Sec. 351. REPORT ON CLEARED INSIDER THREAT TO CLASSIFIED COMPUTER NETWORKS
543 words·~2 min read·
/statute-compilations/comps-1473/sec-351A research copy — for the controlling text, always check the official state or federal source. Not legal advice.
## SEC. 351 REPORT ON CLEARED INSIDER THREAT TO CLASSIFIED COMPUTER NETWORKS ###
(a)Report Required The Director of Central Intelligence and the Secretary of Defense shall jointly submit to the appropriate committees of Congress a report on the risks to the national security of the United States of the current computer security practices of the elements of the intelligence community and of the Department of Defense. ###
(b)Assessments The report under subsection
(a)shall include an assessment of the following: ####
(1)The vulnerability of the computers and computer systems of the elements of the intelligence community, and of the Department of Defense, to various threats from foreign governments, international terrorist organizations, and organized crime, including information warfare (IW), Information Operations (IO), Computer Network Exploitation (CNE), and Computer Network Attack (CNA). ####
(2)The risks of providing users of local area networks
(LANs)or wide-area networks
(WANs)of computers that include classified information with capabilities for electronic mail, upload and download, or removable storage media without also deploying comprehensive computer firewalls, accountability procedures, or other appropriate security controls. ####
(3)Any other matters that the Director and the Secretary jointly consider appropriate for purposes of the report. ###
(c)Information on Access to Networks The report under subsection
(a)shall also include information as follows: ####
(1)An estimate of the number of access points on each classified computer or computer system of an element of the intelligence community or the Department of Defense that permit unsupervised uploading or downloading of classified information, set forth by level of classification. ####
(2)An estimate of the number of individuals utilizing such computers or computer systems who have access to input-output devices on such computers or computer systems. ####
(3)A description of the policies and procedures governing the security of the access points referred to in paragraph (1), and an assessment of the adequacy of such policies and procedures. ####
(4)An assessment of the viability of utilizing other technologies (including so-called “thin client servers”) to achieve enhanced security of such computers and computer systems through more rigorous control of access to such computers and computer systems. ###
(d)Recommendations The report under subsection
(a)shall also include such recommendations for modifications or improvements of the current computer security practices of the elements of the intelligence community, and of the Department of Defense, as the Director and the Secretary jointly consider appropriate as a result of the assessments under subsection
(b)and the information under subsection (c). ###
(e)Submittal Date The report under subsection
(a)shall be submitted not later than February 15, 2004. ###
(f)Form The report under subsection
(a)may be submitted in classified or unclassified form, at the election of the Director. ###
(g)Definitions In this section: ####
(1)The term “**appropriate committees of Congress**” means— #####
(A)the Select Committee on Intelligence and the Committee on Armed Services of the Senate; and #####
(B)the Permanent Select Committee on Intelligence and the Committee on Armed Services of the House of Representatives. ####
(2)The term “**elements of the intelligence community**” means the elements of the intelligence community set forth in or designated under section 3(4) of the National Security Act of 1947 (50 U.S.C. 401a(4)).
Connectionstraces to 1
Traces to 1 document
U.S. Code
Citation graph
cites case law
Sec. 351
REPORT ON CLEARED INSIDER THREAT TO CLASSIFIED COMPUTER NETWORKS
Cites 1Cited by 0 across 0 sources