Archive for the ‘Senate or House Bill’ Category

Feds launch cloud security standards program

December 10, 2011

Jaikumar Vijayan / ComputerWorld

Federal CIO Steven VanRoekel Thursday unveiled the Federal Risk and Authorization Management Program (FedRAMP), which establishes a set of baseline security and privacy standards that all cloud service providers will need to meet in order to sell their products to government agencies.

The program requires that all federal agencies use only FedRAMP-certified cloud services and technologies for public clouds, private clouds, hybrid clouds and community clouds. The program also covers all cloud service models, including Software as a Service (SaaS) and Platform as a Service (PaaS).

Posted in Cloud Computing, Laws and Regulations, Senate or House Bill, Standard / Framework | Leave a Comment »

Cybersecurity Legislative Proposal

May 30, 2011

The Whitehouse unveiled a proposal for a Cybersecurity legislation -

Our critical infrastructure – such as the electricity grid, financial sector, and transportation networks that sustain our way of life – have suffered repeated cyber intrusions, and cyber crime has increased dramatically over the last decade. The President has thus made cybersecurity an Administration priority

……..

This legislative proposal is the latest achievement in the steady stream of progress we are making in securing cyberspace and completes another near-term action item identified in the Cyberspace Policy Review.

Posted in Cybersecurity, Security Strategy, Senate or House Bill | Leave a Comment »

FISMApedia

April 30, 2011

A database of current guidance, laws and directives on how the Federal government secures its IT assets.

Posted in Policy and Governance, Senate or House Bill, Standard / Framework | Leave a Comment »

Criminalizing Encryption

January 13, 2011

Earlier this week, Steptoe & Johnson, an International law firm reported that New York was considering criminalizing Encryption.

Nevada and Massachusetts require the use of encryption in certain circumstances.  But New York is thinking about taking the opposite approach – making it a crime to use encryption in some situations.  A bill (S. 714) introduced in the New York Senate on January 5 would prohibit the “criminal use of encryption.”  While the intent appears to be to make it a crime for criminals to use encryption to conceal evidence, the bill’s awkward wording could be read to prohibit the use of encryption – such as by a communications company – that has the effect of concealing the identity of a criminal or evidence of a crime.

The Bill S714 (aka National Criminal Justice Commission Act) was introduced in Senate on March 2009 by Senator Jim Webb (D-VA) and reported by the committee in Jan 2010 but it never became a law. I quickly scanned through the bill (pdf) but couldn’t find any references to “encryption” (or “unencryption”). There is no other information available about this bill being re-introduced.

Though, there are enough evidences to support that this has been discussed multiple times since 2001 -

The technology of scrambling data and messages has become a crucial element of computer security for businesses and consumers alike. Officials of law enforcement and intelligence agencies have long warned lawmakers that they were unable to break the strongest encryption products, and that crimes eventually would be committed that might otherwise have been prevented.

and as Mark Rasch (attorney and technology expert) said in his 2003 post -

The new legislative proposal would be counterproductive. It could stigmatize encryption as a criminal tool. People will grow wary of using crypto, consequently vendors will become wary of building it in to products, and ultimately the nation will become less secure.

….we shouldn’t stop manufacturing locks just because criminals may use them to lock doors.

Posted in Cryptography, Laws and Regulations, Senate or House Bill, Tech and Laws | Leave a Comment »

Cybersecurity ID (?)

January 10, 2011

The moment I read the article’s subject, the first thing came to my mind – A National CyberID…but Declan probably read my mind and added this in the first few paragraphs -

We are not talking about a government-controlled system. What we are talking about is enhancing online security and privacy, and reducing and perhaps even eliminating the need to memorize a dozen passwords, through creation and use of more trusted digital identities.

So, what is it? It is an expansion of the “National Strategy for Trusted Identities” program that the administration introduced back in June 2010.

Through the strategy we seek to enable a future where individuals can voluntarily choose to obtain a secure, interoperable, and privacy-enhancing credential (e.g., a smart identity card, a digital certificate on their cell phone, etc) from a variety of service providers – both public and private – to authenticate themselves online for different types of transactions (e.g., online banking, accessing electronic health records, sending email, etc.).

Another key concept in the strategy is that the Identity Ecosystem is user-centric – that means you, as a user, will be able to have more control of the private information you use to authenticate yourself on-line, and generally will not have to reveal more than is necessary to do so.

Posted in Authentication, Consumer Information Protection, Privacy, Senate or House Bill | 1 Comment »

10 Legislative Trends to Watch in 2011

January 7, 2011

CIO Insight published a valuable list of legislative trends to watch in the coming year. All are important but “The Data Accountability and Trust Act” (Bill Number H.R.2221 for the 111th Congress) seems to have created considerable buzz.

At present, 46 of 50 U.S. states have data breach notification laws in place. A national law is imminent. A likely candidate: The Data Accountability and Trust Act, passed by the U.S. House and now before the Senate. It would require businesses engaged in interstate commerce to provide notification of breaches to affected consumers.

Posted in Consumer Information Protection, Laws and Regulations, Privacy, Senate or House Bill | Leave a Comment »

The security laws, regulations and guidelines directory

November 13, 2010

A good collection/summary of security and privacy laws, regulations and guidelines.

This directory includes laws, regulations and industry guidelines with significant security and privacy impact and requirements. Each entry includes a link to the full text of the law or reg as well as information about what and who is covered.

The list is intentionally US-centric, but includes selected laws of other nations that have an impact on US-based global companies.

Posted in Laws and Regulations, Senate or House Bill, Standard / Framework | Leave a Comment »

Critical Infrastructure Act

October 4, 2010

The Bill, which aims to close cyber infrastructure culnerabilities, was introduced yesterday.

The Bill would allow the Administration to create a more robust set of regulations for the information systems that control our critical infrastructure. It expands the authority of the Department of Homeland Security to create, verify and enforce measures to protect these critical information systems.

This bill would also require DHS to work with industry, the Defense and Commerce Departments, and the National Institute of Standards and Technology, as well as sector specific regulatory agencies, in creating these measures.

Waiting for the Bill text to be made public to find out how is it different from the Homeland Security Act of 2002: Critical Infrastructure Information Act

Posted in Consumer Information Protection, Cybersecurity, Infrastructure Security, Senate or House Bill | Leave a Comment »

Follow

Get every new post delivered to your Inbox.

Join 993 other followers