Federal Government Information Security and Privacy Regulations

---

Goals

• Describe the federal government’s information security challenges
• Explain the main requirements under the Federal Information Security Modernization Act
• Describe the role of the National Institute of Standards and Technology (NIST) in creating information security standards
• Discuss approaches to protecting national security systems (NSSs)
• Describe how the U.S. federal government protects privacy in information systems
• Review import and export control laws

Information Security Challenges Facing The Federal Government

What is Cyberwar?

The term cyberwar refers to conflicts between nations and their militaries.

• Cyberwar attacks are carried out at the direction of a particular nation.
  • This is the main distinction between cyberwar and other types of information system attacks that are reported in the news media.
• Cyberwar could affect military information systems, nongovernment information systems, and private industry information systems.
• It includes not only threats to national security, but also threats to industry, commerce, and intellectual property.
• It could even include larger threats to how governments function generally.

The Federal Information Security Modernization Act

• Federal Information Security Management Act (FISMA)

Protecting Privacy in Federal Information Systems

• two major laws protecting the privacy of data are:
  • Privacy Act of 1974
  • E-Government Act (2002)
• Breach Notification Laws
  • OMB Breach Notification Policy
  • How State Breach Notification Laws Differ
• Import and Export Control Laws