Home > 106th Congressional Bills > S. 1994 (is) To amend the Internal Revenue Code of 1986 to provide assistance to first-time homebuyers. [Introduced in Senate] ...

S. 1994 (is) To amend the Internal Revenue Code of 1986 to provide assistance to first-time homebuyers. [Introduced in Senate] ...

Web GovRecords.org

                                                       Calendar No. 489


  2d Session

                                S. 1993

                          [Report No. 106-259]


                                 A BILL

To reform Government information security by strengthening information 
         security practices throughout the Federal Government.


                             April 10, 2000

                       Reported with an amendment

                                                       Calendar No. 489
  2d Session
                                S. 1993

                          [Report No. 106-259]

To reform Government information security by strengthening information 
         security practices throughout the Federal Government.



                           November 19, 1999

 Mr. Thompson (for himself, Mr. Lieberman, Mr. Abraham, Mr. Voinovich, 
   Mr. Akaka, Mr. Cleland, Ms. Collins, Mr. Stevens, and Mr. Helms) 
introduced the following bill; which was read twice and referred to the 
                   Committee on Governmental Affairs

                             April 10, 2000

              Reported by Mr. Thompson, with an amendment
 [Strike out all after the enacting clause and insert the part printed 
                               in italic]


                                 A BILL

To reform Government information security by strengthening information 
         security practices throughout the Federal Government.

    Be it enacted by the Senate and House of Representatives of the 
United States of America in Congress assembled,


<DELETED>    This Act may be cited as the ``Government Information 
Security Act of 1999''.</DELETED>


<DELETED>    Chapter 35 of title 44, United States Code, is amended by 
inserting at the end the following:</DELETED>


<DELETED>``Sec. 3531. Purposes</DELETED>
<DELETED>    ``The purposes of this subchapter are to--</DELETED>
        <DELETED>    ``(1) provide a comprehensive framework for 
        establishing and ensuring the effectiveness of controls over 
        information resources that support Federal operations and 
        <DELETED>    ``(2)(A) recognize the highly networked nature of 
        the Federal computing environment including the need for 
        Federal Government interoperability and, in the implementation 
        of improved security management measures, assure that 
        opportunities for interoperability are not adversely affected; 
        <DELETED>    ``(B) provide effective governmentwide management 
        and oversight of the related information security risks, 
        including coordination of information security efforts 
        throughout the civilian, national security, and law enforcement 
        <DELETED>    ``(3) provide for development and maintenance of 
        minimum controls required to protect Federal information and 
        information systems; and</DELETED>
        <DELETED>    ``(4) provide a mechanism for improved oversight 
        of Federal agency information security programs.</DELETED>
<DELETED>``Sec. 3532. Definitions</DELETED>
<DELETED>    ``(a) Except as provided under subsection (b), the 
definitions under section 3502 shall apply to this 
<DELETED>    ``(b) As used in this subchapter the term `information 
technology' has the meaning given that term in section 5002 of the 
Clinger-Cohen Act of 1996 (40 U.S.C. 1401).</DELETED>
<DELETED>``Sec. 3533. Authority and functions of the Director</DELETED>
<DELETED>    ``(a)(1) Consistent with subchapter I, the Director shall 
establish governmentwide policies for the management of programs that 
support the cost-effective security of Federal information systems by 
promoting security as an integral component of each agency's business 
<DELETED>    ``(2) Policies under this subsection shall--</DELETED>
        <DELETED>    ``(A) be founded on a continuing risk management 
        cycle that recognizes the need to--</DELETED>
                <DELETED>    ``(i) identify, assess, and understand 
                risk; and</DELETED>
                <DELETED>    ``(ii) determine security needs 
                commensurate with the level of risk;</DELETED>
        <DELETED>    ``(B) implement controls that adequately address 
        the risk;</DELETED>
        <DELETED>    ``(C) promote continuing awareness of information 
        security risk;</DELETED>
        <DELETED>    ``(D) continually monitor and evaluate policy; 
        <DELETED>    ``(E) control effectiveness of information 
        security practices.</DELETED>
<DELETED>    ``(b) The authority under subsection (a) includes the 
authority to--</DELETED>
        <DELETED>    ``(1) oversee and develop policies, principles, 
        standards, and guidelines for the handling of Federal 
        information and information resources to improve the efficiency 
        and effectiveness of governmental operations, including 
        principles, policies, and guidelines for the implementation of 
        agency responsibilities under applicable law for ensuring the 
        privacy, confidentiality, and security of Federal 
        <DELETED>    ``(2) consistent with the standards and guidelines 
        promulgated under section 5131 of the Clinger-Cohen Act of 1996 
        (40 U.S.C. 1441) and sections 5 and 6 of the Computer Security 
        Act of 1987 (40 U.S.C. 759 note; Public Law 100-235; 101 Stat. 
        1729), require Federal agencies to identify and afford security 
        protections commensurate with the risk and magnitude of the 
        harm resulting from the loss, misuse, or unauthorized access to 
        or modification of information collected or maintained by or on 
        behalf of an agency;</DELETED>
        <DELETED>    ``(3) direct the heads of agencies to coordinate 
        such agencies and coordinate with industry to--</DELETED>
                <DELETED>    ``(A) identify, use, and share best 
                security practices; and</DELETED>
                <DELETED>    ``(B) develop voluntary consensus-based 
                standards for security controls, in a manner consistent 
                with section 2(b)(13) of the National Institute of 
                Standards and Technology Act (15 U.S.C. 
        <DELETED>    ``(4) oversee the development and implementation 
        of standards and guidelines relating to security controls for 
        Federal computer systems by the Secretary of Commerce through 
        the National Institute of Standards and Technology under 
        section 5131 of the Clinger-Cohen Act of 1996 (40 U.S.C. 1441) 
        and section 20 of the National Institute of Standards and 
        Technology Act (15 U.S.C. 278g-3);</DELETED>
        <DELETED>    ``(5) oversee and coordinate compliance with this 
        section in a manner consistent with--</DELETED>
                <DELETED>    ``(A) sections 552 and 552a of title 
                <DELETED>    ``(B) sections 20 and 21 of the National 
                Institute of Standards and Technology Act (15 U.S.C. 
                278g-3 and 278g-4);</DELETED>
                <DELETED>    ``(C) section 5131 of the Clinger-Cohen 
                Act of 1996 (40 U.S.C. 1441);</DELETED>
                <DELETED>    ``(D) sections 5 and 6 of the Computer 
                Security Act of 1987 (40 U.S.C. 759 note; Public Law 
                100-235; 101 Stat. 1729); and</DELETED>
                <DELETED>    ``(E) related information management laws; 
        <DELETED>    ``(6) take any authorized action that the Director 
        considers appropriate, including any action involving the 
        budgetary process or appropriations management process, to 
        enforce accountability of the head of an agency for information 
        resources management and for the investments made by the agency 
        in information technology, including--</DELETED>
                <DELETED>    ``(A) recommending a reduction or an 
                increase in any amount for information resources that 
                the head of the agency proposes for the budget 
                submitted to Congress under section 1105(a) of title 
                <DELETED>    ``(B) reducing or otherwise adjusting 
                apportionments and reapportionments of appropriations 
                for information resources; and</DELETED>
                <DELETED>    ``(C) using other authorized 
                administrative controls over appropriations to restrict 
                the availability of funds for information 
<DELETED>    ``(c) The authority under this section may be delegated 
only to the Deputy Director for Management of the Office of Management 
and Budget.</DELETED>
<DELETED>``Sec. 3534. Federal agency responsibilities</DELETED>
<DELETED>    ``(a) The head of each agency shall--</DELETED>
        <DELETED>    ``(1) be responsible for--</DELETED>
                <DELETED>    ``(A) adequately protecting the integrity, 
                confidentiality, and availability of information and 
                information systems supporting agency operations and 
                assets; and</DELETED>
                <DELETED>    ``(B) developing and implementing 
                information security policies, procedures, and control 
                techniques sufficient to afford security protections 
                commensurate with the risk and magnitude of the harm 
                resulting from unauthorized disclosure, disruption, 
                modification, or destruction of information collected 
                or maintained by or for the agency;</DELETED>
        <DELETED>    ``(2) ensure that each senior program manager is 
        responsible for--</DELETED>
                <DELETED>    ``(A) assessing the information security 
                risk associated with the operations and assets of such 
                <DELETED>    ``(B) determining the levels of 
                information security appropriate to protect the 
                operations and assets of such manager; and</DELETED>
                <DELETED>    ``(C) periodically testing and evaluating 
                information security controls and techniques;</DELETED>
        <DELETED>    ``(3) delegate to the agency Chief Information 
        Officer established under section 3506, or a comparable 
        official in an agency not covered by such section, the 
        authority to administer all functions under this subchapter 
                <DELETED>    ``(A) designating a senior agency 
                information security officer;</DELETED>
                <DELETED>    ``(B) developing and maintaining an 
                agencywide information security program as required 
                under subsection (b);</DELETED>
                <DELETED>    ``(C) ensuring that the agency effectively 
                implements and maintains information security policies, 
                procedures, and control techniques;</DELETED>
                <DELETED>    ``(D) training and overseeing personnel 
                with significant responsibilities for information 
                security with respect to such responsibilities; 
                <DELETED>    ``(E) assisting senior program managers 
                concerning responsibilities under paragraph 
        <DELETED>    ``(4) ensure that the agency has trained personnel 
        sufficient to assist the agency in complying with the 
        requirements of this subchapter and related policies, 
        procedures, standards, and guidelines; and</DELETED>
        <DELETED>    ``(5) ensure that the agency Chief Information 
        Officer, in coordination with senior program managers, 
                <DELETED>    ``(A)(i) evaluates the effectiveness of 
                the agency information security program, including 
                testing control techniques; and</DELETED>
                <DELETED>    ``(ii) implements appropriate remedial 
                actions based on that evaluation; and</DELETED>
                <DELETED>    ``(B) reports to the agency head on--
                        <DELETED>    ``(i) the results of such tests 
                        and evaluations; and</DELETED>
                        <DELETED>    ``(ii) the progress of remedial 
<DELETED>    ``(b)(1) Each agency shall develop and implement an 
agencywide information security program to provide information security 
for the operations and assets of the agency, including information 
security provided or managed by another agency.</DELETED>
<DELETED>    ``(2) Each program under this subsection shall include--
        <DELETED>    ``(A) periodic assessments of information security 
        risks that consider internal and external threats to--
                <DELETED>    ``(i) the integrity, confidentiality, and 
                availability of systems; and</DELETED>
                <DELETED>    ``(ii) data supporting critical operations 
                and assets;</DELETED>
        <DELETED>    ``(B) policies and procedures that--</DELETED>
                <DELETED>    ``(i) are based on the risk assessments 
                required under paragraph (1) that cost-effectively 
                reduce information security risks to an acceptable 
                level; and</DELETED>
                <DELETED>    ``(ii) ensure compliance with--</DELETED>
                        <DELETED>    ``(I) the requirements of this 
                        <DELETED>    ``(II) policies and procedures as 
                        may be prescribed by the Director; 
                        <DELETED>    ``(III) any other applicable 
        <DELETED>    ``(C) security awareness training to inform 
        personnel of--</DELETED>
                <DELETED>    ``(i) information security risks 
                associated with personnel activities; and</DELETED>
                <DELETED>    ``(ii) responsibilities of personnel in 
                complying with agency policies and procedures designed 
                to reduce such risks;</DELETED>

Pages: 1 2 3 4 Next >>

Other Popular 106th Congressional Bills Documents:

1 S. 2894 (is) To provide tax and regulatory relief for farmers and to improve the competitiveness of American agricultural commodities and products in global markets. [Introduced in Senate] ...
2 S. 3168 (is) To eliminate any limitation on indictment for sexual offenses and make awards to States to reduce their DNA casework backlogs. [Introduced in Senate] ...
3 H.Res. 613 (eh) [Engrossed in House] ...
4 S. 3230 (cps) To reauthorize the authority for the Secretary of Agriculture to pay costs associated with removal of commodities that pose a health or safety risk and to make adjustments to certain child nutrition programs. [Considered and Passed Senate] %...
5 H.Con.Res. 318 (ih) Recognizing the significance of Equal Pay Day to demonstrate the disparity between wages paid to men and women. [Introduced in House] ...
6 S. 262 (rs) To make miscellaneous and technical changes to various trade laws, and for other purposes. Entry number Date of entry Port [Reported in Senate] ...
7 H.R. 362 (ih) To amend title 10, United States Code, to extend commissary and exchange store privileges to veterans with a service-connected disability rated at 30 percent or more and to the dependents of such veterans. [Introduced in House] ...
8 H.R. 2443 (ih) To amend chapter 44 of title 18, United States Code, relating to the regulation of firearms dealers, and for other purposes. [Introduced in House] ...
9 H.Res. 210 (rh) Providing for consideration of the bill (H.R. 659) to authorize [Reported in House] ...
10 H.R. 4986 (eas) [Engrossed Amendment Senate] ...
11 H.R. 98 (ih) To amend chapter 443 of title 49, United States Code, to extend the aviation war risk insurance program. [Introduced in House] ...
12 S. 1726 (is) To amend the Internal Revenue Code of 1986 to treat for unemployment compensation purposes Indian tribal governments the same as State or local units of government or as nonprofit organizations. [Introduced in Senate] ...
13 H.Res. 409 (ih) Honoring the contributions of Catholic schools. [Introduced in House] ...
14 S. 2370 (es) To designate the Federal building located at 500 Pearl Street in New York City, New York, as the ``Daniel Patrick Moynihan United States Courthouse''. [Engrossed in Senate] ...
15 H.R. 5136 (ih) To make permanent the authority of the Marshal of the Supreme Court and the Supreme Court Police to provide security beyond the Supreme Court building and grounds. [Introduced in House] ...
16 H.Res. 354 (eh) [Engrossed in House] ...
17 S. 613 (rh) To encourage Indian economic development, to provide for the disclosure of Indian tribal sovereign immunity in contracts involving Indian tribes, and for other purposes. [Reported in House] ...
18 S. 1790 (is) To provide for the issuance of a promotion, research, and information order applicable to certain handlers of Hass avocados. [Introduced in Senate] ...
19 H.R. 2737 (ih) To authorize the Secretary of the Interior to convey to the State of Illinois certain Federal land associated with the Lewis and Clark National Historic Trail to be used as an historic and interpretive site along the trail. [Introduced in H...
20 H.J.Res. 116 (ih) Making further continuing appropriations for the fiscal year 2001, and for other purposes. [Introduced in House] ...
21 H.R. 5217 (ih) To provide adequate sanctions for unfair labor practices resulting in the discharge of employees. [Introduced in House] ...
22 H.R. 5383 (ih) To amend the child and adult care food program under the Richard B. Russell National School Lunch Act to provide alternative reimbursement rates under that program for family or group day care homes located in less populous areas. [Introduc...
23 S. 2278 (is) To reauthorize the Junior Duck Stamp Conservation and Design Program Act of 1994. [Introduced in Senate] ...
24 H.R. 617 (ih) To amend the Comprehensive Environmental Response, Compensation, and Liability Act of 1980 to ensure full Federal compliance with that Act. [Introduced in House] ...
25 H.R. 3646 (ih) For the relief of certain Persian Gulf evacuees. [Introduced in House] ...
26 H.R. 4435 (rh) To clarify certain boundaries on the map relating to Unit NC01 of the Coastal Barrier Resources System. [Reported in House] ...
27 H.R. 3834 (rfs) To amend the rural housing loan guarantee program under section 502(h) of the Housing Act of 1949 to provide loan guarantees for loans made to refinance existing mortgage loans guaranteed under such section. [Referred in Senate] %%Filename...
28 H.R. 2466 (rh) Making appropriations for the Department of the Interior and related agencies for the fiscal year ending September 30, 2000, and for other purposes. [Reported in House] ...
29 S. 1255 (es) To protect consumers and promote electronic commerce by amending certain trademark infringement, dilution, and counterfeiting laws, and for other purposes. [Engrossed in Senate] ...
30 H.R. 3628 (ih) To prohibit the importation of bidi cigarettes. [Introduced in House] ...

Other Documents:

106th Congressional Bills Records and Documents

GovRecords.org presents information on various agencies of the United States Government. Even though all information is believed to be credible and accurate, no guarantees are made on the complete accuracy of our government records archive. Care should be taken to verify the information presented by responsible parties. Please see our reference page for congressional, presidential, and judicial branch contact information. GovRecords.org values visitor privacy. Please see the privacy page for more information.
House Rules:

104th House Rules
105th House Rules
106th House Rules

Congressional Bills:

104th Congressional Bills
105th Congressional Bills
106th Congressional Bills
107th Congressional Bills
108th Congressional Bills

Supreme Court Decisions

Supreme Court Decisions


1995 Privacy Act Documents
1997 Privacy Act Documents
1994 Unified Agenda
2004 Unified Agenda

Congressional Documents:

104th Congressional Documents
105th Congressional Documents
106th Congressional Documents
107th Congressional Documents
108th Congressional Documents

Congressional Directory:

105th Congressional Directory
106th Congressional Directory
107th Congressional Directory
108th Congressional Directory

Public Laws:

104th Congressional Public Laws
105th Congressional Public Laws
106th Congressional Public Laws
107th Congressional Public Laws
108th Congressional Public Laws

Presidential Records

1994 Presidential Documents
1995 Presidential Documents
1996 Presidential Documents
1997 Presidential Documents
1998 Presidential Documents
1999 Presidential Documents
2000 Presidential Documents
2001 Presidential Documents
2002 Presidential Documents
2003 Presidential Documents
2004 Presidential Documents

Home Executive Judicial Legislative Additional Reference About Privacy