...standards, guidelines, policies, and regulations prescribed pursuant to section 111(d) of the Federal Property and Administrative Services Act of 1949,...be transmitted to the National Bureau of Standards "2 and the National Security Agency for advice and comment. A summary of such plan shall be included...

...'PL 100-418, §511»aX2), renamed this Act the "National Institute of Standards and Technology Act". Services Act of 1949, establish a plan for the security...plan shall be transmitted to the National Bureau of Standards2 and the National Security Agency for advice and comment. A summary of such plan shall be...

...out in the Computer Security Act (PL 100-235, 40 USC 759 note). That is, the measures taken should be "commensurate with the risk and magnitude of the harm...unauthorized access to or modification of the information." High value transactions, transmissions of highly sensitive information, and transactions that directly...

...required by the act to establish by January 1989, a plan for the security and privacy of each such system that is commensurate with the risk and magnitude of...modification of the information contained in such systems. In addition, the central management agencies have provided information security requirements...

...standards, guidelines, policies, and regulations prescribed pursuant to section 111(d) of the Federal Property and Administrative Services Act of 1949,...be transmitted to the National Bureau of Standards Mi SEAT. ■BTJ ■> BBS BBB B— Bt BBBBBB Bi OK ajB-7 I - "*-^BT 102 STAT. 18 PUBLIC LAW 100-252—...

...information. The plans should be commensurate with the risk and magnitude of harm that would result from the loss, misuse, or unauthorized access to or modification of the information contained in the system. Chart 2 (attached) shows the responses of 85 agencies on the submission of computer security...

...standards, guidelines, policies, and regulations prescribed pursuant to section lll(d) of the Federal Property and Administrative Services Act of 1949,...be transmitted to the National Bureau of Standards (a) IDENTIFICATION OF SYSTEMS THAT CONTAIN SENSITIVE INFORMATION.—Within 6 months after the date...

...plans for the security of each system that processes "sensitive" information. Such plans are to be "commensurate with the risk and magnitude of the harm...to or modification of the information contained in the system." The Act thus defines the policy for the appropriate level of security to be provided in...

...information. Part of the wisdom of the Computer Security Act, is its recognition of the need for security commensurate with the risk and magnitude of the harm...resulting from the loss, misuse, or unauthorized access to the information contained in computer systems. Defining broad categories of information to be afforded...

...agency to establish a plan for security and privacy that is commensurate with the risk and magnitude of harm resulting from the loss, misuse, or unauthorized...modification of the information contained in such a system. To carry out these requirements effectively, agencies need to perform risk analyses and develop...