compliances , policies

List of Applicable Policies, Laws, and Standards

March 20, 2011

The law, regulations, polices, and guidelines that affect the system include:

  • U.S. Congress – Public Law (PL) and United States Code (U.S.C)
  • PL 107-347 Section III, Federal Information Security Management Act (FISMA) of 2002, 2002
  • PL 107-305, Cyber Security Research and Development Act of 2002
  • PL 96-456, Classified Information Procedures Act of 1980
  • 5 U.S.C. 552, Freedom of Information Act; Public Information; Agency Rules, Opinions, Orders, Records, and Proceedings, 1967
  • 5 U.S.C. 552a, Privacy Act; Records Maintained on Individuals, 1974
  • 18 U.S.C. 1029, Fraud and Related Activity in Connection with Access Devices
  • 18 U.S.C. 1030, Fraud and Related Activity in Connection with Computers
  • 40 U.S.C. 1401 et seq., P.L. 104-106, Clinger Cohen Act of 1996 (Information Technology and Management Reform Act of 1996)
  • 44 U.S.C. 3534, Federal Agency Responsibilities
  • 44 U.S.C. 3535, Annual Independent Evaluation
  • 44 U.S.C. 3537, Authorization of Appropriations
  • 44 U.S.C. 3541, P.L. 107-296, Federal Information Security Management Act of 2002 (FISMA)
  • 44 U.S.C. 3546, Federal Information Security Incident Center

National Institute of Standards and Technology (NIST) – Special Publications (SP) and Federal Information Processing Standards Publications (FIPS PUBS)

  • FIPS 199, Standards for Security Categorization of Federal Information and Information Systems, 2003
  • 800-37, Guide for the Security Certification and Accreditation of Federal Information Systems, 2004
  • 800-34, Contingency Planning Guide for Information Technology Systems, 2002
  • 800-30, Risk Management Guide for Information Technology Systems, 2002
  • 800-26, Revised NIST SP 800-26 System Questionnaire with NIST SP 800-53 References and Associated Security Control Mappings, 2005
  • 800-18, Guide for Developing Security Plans for Information Technology Systems, 1998

Others to consider:

AR 335–15, Management Information Control System

DA Pam 25–1–1, Information Technology Support and Services

DODD 5015.2, Department of Defense Records Management Program

www.bestitdocuments.com