documents
1996 Presidential Documents
1997 Presidential Documents
1998 Presidential Documents
1999 Presidential Documents
2000 Presidential Documents
2001 Presidential Documents
2002 Presidential Documents
2003 Presidential Documents
2004 Presidential Documents

Home Executive Judicial Legislative Additional Reference About Privacy