|
See the descriptions and links below, listed by category in reverse chronological order, for the key Public Laws (P.L.) and federal regulations regarding, or that impact, the implementation of Federal agency information security programs. P.L. 107-347, E-Government Act of 2002 includes the Federal Information Security Management Act of 2002 (FISMA) which provides a comprehensive framework for ensuring the effectiveness of information security controls over information resources that support Federal operations and assets. The link below is for the FISMA Implementation web page at the National Institute of Standards and Technology (NIST). FISMA Analysis provides a 9-page matrix of FISMA which was passed as TITLE X of the Homeland Security Act of 2002 and TITLE III of the E-Government Act of 2002 Department of Justice (DOJ) Freedom of Information Act (FOIA) site is a valuable resource regarding how to make a FOIA request as well as why agencies may withhold information pursuant to nine exemptions and three exclusions contained in the statute. P.L. 104-191, Health Insurance Portability and Accountability Act of 1996 (HIPAA) is designed to protect confidential healthcare information through improved security standards and federal privacy legislation. HIPAA Administration Simplification (includes HIPAA Security Rule). P.L. 104-106, Clinger-Cohen Act (formerly the Information Technology Management Reform Act of 1996) provides that the federal government information technology shop be operated exactly as an efficient and profitable business would be operated. P.L. 97-255 Federal Manager's Financial Integrity Act of 1982 (FMFIA) requires ongoing evaluations and reports of the adequacy of the systems of internal accounting and administrative control. P.L. 107-204 Sarbanes-Oxley Act of 2002, commonly referred to as SOX, establishes a set of requirements for financial systems, to deter fraud and increase corporate accountability. For information technology systems, regulators may need to know who used a system, when they logged in and out, what accesses or modifications were made to what files, and what authorizations were in effect. Homeland Security Presidential Directive/HSPD-12: August 27, 2004 Subject: Policy for Common Identification Standard for Federal Employees and Contractors. This directive establishes a mandatory, Government-wide standard for secure and reliable forms of identification issued by the Federal Government to its employees and contractors. Homeland Security Presidential Directive/HSPD-7: December 17, 2003 Subject: Critical Infrastructure Identification, Prioritization and Protection. This directive establishes a national policy to identify and prioritize and protect United States critical infrastructure and key resources. OMB Circular, A-123, Management Accountability and Control (June 21, 1995): Implements FMFIA by providing guidance to Federal managers on improving accountability and effectiveness of Federal programs and operations. OMB Circular A-130, Management of Federal Information Resources, Appendix III, Security of Federal Automated Information Resources: Establishes minimum controls for Federal automated information security programs.
| Downloads |
FISMA Analysis (PDF - 154 Kb)
| | Related Links Inside CMS |
HIPAA Administration Simplification
| | Related Links Outside CMS |  |
FISMA
Department of Justice (DOJ) FOIA Site
HIPAA Statute
Clinger-Cohen Act
FMFIA
Sarbanes-Oxley Act (SOX)
HSPD-12
HSPD-7
OMB Circular A-123
OMB Circular A-130 Appendix III
|
|