Common Referenced Related Laws, Regulations, and Policies
January 11, 2008The following Federal laws, directives, regulations provide guidance pertaining to the security automated information systems:
- Privacy Act of 1974 (Public Law [PL] 93-579, United States Code [U.S.C.] 552A)
- Freedom of Information Act (5 U.S.C.522)
- Paperwork Reduction Act of 1986 (44 U.S.C. 35)
- Electronic Communications Privacy Act of 1986 (PL 99-508)
- Computer Fraud and Abuse Act of 1986, (PL 99-474, 18 U.S.C. 1030)
- Information Technology Management Reform Act of 1996 (Clinger-Cohen Act) (Division E of PL 104-106, 4 U.S.C. 35)
- Title III of the E-Government Act (PL 107-347): Federal Information Security Management Act of 2002 (FISMA)
- Office of Management and Budget (OMB) Circular A-123, Management Accountability and Control, Attachment Section II, June 21, 1995
- OMB Circular A-127, Financial Management Systems, revised July 23, 1993
- OMB Circular A-130, Appendix III, Transmittal #4, Security of Federal Automated Information Resources, February 8, 1996
- Presidential Decision Directive (PDD) 67, Continuity of Government (COG) and Continuity of Operations (COOP) Plans Practices for Securing Critical Information and Information Systems and Networks, 1988
- Executive Order (EO) 12656, Assignment of Emergency Preparedness Responsibilities (COOP Plans), November 18, 1988, as amended by EO 13074
- EO 13011, Federal Information Technology, July 16, 1996
- Homeland Security Presidential Directive (HSPD) 7, December 17, 2003
FIPS PUBs, including:
- FIPS PUB 199, Standards for Security Categorization of Federal Information and Information Systems
- FIPS PUB 200, Minimum Security Requirements for Federal Information and Information Systems
NIST SPs, including:
- NIST SP 800-18, Revision 1, Guide for Developing Security Plans for Federal Information Systems
- NIST SP 800-37, Guide for the Security Certification and Accreditation of Federal information Systems
- NIST SP 800-53, Recommended Security Controls for Federal Information Systems, and referenced supplemental guidance documents
- NIST SP 800-60, Guide for Mapping types of Information and Information Systems to Security Categories
https://www.bestitdocuments.com/Samples