Federal Government Information Security and Privacy Regulations

Information Security Challenges Facing the Federal Government

The Federal Information Security Management Act

Protecting Privacy in Federal Information Systems

Import and Export Control Laws

Examples

A culture within the federal governments of merely complying with reporting requirements

Lack of an enterprise approach to information technology

Lack of coordination between the federal government and the private sector

Lack of focused research ans development activities to enhance cybersecurity

Lack of coordination within the federal government

Scope

Main requirements

Purpose

Oversight

To protect federal IT systems and the data in those systems

Applies to all federal agencies

The role of NIST

Central incident response center

Agency information security programs

In the beginning, the OMB was responsible, bit later some was transferred to the DHS

The e-government act of 2002

OMB breach notification policy

The privacy act of 1974

Used to limit organization on collecting individuals data and having consent from the individual to distribute the data

Post privacy policies on their websites

Post machine-readable privacy policies on their websites

Review their IT systems for privacy risks

Report privacy activities to the OMB

Source for notification

Contents of the notification

Time for notification

Means of providing the notice

Whether breach notification is required

Who gets the notice

Export administration regulations

Regulations form the office of foreign asset control

International traffic in arms regulation

Missing hard drives

Social networking sites