Computer Security Act of 1987
{{Short description|U.S. federal law}}
{{Infobox U.S. legislation
| shorttitle = Computer Security Act of 1987
| othershorttitles =
| longtitle = An Act to provide for a computer standards program within the National Bureau of Standards, to provide for Government-wide computer security, and to provide for the training in security matters of persons who are involved in the management, operation, and use of Federal computer systems, and for other purposes.
| colloquialacronym = CSA
| nickname =
| enacted by = 100th
| effective date = January 8, 1988
| public law url = http://www.gpo.gov/fdsys/pkg/STATUTE-101/pdf/STATUTE-101-Pg1724.pdf
| cite public law = 100-235
| cite statutes at large = {{usstat|101|1724}}
| acts amended =
| acts repealed =
| title amended = 15 U.S.C.: Commerce and Trade
| sections created =
| sections amended = {{unbulleted list|{{Usc-title-chap|15|7}} § 271 et seq.|{{Usc-title-chap|15|7}} § 278g-3|{{Usc-title-chap|15|7}} § 278h}}
| leghisturl = http://thomas.loc.gov/cgi-bin/bdquery/z?d100:HR00145:@@@R
| introducedin = House
| introducedbill = {{USBill|100|H.R.|145}}
| introducedby = Dan Glickman (D-KS)
| introduceddate = January 6, 1987
| committees = House Government Operations, House Science, Space and Technology
| passedbody1 = House
| passeddate1 = June 22, 1987
| passedvote1 = passed voice vote
| passedbody2 = Senate
| passedas2 =
| passeddate2 = December 21, 1987
| passedvote2 = passed voice vote
| conferencedate =
| passedbody3 =
| passeddate3 =
| passedvote3 =
| agreedbody3 =
| agreeddate3 =
| agreedvote3 =
| agreedbody4 =
| agreeddate4 =
| agreedvote4 =
| passedbody4 =
| passeddate4 =
| passedvote4 =
| signedpresident = Ronald Reagan
| signeddate = January 8, 1988
| unsignedpresident =
| unsigneddate =
| vetoedpresident =
| vetoeddate =
| overriddenbody1 =
| overriddendate1 =
| overriddenvote1 =
| overriddenbody2 =
| overriddendate2 =
| overriddenvote2 =
| amendments =
| SCOTUS cases =
}}
The Computer Security Act of 1987, Public Law No. 100-235 (H.R. 145), (Jan. 8, 1988), is a United States federal law enacted in 1987. It is intended to improve the security and privacy of sensitive information in federal computer systems and to establish minimally acceptable security practices for such systems. It required the creation of computer security plans, and appropriate training of system users or owners where the systems would display, process or store sensitive information.
Provisions
- Assigned the National Institute of Standards and Technology (NIST, At the time named National Bureau of Standards) to develop standards of minimum acceptable practices with the help of the NSA
- Required establishment of security policies for Federal computer systems that contain sensitive information.
- Mandatory security awareness training for federal employees that use those systems.
References
- [http://thomas.loc.gov/cgi-bin/bdquery/z?d100:HR00145:@@@D&summ2=m& HR 145 ] {{Webarchive|url=https://web.archive.org/web/20160704111723/http://thomas.loc.gov/cgi-bin/bdquery/z?d100:HR00145:@@@D&summ2=m& |date=2016-07-04 }}
- [http://www.epic.org/crypto/csa/ Electronic Privacy Information Center]
External links
- {{cite web |url=http://www.gao.gov/assets/110/101795.pdf |title=Information Security: The Computer Security Act of 1987--H.R. 145 |date=February 25, 1987 |website=U.S. GAO ~ T-IMTEC-87-2 |publisher=U.S. Government Accountability Office |OCLC=16999161}}
- {{cite web |url=http://www.gao.gov/assets/80/77177.pdf |title=Computer Security: Status of Compliance With the Computer Security Act of 1987 |date=September 22, 1988 |website=U.S. GAO ~ IMTEC-88-61BR |publisher=U.S. Government Accountability Office |OCLC=19256725}}
- {{cite web |url=http://www.gao.gov/assets/80/77290.pdf |title=Computer Security: Compliance With Training Requirements of the Computer Security Act of 1987 |date=February 22, 1989 |website=U.S. GAO ~ IMTEC-89-16BR |publisher=U.S. Government Accountability Office |OCLC=27992135}}
{{Authority control}}