Summary: H.R.145 — 100th Congress (1987-1988)All Information (Except Text)

Bill summaries are authored by CRS.

Shown Here:
Passed House amended (06/22/1987)

(Measure passed House, amended)

Computer Security Act of 1987 - Directs the National Bureau of Standards to establish a computer standards program for Federal computer systems, including guidelines for the security of such systems. Sets forth authorities of the Bureau in implementing such standards. Requires the Bureau to draw upon computer system technical security guidelines developed by the National Security Agency regarding protecting sensitive information.

Establishes a Computer System Security and Privacy Advisory Board within the Department of Commerce to: (1) identify, and advise the Bureau and the Secretary of Commerce on, issues relating to computer systems security and privacy; and (2) report findings to the Secretary, the Director of the Office of Management and Budget, the Director of the National Security Agency, and the appropriate congressional committees.

Amends the Federal Property and Administrative Services Act of 1949 to require the Secretary to promulgate standards and guidelines pertaining to Federal computer systems on the basis of standards developed by the Bureau. Authorizes the President to disapprove or modify such standards and guidelines if such action would be in the public interest. Requires that notice of such disapproval or modification be submitted to the House Committee on Government Operations and the Senate Committee on Governmental Affairs and published in the Federal Register. Directs the Secretary to rescind or modify such standards or guidelines as directed by the President.

Requires each agency to provide mandatory periodic training in computer security, under guidelines developed by the Bureau, for all employees involved with the management, use, or operation of computer systems. Authorizes the use of an approved alternative training program determined by the agency head to meet the objectives of such guidelines.

Requires each agency with a Federal computer system to establish a plan for the security and privacy of sensitive information. Requires the submission of such plans to the Bureau and the National Security Agency for advice and comment. Subjects such plans to disapproval by the Office of Management and Budget.

Provides that nothing in this Act shall be construed to: (1) constitute authority to withhold information sought under the Freedom of Information Act; or (2) authorize any Federal agency to limit, restrict, regulate, or control the collection, maintenance, disclosure, use, transfer, or sale of any information that is privately-owned information, information disclosable under the Freedom of Information Act or other law requiring or authorizing the public disclosure of information, or information in the public domain.