Legal and Regulatory Requirements Flashcards
OMB
Office of Mgmt and Budget - executives to standards that need to be followed and are mandated to federal agencies
FISMA governed by
OMB A-130
FISMA is Federal Information Security Management Act
OMB separates FISMA into two diff types of systems
1) Federal and non-National Security Systems - NIST, FIPs (Federal Information Processing standards), SP (Special Publications) 800 series
2) National Security systems - CNSS (Committee on national security systems) - policies and instructions - creates executive order 13231, chaired by DoD
Executive Order 13231
Establishes President of US intent to secure national infrastructure
CNSS
Committee on National Security Systems
- Discuss policy issues
- Set policy
- Set procedures and guidance for NSS (National Security Systems)
CNSSP
Committee of National Security Systems Policy
establish requirements
CNSSI
Committee of National Security Systems Instruction
instructions on how to handle information
HSPD-7
Homeland Security Presidential Directive - HSPD-7 - policy of the US to enhance the protection of our nation’s critical infrastructure against terrorist acts
Public Law 107-347 - eGovernment Act of 2002
identified the importance of information security to the US
FISMA -title III of the e-government act - Federal Information Security Management Act, which required federal agencies to provide security for the information and information systems that support the organization
OMB M-00-13
Agencies must post clear Privacy Policies on Agency websites
OMB M-02-01
Guidance for preparing and submitting POA&Ms
Privacy Act of 1974 (Update 2004)
Balance government’s need to maintain information on individuals (PII - personal identifiable information)
Other Important Legislation - HIPPA
Health Insurance Portability and Accountability Act - patience should have access to their health records, upholding privacy of patience
Other Important Legislation - HITECH
Health Information Technology for Economic and Clinical Health - promote meaningful use of health information technology
Other Important Legislation - Clinger-Cohen Act of 1996
improve the way the Federal Government uses IT