From: Declan McCullagh <declan@well.com>
Date: Thu, 19 Jun 1997 02:00:42 +0800
To: cypherpunks@toad.com
Subject: House Science hearing TOMORROW on NIST computer security act (fwd)
Message-ID: <Pine.GSO.3.95.970618095954.185D-100000@well.com>
MIME-Version: 1.0
Content-Type: text/plain





---------- Forwarded message ----------
Date: Wed, 18 Jun 1997 09:59:27 -0700 (PDT)
From: Declan McCullagh <declan@well.com>
To: fight-censorship@vorlon.mit.edu
Subject: House Science hearing TOMORROW on NIST computer security act



---------- Forwarded message ----------
Date: Fri, 13 Jun 1997 17:11:03 -0400
From: "Farmer, Donna" <Donna.Farmer@mail.house.gov>
To: declan
Subject: Computer Security Enhancement Act of 1997



Subcommittee on Technology


Legislative Hearing on the 
Computer Security Enhancement Act of 1997

Thursday, June 19th 1997
10:00 AM to 12:00 Noon
2318 Rayburn House Office Building



The Honorable Gary Bachula					Stephen T. Walker
Acting Under Secretary for Technology				President and CEO
Technology Administration					Trusted Information Systems, Inc.
Department of Commerce					Glenwood, MD
Washington, DC						
								James Bidzos
Whitfield Diffie							President & CEO
Distinguished Engineer						Redwood City, CA
Sun Microsystems						
Mountain View, CA

Marc Rotenberg
Director
Electronic Privacy Information Center
Washington, DC

..													
Hearing Purpose:  

The Hearing will focus on the provisions of the Computer Security
Enhancement Act of 1997.  The bill amends the Computer Security Act of
1987 (P.L.  100-235).  The Computer Security Act 1987of gave NIST the
lead responsibility for computer security for Federal civilian agencies.
 The act requires NIST to develop the standards and guidelines needed to
ensure cost-effective security and privacy of sensitive information in
Federal computer systems.  

Background: The Computer Security Enhancement Act will strengthen the
National Institute of Standards and Technology's (NIST's ) historic role
in computer security established by the Computer Security Act.  The bill
updates the decade-old act while giving NIST the tools it requires to
ensure that appropriate attention and effort is concentrated on securing
our Federal information technology infrastructure.

What the Bill Does:  

The Computer Security Enhancement Act updates the Computer Security Act
to take into account the evolution of computer networks and their use by
both the Federal Government and the private sector.  Specifically, the
security enhancement act:

1.	Requires NIST to promote the acquisition of off-the-shelf products
for meeting civilian agency computer security needs.  This measure
should reduce the cost and improve the availability of computer security
technologies to Federal agencies. 
	 
2.	Increases the input of the independent Computer System Security and
Privacy Advisory Board into NIST's decision-making process.  The board,
which is made up of  representatives from industry, federal agencies and
other outside experts, should assist NIST in its development of
standards and guidelines for Federal systems.
	  
3.	Requires NIST to develop standardized tests and procedures to
evaluate the strength of foreign encryption products.  Through such
tests and procedures, NIST, with assistance from the private sector,
will be able to judge the relative strength of foreign encryption,
thereby defusing some of the concerns associated with the export of
domestically produced encryption products. 
	
4.	Limits NIST's involvement to the development of standards and
guidelines for Federal civilian systems and not for the private sector.
The bill clarifies that NIST standards and guidelines are to be used for
the acquisition of security technologies for the Federal government and
are not intended as restrictions on the production or use of encryption
by the private sector.
	
5.	Updates the Computer Security Act to address changes in technology
over the last decade.  Significant changes in the manner in which
information technology is used by the Federal government have occurred
since the enactment of the Computer Security Act.  The bill updates the
Act, taking these changes into account.
	  
6.	Establishes a new computer science fellowship program for graduate
and undergraduate students studying computer security.  The bill sets
aside $250,000 a year, for each of the next two fiscal years, to enable
NIST to finance computer security fellowships under an existing NIST
grant program.
	
7.	Requires the National Research Council to conduct a study to assess
the desirability of, and the technology required to, support public key
infrastructures.