[Congressional Record Volume 143, Number 84 (Tuesday, June 17, 1997)]
[Extensions of Remarks]
[Pages E1231-E1232]
From the Congressional Record Online through the Government Publishing Office [www.gpo.gov]




             THE COMPUTER SECURITY ENHANCEMENT ACT OF 1997

                                 ______
                                 

                    HON. F. JAMES SENSENBRENNER, JR.

                              of wisconsin

                    in the house of representatives

                         Tuesday, June 17, 1997

  Mr. SENSENBRENNER. Mr. Speaker, I rise today to introduce H.R. 1903, 
the Computer Security Enhancement Act of 1997. I would like to thank 
Technology Subcommittee Chairwoman Constance Morella, and the full 
committee and subcommittee ranking minority members, Congressmen George 
Brown and Bart Gordon, for their efforts in crafting a bipartisan bill 
which should help strengthen computer security throughout the Federal 
Government.
  The lack of adequate security for Federal civilian computer systems 
is a significant problem. Since June 1993, the General Accounting 
Office [GAO] has issued over 30 reports detailing serious information 
security weaknesses at Federal agencies. This year, GAO highlighted 
computer security as a governmentwide, high-risk issue in its high risk 
series.
  H.R. 1903 is intended to address this problem by strengthening the 
National Institute of Standards and Technology's [NIST] historic role 
in computer security. The bill updates the Computer Security Act of 
1987 (P.L. 100-235) to give NIST the tools it needs to ensure that 
appropriate attention and effort is concentrated on securing our 
Federal information technology infrastructure.
  The Computer Security Act gives NIST the lead responsibility for 
computer security for Federal civilian agencies. The act requires NIST 
to develop the standards and guidelines needed to ensure cost-effective 
security and privacy of sensitive information in Federal computer 
systems.
  H.R. 1903 updates the act to take into account the evolution of 
computer networks and their use by both the Federal Government and the 
private sector. Further, the bill's authorizations are consistent with 
authorizations that have already passed the House as part of H.R. 1274, 
the NIST Authorization Act of 1997.
  Specifically, the bill:
  Reduces the cost and improves the availability of computer security 
technologies for Federal agencies by requiring NIST to promote the 
Federal use of off-the-shelf products for meeting civilian agency 
computer security needs.
  Enhances the role of the independent Computer System Security and 
Privacy Advisory Board in NIST's decisionmaking process. The board, 
which is made up of representatives from industry, Federal agencies and 
other outside experts, should assist NIST in its development of 
standards and guidelines for Federal systems.
  Requires NIST to develop standardized tests and procedures to 
evaluate the strength of foreign encryption products. Through such 
tests and procedures, NIST, with assistance from the private sector, 
will be able to judge the relative strength of foreign encryption, 
thereby defusing some of the concerns associated with the export of 
domestic encryption products.
  Limits NIST's involvement to the development of standards and 
guidelines for Federal civilian systems. The bill clarifies that NIST 
standards and guidelines are to be used for the acquisition of security 
technologies for the Federal Government and are not intended as 
restrictions on the production or use of encryption by the private 
sector.
  Updates the Computer Security Act to address changes in technology 
over the last decade. Significant changes in the manner in which 
information technology is used by the Federal Government has occurred 
since the enactment of the Computer Security Act. The bill updates the 
act, taking these changes into account.
  Establishes a new computer science fellowship program for graduate 
and undergraduate students studying computer security. The bill sets 
aside $250,000 a year, for each of the

[[Page E1232]]

next two fiscal years, to enable NIST to finance computer security 
fellowships under an existing NIST grant program.
  Requires the National Research Council to conduct a study to assess 
the desirability of, and the technology required to, support public key 
infrastructures.
  It has been 10 years since Congress passed the Computer Security Act. 
Over that time, computer technology has changed at a breathtaking rate. 
The Computer Security Enhancement Act of 1997 will help NIST and the 
rest of our Federal civilian agencies adapt to those changes.
  Mr. Speaker, ensuring that our agencies' computer systems as secure 
is a priority. H.R. 1903 is an important step toward this goal, and I 
urge all my colleagues to cosponsor this bipartisan bill.

                          ____________________