LLMpediaThe first transparent, open encyclopedia generated by LLMs

Computer Security Act of 1987

Generated by GPT-5-mini
Note: This article was automatically generated by a large language model (LLM) from purely parametric knowledge (no retrieval). It may contain inaccuracies or hallucinations. This encyclopedia is part of a research project currently under review.
Article Genealogy
Parent: CERIAS Hop 4
Expansion Funnel Raw 42 → Dedup 0 → NER 0 → Enqueued 0
1. Extracted42
2. After dedup0 (None)
3. After NER0 ()
4. Enqueued0 ()
Computer Security Act of 1987
Computer Security Act of 1987
U.S. Government · Public domain · source
NameComputer Security Act of 1987
Short titleComputer Security Act of 1987
CitationPublic Law 100–235
Enacted by98th United States Congress
Effective dateJanuary 8, 1988
Signed byRonald Reagan
PurposeImprove security and privacy of Federal automated information systems and develop standards for National Institute of Standards and Technology technical guidance

Computer Security Act of 1987 The Computer Security Act of 1987 established a framework for safeguarding federal automated information systems and assigned responsibilities to National Institute of Standards and Technology and Office of Management and Budget for standards and oversight. The statute responded to high-profile disclosures and technological shifts that implicated information processing in agencies such as Department of Defense, Department of Health and Human Services, and Internal Revenue Service. The Act emerged amid policy debates involving figures and institutions like Ronald Reagan, the 98th United States Congress, and technical communities at National Bureau of Standards.

Background

Legislative origins trace to revelations about security failures in systems operated by agencies such as Internal Revenue Service, Social Security Administration, and Department of Defense. High-profile incidents prompted inquiries by congressional committees including the House Committee on Government Operations and the Senate Committee on Governmental Affairs. Policy advocates cited technical reports from National Bureau of Standards personnel and testimony from stakeholders including representatives of American Civil Liberties Union, Association for Computing Machinery, and industry groups like Information Technology Association of America. The political climate featured executive guidance from Office of Management and Budget circulars and debates between proponents in the 98th United States Congress and critics from oversight bodies such as the Government Accountability Office. The statute reflected influences from earlier administrative law precedents and contemporary legislation like the Paperwork Reduction Act.

Provisions

The Act assigned primary responsibility for developing standards and guidelines to National Institute of Standards and Technology rather than the National Security Agency, shaping jurisdictional authority between Department of Defense components and civilian agencies. It mandated security training programs for federal staff and contractors in agencies including Department of Treasury and Department of Veterans Affairs, and required periodic security reviews coordinated with Office of Management and Budget oversight. The statute directed the creation of standards addressing access controls, audit trails, and authentication mechanisms influenced by cryptographic research from institutions such as Massachusetts Institute of Technology, Stanford University, and Carnegie Mellon University. It also established procedures for identifying sensitive but unclassified systems within agencies like Department of Health and Human Services and required agencies to report compliance to Office of Management and Budget. The Act's language interplayed with regulatory frameworks from entities such as Federal Information Processing Standards and committees established by National Research Council panels.

Implementation and Impact

Implementation proceeded through rulemaking and guidance documents issued by National Institute of Standards and Technology and interpretive guidance from Office of Management and Budget, affecting systems operated by agencies including Social Security Administration, Internal Revenue Service, and Department of Defense installations with civilian components. NIST produced standards and special publications that informed security architectures adopted by federal programs and influenced procurement policies overseen by General Services Administration. Training initiatives invoked curricula developed at academic centers such as George Mason University and University of Maryland, College Park, and partnerships with professional societies like Institute of Electrical and Electronics Engineers and Association for Computing Machinery helped disseminate practices. The law altered relationships among federal laboratories including Los Alamos National Laboratory and Sandia National Laboratories when civilian compliance requirements intersected with classified research needs. Over succeeding years, implementation contributed to the institutionalization of information security roles such as chief information officers in agencies like Department of Education and security officer positions codified in internal directives.

Criticisms and Controversies

Critics from privacy and civil liberties organizations such as Electronic Frontier Foundation and American Civil Liberties Union argued the Act inadequately protected individual privacy in databases held by agencies such as Social Security Administration and Department of Health and Human Services. Some technical communities, including researchers at Massachusetts Institute of Technology and Carnegie Mellon University, contended that the transfer of standard-setting to a civilian agency risked sidelining classified expertise from National Security Agency analyses. Congressional skeptics on the House Committee on Government Operations and legal scholars at institutions like Harvard Law School raised concerns about enforcement mechanisms and the sufficiency of funding for compliance audits. Litigation and oversight reports from Government Accountability Office examined whether agencies met training and reporting obligations, producing debates involving officials from Office of Management and Budget and executive branch policy advisors.

Legacy and Influence on Later Policy

The Act influenced later statutory and administrative developments including amendments and complementary measures in laws and directives overseen by Office of Management and Budget, the evolution of Federal Information Security Management Act frameworks, and administrative guidance associated with Homeland Security Act of 2002. NIST's expanded role after passage shaped standards such as FIPS 140-2 and subsequent cryptographic guidance affecting procurement across agencies like Department of Defense and Department of Homeland Security. The institutional emphasis on training, auditing, and designated security officials presaged practices codified in federal policies and standards adopted by international bodies including International Organization for Standardization committees and influenced curricula at universities like Stanford University and George Washington University. The Act remains a reference point in analyses by scholars at Brookings Institution, RAND Corporation, and policy centers in debates over the balance between civilian oversight, classified expertise, and individual privacy protections.

Category:United States federal computing legislation