H.R.3844 - Federal Information Security Management Act of 2002107th Congress (2001-2002)
|Sponsor:||Rep. Davis, Tom [R-VA-11] (Introduced 03/05/2002)|
|Committees:||House - Government Reform; Science|
|Latest Action:||House - 03/18/2002 Referred to the Subcommittee on Environment, Technology, and Standards. (All Actions)|
|Notes:||For further action, see H.R.2458 E-Government Act of 2002, which became Public Law 107-347 on 12/17/2002.|
This bill has the status Introduced
Here are the steps for Status of Legislation:
Summary: H.R.3844 — 107th Congress (2001-2002)All Information (Except Text)
Federal Information Security Management Act of 2002 - Requires the Director of the Office of Management and Budget to oversee Federal agency information security policies and practices, including by requiring each Federal agency to identify and provide information security protections commensurate with the risk and magnitude of harm resulting from the unauthorized use, disclosure, disruption, modification, or destruction of information or information systems. Requires each agency's senior officials to provide security for the information and systems that support their operations and assets and to develop plans and procedures to ensure the continuity of such information and systems.
Introduced in House (03/05/2002)
Requires the: (1) Director to establish and operate a central Federal information security incident center; and (2) head of each agency operating or controlling a national security system to take measures to protect such system.
Authorizes appropriations for FY 2003 through 2007 for information security.
Requires the Director (currently, the Secretary of Commerce) to promulgate standards and guidelines pertaining to Federal information (currently, computer) systems.
Requires the National Institute of Standards and Technology to: (1) develop and submit to the Director standards and guidelines for information (currently, computer) systems used or operated by or for a Federal agency, other than national security systems; and (2) provide adequate security for such systems. Establishes in the Institute an Office for Information Security Programs.
Renames the Computer System Security and Privacy Advisory Board as the Information Security Advisory Board.