Summary: H.R.2413 — 106th Congress (1999-2000)All Information (Except Text)

Bill summaries are authored by CRS.

Shown Here:
Passed House amended (10/24/2000)

Computer Security Enhancement Act of 2000 - Amends the National Institute of Standards and Technology Act to require the National Institute of Standards and Technology (NIST), in fulfilling its responsibilities under the computer standards program, to provide assistance to Federal agencies in the protection of computer networks, promote Federal compliance with existing computer information security and privacy guidelines, and assist Federal response efforts related to unauthorized access to Federal computer systems.

(Sec. 4) Requires the Institute to: (1) carry out specified activities in the development of uniform standards and guidelines for the cost-effective security and privacy of sensitive information in certain Federal computer systems; (2) maintain and make available to Federal agencies and the public a list of commercially available, tested, and certified computer information security products; and (3) report annually to Congress on evaluations and tests of Federal computer systems, planned evaluations, and recommendations.

(Sec. 5) Directs the Institute to solicit the recommendations of the Computer System Security and Privacy Advisory Board regarding standards and guidelines that are being considered for submittal to the Secretary of Commerce.

Authorizes separate appropriations for FY 2001 and 2002 to enable the Board to identify emerging issues related to computer security, privacy, and cryptography and to convene public meetings on those subjects, receive presentations, and publish reports, digests, and summaries for public distribution on those subjects.

(Sec. 6) Prohibits the Institute from promulgating, enforcing, or otherwise adopting standards or policies for the Federal establishment of encryption and electronic authentication standards required for use in computer systems other than Federal Government computer systems.

(Sec. 7) Revises specified requirements, including authorizing (currently, requiring) the Institute, for the purposes of performing research and conducting studies, to draw upon computer system security guidelines developed by the National Security Agency.

(Sec. 8) Amends the Computer Security Act of 1987 to revise requirements regarding Federal computer system security training to require such training to include emphasis on protecting sensitive information in Federal databases and Federal computer sites that are accessible through public networks.

(Sec. 9) Authorizes appropriations for FY 2001 and 2002 for fellowships to support students at institutions of higher learning in computer security.

(Sec. 10) Requires a study by the National Research Council of the National Academy of Sciences of electronic authentication technologies. Authorizes appropriations for carrying out the study.

(Sec. 11) Directs the Under Secretary of Commerce for Technology (Under Secretary) to: (1) promote an increased use of security technologies to enhance the protection of the Nation's information infrastructure; (2) establish a central repository of information for dissemination to the public to promote awareness of information security vulnerability and risks; and (3) promote the development of national, standards-based infrastructures needed to support government, commercial and private uses of encryption technologies for confidentiality and authentication.

(Sec. 12) Directs the NIST Director to: (1) develop technology-neutral electronic authentication infrastructure guidelines and standards to enable Federal agencies to select and utilize electronic authentication technologies in a manner that is sufficiently secure and interoperable; (2) maintain and make available to Federal agencies and the public a nonmandatory list of commercially available electronic authentication products, and other such products used by Federal agencies, evaluated as conforming with such guidelines and standards; (3) establish core specifications for particular electronic certification and management technologies by Federal agencies and advise Federal agencies for evaluating the conformance of such systems with such criteria; (4) maintain and make available to Federal agencies a list of such systems evaluated as conforming to such criteria; and (5) transmit annual reports to Congress on progress and problems in implementing electronic authentication infrastructures.

(Sec. 13) Authorizes appropriations.