Home > 106th Congressional Bills > S. 1994 (is) To amend the Internal Revenue Code of 1986 to provide assistance to first-time homebuyers. [Introduced in Senate] ...

S. 1994 (is) To amend the Internal Revenue Code of 1986 to provide assistance to first-time homebuyers. [Introduced in Senate] ...


Google
 
Web GovRecords.org






                                                       Calendar No. 489

106th CONGRESS

  2d Session

                                S. 1993

                          [Report No. 106-259]

_______________________________________________________________________

                                 A BILL

To reform Government information security by strengthening information 
         security practices throughout the Federal Government.

_______________________________________________________________________

                             April 10, 2000

                       Reported with an amendment





                                                       Calendar No. 489
106th CONGRESS
  2d Session
                                S. 1993

                          [Report No. 106-259]

To reform Government information security by strengthening information 
         security practices throughout the Federal Government.


_______________________________________________________________________


                   IN THE SENATE OF THE UNITED STATES

                           November 19, 1999

 Mr. Thompson (for himself, Mr. Lieberman, Mr. Abraham, Mr. Voinovich, 
   Mr. Akaka, Mr. Cleland, Ms. Collins, Mr. Stevens, and Mr. Helms) 
introduced the following bill; which was read twice and referred to the 
                   Committee on Governmental Affairs

                             April 10, 2000

              Reported by Mr. Thompson, with an amendment
 [Strike out all after the enacting clause and insert the part printed 
                               in italic]

_______________________________________________________________________

                                 A BILL


 
To reform Government information security by strengthening information 
         security practices throughout the Federal Government.

    Be it enacted by the Senate and House of Representatives of the 
United States of America in Congress assembled,

<DELETED>SECTION 1. SHORT TITLE.</DELETED>

<DELETED>    This Act may be cited as the ``Government Information 
Security Act of 1999''.</DELETED>

<DELETED>SEC. 2. COORDINATION OF FEDERAL INFORMATION POLICY.</DELETED>

<DELETED>    Chapter 35 of title 44, United States Code, is amended by 
inserting at the end the following:</DELETED>

        <DELETED>``SUBCHAPTER II--INFORMATION SECURITY</DELETED>

<DELETED>``Sec. 3531. Purposes</DELETED>
<DELETED>    ``The purposes of this subchapter are to--</DELETED>
        <DELETED>    ``(1) provide a comprehensive framework for 
        establishing and ensuring the effectiveness of controls over 
        information resources that support Federal operations and 
        assets;</DELETED>
        <DELETED>    ``(2)(A) recognize the highly networked nature of 
        the Federal computing environment including the need for 
        Federal Government interoperability and, in the implementation 
        of improved security management measures, assure that 
        opportunities for interoperability are not adversely affected; 
        and</DELETED>
        <DELETED>    ``(B) provide effective governmentwide management 
        and oversight of the related information security risks, 
        including coordination of information security efforts 
        throughout the civilian, national security, and law enforcement 
        communities;</DELETED>
        <DELETED>    ``(3) provide for development and maintenance of 
        minimum controls required to protect Federal information and 
        information systems; and</DELETED>
        <DELETED>    ``(4) provide a mechanism for improved oversight 
        of Federal agency information security programs.</DELETED>
<DELETED>``Sec. 3532. Definitions</DELETED>
<DELETED>    ``(a) Except as provided under subsection (b), the 
definitions under section 3502 shall apply to this 
subchapter.</DELETED>
<DELETED>    ``(b) As used in this subchapter the term `information 
technology' has the meaning given that term in section 5002 of the 
Clinger-Cohen Act of 1996 (40 U.S.C. 1401).</DELETED>
<DELETED>``Sec. 3533. Authority and functions of the Director</DELETED>
<DELETED>    ``(a)(1) Consistent with subchapter I, the Director shall 
establish governmentwide policies for the management of programs that 
support the cost-effective security of Federal information systems by 
promoting security as an integral component of each agency's business 
operations.</DELETED>
<DELETED>    ``(2) Policies under this subsection shall--</DELETED>
        <DELETED>    ``(A) be founded on a continuing risk management 
        cycle that recognizes the need to--</DELETED>
                <DELETED>    ``(i) identify, assess, and understand 
                risk; and</DELETED>
                <DELETED>    ``(ii) determine security needs 
                commensurate with the level of risk;</DELETED>
        <DELETED>    ``(B) implement controls that adequately address 
        the risk;</DELETED>
        <DELETED>    ``(C) promote continuing awareness of information 
        security risk;</DELETED>
        <DELETED>    ``(D) continually monitor and evaluate policy; 
        and</DELETED>
        <DELETED>    ``(E) control effectiveness of information 
        security practices.</DELETED>
<DELETED>    ``(b) The authority under subsection (a) includes the 
authority to--</DELETED>
        <DELETED>    ``(1) oversee and develop policies, principles, 
        standards, and guidelines for the handling of Federal 
        information and information resources to improve the efficiency 
        and effectiveness of governmental operations, including 
        principles, policies, and guidelines for the implementation of 
        agency responsibilities under applicable law for ensuring the 
        privacy, confidentiality, and security of Federal 
        information;</DELETED>
        <DELETED>    ``(2) consistent with the standards and guidelines 
        promulgated under section 5131 of the Clinger-Cohen Act of 1996 
        (40 U.S.C. 1441) and sections 5 and 6 of the Computer Security 
        Act of 1987 (40 U.S.C. 759 note; Public Law 100-235; 101 Stat. 
        1729), require Federal agencies to identify and afford security 
        protections commensurate with the risk and magnitude of the 
        harm resulting from the loss, misuse, or unauthorized access to 
        or modification of information collected or maintained by or on 
        behalf of an agency;</DELETED>
        <DELETED>    ``(3) direct the heads of agencies to coordinate 
        such agencies and coordinate with industry to--</DELETED>
                <DELETED>    ``(A) identify, use, and share best 
                security practices; and</DELETED>
                <DELETED>    ``(B) develop voluntary consensus-based 
                standards for security controls, in a manner consistent 
                with section 2(b)(13) of the National Institute of 
                Standards and Technology Act (15 U.S.C. 
                272(b)(13));</DELETED>
        <DELETED>    ``(4) oversee the development and implementation 
        of standards and guidelines relating to security controls for 
        Federal computer systems by the Secretary of Commerce through 
        the National Institute of Standards and Technology under 
        section 5131 of the Clinger-Cohen Act of 1996 (40 U.S.C. 1441) 
        and section 20 of the National Institute of Standards and 
        Technology Act (15 U.S.C. 278g-3);</DELETED>
        <DELETED>    ``(5) oversee and coordinate compliance with this 
        section in a manner consistent with--</DELETED>
                <DELETED>    ``(A) sections 552 and 552a of title 
                5;</DELETED>
                <DELETED>    ``(B) sections 20 and 21 of the National 
                Institute of Standards and Technology Act (15 U.S.C. 
                278g-3 and 278g-4);</DELETED>
                <DELETED>    ``(C) section 5131 of the Clinger-Cohen 
                Act of 1996 (40 U.S.C. 1441);</DELETED>
                <DELETED>    ``(D) sections 5 and 6 of the Computer 
                Security Act of 1987 (40 U.S.C. 759 note; Public Law 
                100-235; 101 Stat. 1729); and</DELETED>
                <DELETED>    ``(E) related information management laws; 
                and</DELETED>
        <DELETED>    ``(6) take any authorized action that the Director 
        considers appropriate, including any action involving the 
        budgetary process or appropriations management process, to 
        enforce accountability of the head of an agency for information 
        resources management and for the investments made by the agency 
        in information technology, including--</DELETED>
                <DELETED>    ``(A) recommending a reduction or an 
                increase in any amount for information resources that 
                the head of the agency proposes for the budget 
                submitted to Congress under section 1105(a) of title 
                31;</DELETED>
                <DELETED>    ``(B) reducing or otherwise adjusting 
                apportionments and reapportionments of appropriations 
                for information resources; and</DELETED>
                <DELETED>    ``(C) using other authorized 
                administrative controls over appropriations to restrict 
                the availability of funds for information 
                resources.</DELETED>
<DELETED>    ``(c) The authority under this section may be delegated 
only to the Deputy Director for Management of the Office of Management 
and Budget.</DELETED>
<DELETED>``Sec. 3534. Federal agency responsibilities</DELETED>
<DELETED>    ``(a) The head of each agency shall--</DELETED>
        <DELETED>    ``(1) be responsible for--</DELETED>
                <DELETED>    ``(A) adequately protecting the integrity, 
                confidentiality, and availability of information and 
                information systems supporting agency operations and 
                assets; and</DELETED>
                <DELETED>    ``(B) developing and implementing 
                information security policies, procedures, and control 
                techniques sufficient to afford security protections 
                commensurate with the risk and magnitude of the harm 
                resulting from unauthorized disclosure, disruption, 
                modification, or destruction of information collected 
                or maintained by or for the agency;</DELETED>
        <DELETED>    ``(2) ensure that each senior program manager is 
        responsible for--</DELETED>
                <DELETED>    ``(A) assessing the information security 
                risk associated with the operations and assets of such 
                manager;</DELETED>
                <DELETED>    ``(B) determining the levels of 
                information security appropriate to protect the 
                operations and assets of such manager; and</DELETED>
                <DELETED>    ``(C) periodically testing and evaluating 
                information security controls and techniques;</DELETED>
        <DELETED>    ``(3) delegate to the agency Chief Information 
        Officer established under section 3506, or a comparable 
        official in an agency not covered by such section, the 
        authority to administer all functions under this subchapter 
        including--</DELETED>
                <DELETED>    ``(A) designating a senior agency 
                information security officer;</DELETED>
                <DELETED>    ``(B) developing and maintaining an 
                agencywide information security program as required 
                under subsection (b);</DELETED>
                <DELETED>    ``(C) ensuring that the agency effectively 
                implements and maintains information security policies, 
                procedures, and control techniques;</DELETED>
                <DELETED>    ``(D) training and overseeing personnel 
                with significant responsibilities for information 
                security with respect to such responsibilities; 
                and</DELETED>
                <DELETED>    ``(E) assisting senior program managers 
                concerning responsibilities under paragraph 
                (2);</DELETED>
        <DELETED>    ``(4) ensure that the agency has trained personnel 
        sufficient to assist the agency in complying with the 
        requirements of this subchapter and related policies, 
        procedures, standards, and guidelines; and</DELETED>
        <DELETED>    ``(5) ensure that the agency Chief Information 
        Officer, in coordination with senior program managers, 
        periodically--</DELETED>
                <DELETED>    ``(A)(i) evaluates the effectiveness of 
                the agency information security program, including 
                testing control techniques; and</DELETED>
                <DELETED>    ``(ii) implements appropriate remedial 
                actions based on that evaluation; and</DELETED>
                <DELETED>    ``(B) reports to the agency head on--
                </DELETED>
                        <DELETED>    ``(i) the results of such tests 
                        and evaluations; and</DELETED>
                        <DELETED>    ``(ii) the progress of remedial 
                        actions.</DELETED>
<DELETED>    ``(b)(1) Each agency shall develop and implement an 
agencywide information security program to provide information security 
for the operations and assets of the agency, including information 
security provided or managed by another agency.</DELETED>
<DELETED>    ``(2) Each program under this subsection shall include--
</DELETED>
        <DELETED>    ``(A) periodic assessments of information security 
        risks that consider internal and external threats to--
        </DELETED>
                <DELETED>    ``(i) the integrity, confidentiality, and 
                availability of systems; and</DELETED>
                <DELETED>    ``(ii) data supporting critical operations 
                and assets;</DELETED>
        <DELETED>    ``(B) policies and procedures that--</DELETED>
                <DELETED>    ``(i) are based on the risk assessments 
                required under paragraph (1) that cost-effectively 
                reduce information security risks to an acceptable 
                level; and</DELETED>
                <DELETED>    ``(ii) ensure compliance with--</DELETED>
                        <DELETED>    ``(I) the requirements of this 
                        subchapter;</DELETED>
                        <DELETED>    ``(II) policies and procedures as 
                        may be prescribed by the Director; 
                        and</DELETED>
                        <DELETED>    ``(III) any other applicable 
                        requirements;</DELETED>
        <DELETED>    ``(C) security awareness training to inform 
        personnel of--</DELETED>
                <DELETED>    ``(i) information security risks 
                associated with personnel activities; and</DELETED>
                <DELETED>    ``(ii) responsibilities of personnel in 
                complying with agency policies and procedures designed 
                to reduce such risks;</DELETED>

Pages: 1 2 3 4 Next >>

Other Popular 106th Congressional Bills Documents:

1 S. 2807 (is) To amend the Social Security Act to establish a Medicare Prescription Drug and Supplemental Benefit Program and to stabilize and improve the Medicare+Choice program, and for other purposes. [Introduced in Senate] ...
2 H.R. 4461 (eh) Making appropriations for Agriculture, Rural Development, Food and Drug Administration, and Related Agencies programs for the fiscal year ending September 30, 2001, and for other purposes. [Engrossed in House] ...
3 H.R. 2591 (rs) To designate the United States Post Office located at 713 Elm Street in Wakefield, Kansas, as the ``William H. Avery Post Office''. [Reported in Senate] ...
4 H.R. 20 (ih) To authorize the Secretary of the Interior to construct and operate a visitor center for the Upper Delaware Scenic and Recreational River on land owned by the State of New York. [Introduced in House] ...
5 H.R. 1554 (ih) To amend the provisions of title 17, United States Code, and the Communications Act of 1934, relating to copyright licensing and carriage of broadcast signals by satellite. [Introduced in House] ...
6 S. 1206 (pcs) Making appropriations for the Legislative Branch for the fiscal year ending September 30, 2000, and for other purposes. [Placed on Calendar Senate] ...
7 H.R. 2427 (ih) To amend the Clean Air Act to remove a provision limiting States to proportionately less assistance than their respective populations and tax payments to the Federal Government. [Introduced in House] ...
8 S. 1913 (is) To amend the Act entitled ``An Act relating to the water rights of the Ak-Chin Indian Community'' to clarify certain provisions concerning the leasing of such water rights, and for other purposes. [Introduced in Senate] ...
9 H.R. 5208 (ih) To amend titles V, XVIII, and XIX of the Social Security Act to promote smoking cessation under the medicare program, the medicaid program, and the maternal and child health program. [Introduced in House] ...
10 S. 2951 (enr) To authorize the Secretary of the Interior to conduct a study to investigate opportunities to better manage the water resources in the Salmon Creek watershed of the Upper Columbia River. [Enrolled bill] ...
11 H.R. 62 (ih) To provide that the provisions of Executive Order 13107, relating to the implementation of certain human rights treaties, shall not have any legal effect. [Introduced in House] ...
12 H.Res. 408 (rh) Providing for consideration of the bill (H.R. 1838) to assist in the enhancement of the security of Taiwan, and for other purposes. [Reported in House] ...
13 H.R. 2084 (enr) Making appropriations for the Department of Transportation and related [Enrolled bill] ...
14 H.R. 1710 (ih) To amend the Internal Revenue Code of 1986 to allow a credit against income tax for expenses of attending elementary and secondary schools and for contributions to such schools and to charitable organizations which provide scholarships for...
15 H.R. 2744 (ih) To amend title XVIII of the Social Security Act to modify the interim payment system for home health services, and for other purposes. [Introduced in House] ...
16 S. 278 (rs) To direct the Secretary of the Interior to convey certain lands to the county of Rio Arriba, New Mexico. [Reported in Senate] ...
17 H.Con.Res. 446 (rds) Providing for the sine die adjournment of the second session of the One Hundred Sixth Congress. [Received in the Senate] ...
18 H.R. 5521 (ih) To amend title 31, United States Code, to expand the types of Federal agencies that are required to prepare audited financial statements. [Introduced in House] ...
19 H.R. 658 (ih) To establish the Thomas Cole National Historic Site in the State of New York as an affiliated area of the National Park System. [Introduced in House] ...
20 S. 2002 (rfh) For the relief of Tony Lara. [Referred in House] ...
21 S. 692 (rs) To prohibit Internet gambling, and for other purposes. [Reported in Senate] ...
22 S. 3262 (is) To amend the Communications Act of 1934 to make inapplicable certain political broadcasting provisions to noncommercial educational broadcasting stations. [Introduced in Senate] ...
23 H.Con.Res. 107 (enr) [Enrolled bill] ...
24 H.R. 438 (ih) To promote and enhance public safety through use of 911 as the universal emergency assistance number, and for other purposes. [Introduced in House] ...
25 H.R. 2752 (pcs) To direct the Secretary of the Interior to sell certain public land in Lincoln County through a competitive process. [Placed on Calendar Senate] ...
26 H.R. 2853 (ih) To amend title 28, United States Code, to provide for individuals serving as Federal jurors to continue to receive their normal average wage or salary during such service. [Introduced in House] ...
27 H.R. 1189 (ih) To make technical corrections in title 17, United States Code, and other laws. [Introduced in House] ...
28 S. 1515 (rfh) To amend the Radiation Exposure Compensation Act, and for other purposes. [Referred in House] ...
29 H.R. 158 (rs) To designate the United States courthouse located at 316 North 26th Street in Billings, Montana, as the ``James F. Battin United States Courthouse''. [Reported in Senate] ...
30 H.R. 4968 (ih) To amend title XVIII of the Social Security Act to provide for equitable reimbursement rates under the Medicare Program to Medicare+Choice organizations. [Introduced in House] ...


Other Documents:

106th Congressional Bills Records and Documents

GovRecords.org presents information on various agencies of the United States Government. Even though all information is believed to be credible and accurate, no guarantees are made on the complete accuracy of our government records archive. Care should be taken to verify the information presented by responsible parties. Please see our reference page for congressional, presidential, and judicial branch contact information. GovRecords.org values visitor privacy. Please see the privacy page for more information.
House Rules:

104th House Rules
105th House Rules
106th House Rules

Congressional Bills:

104th Congressional Bills
105th Congressional Bills
106th Congressional Bills
107th Congressional Bills
108th Congressional Bills

Supreme Court Decisions

Supreme Court Decisions

Additional

1995 Privacy Act Documents
1997 Privacy Act Documents
1994 Unified Agenda
2004 Unified Agenda

Congressional Documents:

104th Congressional Documents
105th Congressional Documents
106th Congressional Documents
107th Congressional Documents
108th Congressional Documents

Congressional Directory:

105th Congressional Directory
106th Congressional Directory
107th Congressional Directory
108th Congressional Directory

Public Laws:

104th Congressional Public Laws
105th Congressional Public Laws
106th Congressional Public Laws
107th Congressional Public Laws
108th Congressional Public Laws

Presidential Records

1994 Presidential Documents
1995 Presidential Documents
1996 Presidential Documents
1997 Presidential Documents
1998 Presidential Documents
1999 Presidential Documents
2000 Presidential Documents
2001 Presidential Documents
2002 Presidential Documents
2003 Presidential Documents
2004 Presidential Documents

Home Executive Judicial Legislative Additional Reference About Privacy