21 May 1999

To: cypherpunks@toad.com, cryptography@c2.net, jya@pipeline.com
Subject: House revising Computer Security Act (NIST/NSA law)
Date: Fri, 21 May 1999 13:23:08 -0700
From: John Gilmore <gnu@toad.com>

Forwarded-by: Henry Schwan <owlswan@eff.org>
Forwarded-by: cult hero <jericho@dimensional.com>
Forwarded From: William Knowles <erehwon@kizmiaz.dis.org>


House panel aims to bolster security law

(Federal Computer Week) [5.20.99] WASHINGTON, D.C. -- The House Science
Committee plans to make another push to update a 1989 law that requires
civilian agencies to take measures to protect their computer systems,
according to Rep. Constance Morella (R-Md.), chairwoman of the Technology
Subcommittee of the House Science Committee.

The new bill, which could be introduced as early as next week, would
revamp the 10-year-old Computer Security Act.  The bill will closely
resemble the Computer Security Enhancement Act of 1997, which the House
passed only to have it die in the Senate last year, said Morella, speaking
at a symposium sponsored by the SmartCard Forum.

Like the 1997 bill, the proposed legislation would tap the National
Institute of Standards and Technology as the lead agency for information
security. The preceding bill also would have required NIST to promote
federal use of commercial off-the-shelf products for civilian security

The committee first began its effort to revamp the existing law to reflect
the proliferation of network technology that has left agency data more
vulnerable to corruption and theft, Morella said in 1997.