Happy family

Find a legal form in minutes

Browse US Legal Forms’ largest database of 85k state and industry-specific legal forms.

Computer Security

Computer security is the collective processes and mechanisms by which sensitive and valuable information and services are protected from publication, tampering, or collapse by unauthorized activities or untrustworthy individuals and unplanned events.  It is a division of information security that is applied to computers and networks.

The federal role and responsibility in computer security relate primarily to securing federally owned, leased, or operated systems.  However, as part of its effort to enhance the security of the nation’s critical infrastructure, the federal government is working with and encouraging the private sector to improve security of the nation’s information infrastructure more generally.

The federal government investigates and prosecutes federal computer crimes.  The federal government also offers assistance to states and local law enforcement in their investigation and prosecution of computer activities that are illegal in the state.  Moreover, the federal government has programs in research and development and in the development of the nation’s expertise in computer security.

The Federal Information Security Management Act of 2002 (“FISMA”)[i] directs each agency to develop, document, and implement an agency wide information security program to provide information security for the information and information systems that support the operations and assets of the agency[ii].

FISMA authorizes the National Institute of Standards and Technology to develop security standards and guidelines for systems used by the federal government.

FISMA further authorizes the Director of the Office of Management and Budget to oversee the policies, principles, standards, and guidelines developed by the National Institute of Standards and Technology [iii].

Further, FISMA directs the Director of the Office of Management and Budget to ensure the operation of a central federal information security incident center to[iv]:

  • provide timely technical assistance to operators of agency information systems regarding security incidents, including guidance on detecting and handling information security incidents;
  • compile and analyze information about incidents that threaten information security;
  • inform operators of agency information systems about current and potential information security threats and vulnerabilities; and
  • consult with the National Institute of Standards and Technology, agencies or offices operating or exercising control of the national security systems, and such other agencies or offices in accordance with the law and as directed by the President regarding information security incidents and related matters.

In carrying out the responsibilities of information and analysis and infrastructure protection, the Under Secretary for Intelligence and Analysis, in cooperation with the Assistant Secretary for Infrastructure Protection provides[v]:

  • analysis and warnings related to threats to and vulnerabilities of critical information systems to state and local government entities; and
  • technical assistance upon request to the private sector and other government entities, in coordination with the Under Secretary for Emergency Preparedness and Response, with respect to emergency recovery plans to respond to major failures of critical information systems.

 

[i] 44 USCS § 3541.

[ii] 44 USCS § 3544 (b).

[iii] 44 USCS § 3546.

[iv] 44 USCS § 3546 (a).

[v] 6 USCS § 143.


Inside Computer Security