LockedKeyboard.jpg

East Stroudsburg University of Pennsylvania

 

Center for Computer Security and Information Assurance

 

 

Computer Security Legal Resources

 

Law or Document Categories

·         Committee on National Security Systems Documents

o   CNSSP-1 National Policy for Safeguarding and Control of Communications Security Material

o   CNSSP-3 National Policy for Granting Access to U.S. Classified Cryptographic Information

o   NCSC-5 National Policy on Use of Cryptomaterial by Activities Operating in High Risk Environments

o   CNSSP-6 National Policy on Certification and Accreditation of National Security Telecommunications and Information Systems

o   CNSSP-17 National Information Assurance (IA) Policy on Wireless Capabilities – important now because of the recent improvements in wireless.

o   NSTISSP-101 National Policy on Securing Voice Communications

o   NSTISSP-200 National Policy on Controlled Access Protection

o   CNSSD-901 National Security Telecommunications and Information Systems Security (CNSS) Issuance System, dated 16 December 2004; Supersedes

o   CNSSI-5000 Guidelines for Voice Over Internet Protocol (VoIP) Computer Telephony

o   CNSSI-5001 Type-Acceptance Program for Voice Over Internet Protocol (VoIP) Telephones

·         Copyright Statutes

o   Digital Millennium Copyright Act: http://thomas.loc.gov/cgi-bin/query/z?c105:H.R.2281.ENR:

o   No Electronic Theft Act: http://www.usdoj.gov/criminal/cybercrime/17-18red.htm

o   Fair Use – Incorporated into the Copyright Act of 1976, was its own doctrine before the Act: http://www.copyright.gov/fls/fl102.html

o   Copyright Act of 1976: http://wiretap.area.com/Gopher/Gov/Copyright/US.Copyright.1976.txt

o   Audio Home Recording Act of 1992: http://www.virtualrecordings.com/ahra.htm

·         Encryption Statutes

o   DMCA – The Digital Millennium Copyright Act: http://www.copyright.gov/legislation/dmca.pdf

o   NRS 597.970 Restrictions on transfer of personal information through electronic transmission: 2.)            http://www.realtime-itcompliance.com/laws_regulations/2007/10/new_nevada_law_explicitly_requ.htm

o   Export Administration Regulations Section 740.13(e): http://www.bis.doc.gov/encryption/pubavailencsourcecodenofify.html

o   CALEA – The Communications Assistance For Law Enforcement Act: http://www.askcalea.net/calea/103.html

o   201 CMR 17.00: Standards for The Protection of Personal Information of Residents of the Commonwealth: http://www.mass.gov/?pageID=ocaterminal&L=3&L0=Home&L1=Consumer&L2=Identity+Theft&sid=Eoca&b=terminalcontent&f=idtheft_201cmr17&csid=Eoca#1701

·         Federal Information Processing Standards

o   FIPS 180-3 - Secure hash Standard: http://csrc.nist.gov/publications/fips/fips180-3/fips180-3_final.pdf

o   FIPS 185 – Escrowed Encryption Standard: http://www.itl.nist.gov/fipspubs/fip185.htm

o   FIPS 186-2 – Digital Signature Standard: http://csrc.nist.gov/publications/fips/fips186-2/fips186-2-change1.pdf

o   FIPS 190 – Guidelines for the use of advanced authentication technology alternatives: http://www.itl.nist.gov/fipspubs/fip190.htm

o   FIPS 191 – Guidelines for the analysis of Local Area Network Security: http://www.itl.nist.gov/fipspubs/fip191.htm

o   FIPS 196 – Entity Authentication Using Public Key Cryptography: http://csrc.nist.gov/publications/fips/fips196/fips196.pdf

o   FIPS 197 – Advanced Encryption Standard: http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf

o   FIPS 199 – Standards for Security Categorization of Federal Information and Information Systems: http://csrc.nist.gov/publications/fips/fips199/FIPS-PUB-199-final.pdf

o   FIPS 200 – Minimum Security Requirements for Federal Information and Information Systems: http://csrc.nist.gov/publications/fips/fips200/FIPS-200-final-march.pdf

o   FIPS 201-1 – Personal Identity Verification of Federal Employees and Contractors: http://csrc.nist.gov/publications/fips/fips201-1/FIPS-201-1-chng1.pdf

·         Internet Gambling Statutes

o   Unlawful Internet Gambling Enforcement Act of 2006: http://www.gambling-law-us.com/Federal-Laws/internet-gambling-ban.htm

o   Federal Wire (Wager) Act  of 1961 (way before the www): http://www.gambling-law-us.com/Federal-Laws/wire-act.htm

o   SAFE Port Act: http://en.wikipedia.org/wiki/SAFE_Port_Act

o   Internet Gambling Prohibition Act: http://en.wikipedia.org/wiki/Internet_Gambling_Prohibition_Act

o   Washington State anti-gambling bill (banning internet gambling): http://www.washingtonvotes.org/2006-SB-6613

·         NIST SP 800 Series

o   NIST SP 800-40 – Creating a Patch and Vulnerability Management Program: http://csrc.nist.gov/publications/nistpubs/800-40-Ver2/SP800-40v2.pdf

o   NIST SP 800-41 – Guidelines of Firewalls and Firewall Policies: http://csrc.nist.gov/publications/nistpubs/800-41/sp800-41.pdf

o   NIST SP 800-44 – Guidelines on Securing Public Web Servers: http://csrc.nist.gov/publications/nistpubs/800-44-ver2/SP800-44v2.pdf

o   NIST SP 800-45 – Guidelines on Electronic Mail Security: http://csrc.nist.gov/publications/nistpubs/800-45-version2/SP800-45v2.pdf

o   NIST SP 800-48 – Guide to Securing Legacy 802.11 Wireless Networks: http://csrc.nist.gov/publications/nistpubs/800-48-rev1/SP800-48r1.pdf

o   NIST SP 800-53 – Recommended Security Controls for Federal Information Systems: http://csrc.nist.gov/publications/nistpubs/800-53-Rev2/sp800-53-rev2-final.pdf

o   NIST SP 800-58 – Security Considerations for Voice over IP Systems: http://csrc.nist.gov/publications/nistpubs/800-58/SP800-58-final.pdf

o   NIST SP 800-59 – Guideline for Identifying an Information System as a National Security System: http://csrc.nist.gov/publications/nistpubs/800-59/SP800-59.pdf

o   NIST SP 800-61 – Computer Security Incident Handling Guide: http://csrc.nist.gov/publications/nistpubs/800-61-rev1/SP800-61rev1.pdf

o   NIST SP 800-111 – Guide to Storage Encryption Technologies for End User Devices: http://csrc.nist.gov/publications/nistpubs/800-111/SP800-111.pdf

·         Non Disclosure and Non Compete Agreements Statutes

o   Invention Secrecy Act of 1951: http://en.wikipedia.org/wiki/Invention_Secrecy_Act

o   The Uniform Trade Secrets Act: http://www.tms.org/pubs/journals/JOM/matters/matters-0601.html

o   Standard Form 312: http://en.wikipedia.org/wiki/Form_SF-312

o   Oregon 653.295: http://www.ncsl.org/programs/employ/non-compete-03.htm

o   South Dakota 53-9-11: http://www.ncsl.org/programs/employ/non-compete-03.htm

·         Trade Secret Statutes

o   Uniform Trade Secrets Act: http://www.law.upenn.edu/bll/archives/ulc/fnact99/1980s/utsa85.htm

o   US Code Title 18, § 1832. Theft of trade secrets: http://www4.law.cornell.edu/uscode/18/1832.html

o   US Code Title 42, § 11042. Trade secrets: http://www4.law.cornell.edu/uscode/search/display.html?terms=trade%20secret&url=/uscode/html/uscode42/usc_sec_42_00011042----000-.html

o   US Code Title 18, § 1905. Disclosure of confidential information generally: http://www4.law.cornell.edu/uscode/18/1905.html

·         Wiretapping Statutes

o   US Code TITLE 18 > PART I > CHAPTER 119 > § 2510 Wiretap Statute: http://www.law.cornell.edu/uscode/18/2510.html

o   USA PATRIOT Act: http://en.wikipedia.org/wiki/USA_PATRIOT_Act

o   Foreign Intelligence Surveillance Act: http://en.wikipedia.org/wiki/Foreign_Intelligence_Surveillance_Act

o   Electronic Communications Privacy Act: http://en.wikipedia.org/wiki/Electronic_Communications_Privacy_Act      

o   Communications Assistance for Law Enforcement Act: http://en.wikipedia.org/wiki/Communications_Assistance_for_Law_Enforcement_Act     

o   Federal Laws: http://www.ncsl.org/programs/lis/cip/surveillance.htm#Federal    

 

Individual Documents or Laws

·         A Summary Guide: Public Law, Executive Orders, And Policy Documents: http://csrc.nist.gov/groups/SMA/fasp/documents/pm/legal-requirements.doc 

·         Access Device Fraud Act: http://www.mpcfaculty.net/leandro_castillo/BeattyPowerPoiints/IntroBL2005-Ch07.ppt

·         Citizen's Guide to United States Federal Exploitation and Obscenity Laws: http://www.usdoj.gov/criminal/ceos/citizensguide_porn.html

·         Communications Act: http://www.fcc.gov/Reports/1934new.pdf

·         Communications Assistance for Law Enforcement Act – CALEA: http://www.askcalea.net/

·         Communications Decency Act: http://thomas.loc.gov/cgi-bin/query/F?c104:1:./temp/~c1045u3XR6:e760:

·         Computer Fraud and Abuse Act: http://www.mpcfaculty.net/leandro_castillo/BeattyPowerPoiints/IntroBL2005-Ch07.ppt

·         Computer Security Act: http://epic.org/crypto/csa/csa.html

·         Conspiracy to Defraud the US Government: http://www2.northumberland.gov.uk/fraud/Documents/SFO%20Factsheets/Conspiracy%20to%20defraud.pdf

·         Department of the Treasury Directive 87-05, Electronic Commerce Initiatives: http://www.ustreas.gov/regs/td87-05.htm

·         Department of the Treasury Security Manual: http://www.ustreas.gov/regs/td71-10.htm

·         Digital Millennium Copyright Act: http://thomas.loc.gov/cgi-bin/query/z?c105:H.R.2281.ENR:

·         Economic Espionage Act: http://www4.law.cornell.edu/uscode/18/1831.html

·         Electronic Communications Privacy Act: http://legal.web.aol.com/resources/legislation/ecpa.html

·         Electronic Freedom Of Information Act: http://epic.org/open_gov/efoia.html

·         Executive Order 12333, United States Intelligence Activities: http://www.defenselink.mil/atsdio/documents/eo1233.html

·         Executive Order 12472, Assignment Of National Security And Emergency Preparedness Telecommunications Functions: http://www.fas.org/irp/offdocs/eo/eo-12472.htm

·         Executive Order 12958, Classified National Security Information: http://www.whitehouse.gov/news/releases/2003/03/20030325-11.html

·         Executive Order 13010, Critical Infrastructure Protection: http://www.fas.org/irp/offdocs/eo13010.htm

·         Executive Order 13011, Federal Information Technology: http://frwebgate.access.gpo.gov/cgi-bin/getdoc.cgi?dbname=1996_register&docid=fr19jy96-133.pdf

·         Executive Order 13103, Computer Software Piracy: http://www.bsagovernment.com/downloads/guidelinesForImplimenting.pdf

·         Executive Order 13228, Establishing The Office Of Homeland Security And The Homeland Security Council: http://www.whitehouse.gov/news/releases/2001/10/20011008-2.html

·         Executive Order 13231, Critical Infrastructure Protection In The Information Age: http://www.whitehouse.gov/news/releases/2001/10/20011016-12.html

·         Federal IT Security Assessment Framework: http://csrc.nist.gov/drivers/documents/Federal-IT-Security-Assessment-Framework.pdf

·         Federal Managers Financial Integrity Act: http://www.whitehouse.gov/omb/financial/fmfia1982.html

·         Federal Property and Administration Service Act: http://en.wikipedia.org/wiki/Federal_Property_and_Administrative_Services_Act_of_1949

·         Federal Records Act: http://www.ed.gov/policy/gen/leg/fra.html

·         Fifth Amendment of the US Constitution: http://caselaw.lp.findlaw.com/data/constitution/amendment05/

·         Financial Modernization Act (Gramm – Leach – Bliley Act): http://www.ftc.gov/privacy/privacyinitiatives/glbact.html

·         First Amendment of the US Constitution: http://caselaw.lp.findlaw.com/data/constitution/amendment01/

·         FISMA (Federal Information Security Management Act): http://csrc.nist.gov/drivers/documents/FISMA-final.pdf

·         Foreign Intelligence Surveillance Act: http://www.fas.org/irp/agency/doj/fisa/

·         Fourth Amendment of the US Constitution: http://caselaw.lp.findlaw.com/data/constitution/amendment04/

·         Freedom Of Information Act (FOIA): http://www.gwu.edu/~nsarchiv/nsa/foia.html

·         General Accounting Office, Federal Information System Controls Audit Manual: http://www.gao.gov/products/GAO-08-1029G

·         General Accounting Office, Information Security Risk Assessment Practices of Leading Organizations: http://oai.dtic.mil/oai/oai?&verb=getRecord&metadataPrefix=html&identifier=ADA391082

·         Government Paperwork Elimination Act: http://www.whitehouse.gov/omb/fedreg/gpea2.html

·         Health Insurance Portability and Accountability Act: http://www.cms.hhs.gov/HIPAAGenInfo/Downloads/HIPAALaw.pdf

·         Identity Theft and Assumption Deterrence Act: http://www.ftc.gov/os/2000/09/idthefttest.htm

·         Information Security Reform Act: http://www.dodig.osd.mil/Audit/reports/fy02/02093sum.htm

·         Information Technology Management Reform Act: http://govinfo.library.unt.edu/npr/library/misc/itref.html

·         National Archives and Records Act: http://www.archives.gov/about/history/anniversary/introduction.html

·         National Infrastructure Protection Act: http://epic.org/security/1996_computer_law.html

·         National Security Directive 42, National Policy for the Security of National Security Telecommunications and Information Systems: http://www.cnss.gov/Assets/pdf/CNSSD-502.pdf

·         National Security Presidential Directive 1, Organization of the National Security System: http://www.legislationline.org/legislation.php?tid=46&lid=8374&less=false

·         National Stolen Property Act: http://www.usdoj.gov/usao/eousa/foia_reading_room/usam/title9/crm01311.htm

·         OMB M-00-07, Incorporating and Funding Security in Information Systems Investments: http://clinton3.nara.gov/OMB/memoranda/m00-07.html

·         OMB M-00-13, Privacy Policies and Data Collection on Federal Web Sites: http://www.whitehouse.gov/omb/memoranda/m00-13.html

·         OMB M-01-08, Guidance on Implementing the Government Information Security Reform Act: http://www.whitehouse.gov/omb/memoranda/m01-08.pdf

·         OMB M-01-24, Reporting Instructions for the Government Information Security Reform Act: http://www.whitehouse.gov/omb/memoranda/m01-24.pdf

·         OMB M-02-01, Guidance for Preparing and Submitting Security Plans of Action and Milestones: http://www.whitehouse.gov/omb/memoranda/m02-01.html

·         OMB M-99-18, Privacy Policies on Federal Web Sites: http://www.whitehouse.gov/omb/memoranda/m99-18.html

·         OMB M-99-20, Security of Federal Automated Information Resources: http://www.whitehouse.gov/omb/memoranda/m99-20.html

·         Omnibus Crime Control and Safer Streets Act: http://en.wikipedia.org/wiki/Omnibus_Crime_Control_and_Safe_Streets_Act_of_1968

·         Paperwork Reduction Act: http://www.archives.gov/federal-register/laws/paperwork-reduction/3501.html

·         Presidential Decision Directive 29, Security Policy Coordination: http://www.fas.org/sgp/spb/pdd29.html

·         Presidential Decision Directive 39, Secret, U.S. Policy on Counterterrorism: http://www.fas.org/irp/offdocs/pdd39.htm

·         Presidential Decision Directive 62, Combating Terrorism: http://www.fas.org/irp/offdocs/pdd-62.htm

·         Presidential Decision Directive 63, Protecting America's Critical Infrastructures: http://www.fas.org/irp/offdocs/pdd-63.htm

·         Presidential Directive 24, Telecommunications Protection Policy: http://www.jimmycarterlibrary.org/documents/pddirectives/pd24.pdf

·         Privacy Act: http://www.usdoj.gov/oip/privstat.htm

·         Racketeer Influenced and Corrupt Organizations Act: http://www.answers.com/topic/rico-law

·         Sarbanes Oxley Act: http://fl1.findlaw.com/news.findlaw.com/hdocs/docs/gwbush/sarbanesoxley072302.pdf

·         Telecommunications Act: http://www.crtc.gc.ca/ENG/LEGAL/TELECOM.HTM

·         Trafficking in Counterfeit Goods and Services Statutes: http://www.supremelaw.org/copyrite/statutes/anticounterfeiting.pdf

·         Treasury Memo: Office of the CIO Memorandum Subject: Guidance for Systems Security Plans: http://www.whitehouse.gov/omb/memoranda/fy2007/m07-19.pdf

·         USA PATRIOT Act: http://epic.org/privacy/terrorism/hr3162.html