Government Documents, Laws, Testimonies or Reports

The E-Government Act of 2002 (Public Law 107-347), recognized the importance of information security to the economic and national security interests of the United States. Title III of the E-Government Act, entitled the Federal Information Security Management Act of 2002 (FISMA), tasked NIST with responsibilities for standards and guidelines, including the development of:
- Standards to be used by all federal agencies to categorize all information and information systems collected or maintained by or on behalf of each agency based on the objectives of providing appropriate levels of information security according to a range of risk levels;
- Guidelines recommending the types of information and information systems to be included in each category; and
- Minimum information security requirements (i.e., management, operational, and technical controls), for information and information systems in each such category.

The purpose of this primer is to provide the design community and school administrators with the basic principles and techniques to design a school safe from terrorist attacks.

EDUCAUSE joined a broad coalition in filing an amicus, or friend of the court, brief on behalf of the National Geographic Society which seeks permission to reproduce a print collective work in electronic format. At issue is ensuring the availability, preservation and dissemination of prior research which is essential for scholarly advancement. Oral arguments are expected to take place in the Eleventh Circuit Court during the week of February 25th, 2008, with a decision rendered at some point thereafter.

Recently in response to the tragedy at Virginia Tech, Chairman Patrick Leahy of the Senate Judiciary Committee has combined several pre-existing bills into a comprehensive package that would provide for improvements in school safety and law enforcement. This legislation was approved by Committee and is waiting for full consideration by the Senate.

This bill, The School Safety and Law Enforcement Improvement Act of 2007 (SSLEIA), would establish a National Center for Campus Public Safety to foster collaboration among campus safety stakeholders by serving as a focal point for research, model policies and best practices, education, and public policy formulation to enhance the safety and security of U.S. college and university campuses. And it would also establish a $50 million grant program for institutions of higher education to use for their campus public safety offices, in a 50-50 match

This federal register notice informs the public and interested stakeholders that the Department of Homeland Security (DHS) is making available for public review and comment ``Information Technology (IT) Security Essential Body of Knowledge (EBK): A Competency and Functional Framework for IT Security Workforce Development.'' This framework is intended to assist the public, private, and academic sectors with strategic IT security workforce development initiatives including professional development, training and education. The EBK is not an additional set of DHS guidelines, and it is not intended to represent a standard, directive, or policy by DHS. Instead, it further clarifies key IT security terms and concepts for well-defined competencies, identifies notional security roles, defines four primary functional perspectives, and establishes an IT Security Role, Competency, and Functional Matrix.

This is a proposed bill to amend the Higher Education Act of 1965.

This document is a reply to a comment filed by NBC Universal requesting that the FCC require that broadband providers “use readily available means to prevent the use of their broadband networks to transfer pirated content.” EDUCAUSE signed the document along with 10 other public interest organizations to express their concern for this inappropriate and misguided use of available bandwidth management tools.

This publication focuses on developing and implementing information security metrics for an information security program. The processes and methodologies described in this guidance link information security performance to agency performance by leveraging agency-level strategic planning processes. The performance metrics developed according to this guide will enhance the ability of agencies to respond to a variety of federal government mandates and initiatives, including the Federal Information Security Management Act (FISMA) and the President's Management Agenda (PMA).

This document provides guidance on how an organization, through the use of metrics, identifies
the adequacy of in-place security controls, policies, and procedures. It provides an approach to
help management decide where to invest in additional security protection resources or identify
and evaluate nonproductive controls. It explains the metric development and implementation
process and how it can also be used to adequately justify security control investments. The
results of an effective metric program can provide useful data for directing the allocation of
information security resources and should simplify the preparation of performance-related
reports.

This Congressional Research Service report analyzes the Privacy Act, the Federal Information Security
Management Act, Office of Management and Budget Guidance, the Veterans Affairs Information Security Act, the Health Insurance Portability and Accountability Act, and the Gramm-Leach-Bliley Act. This report will be updated.

On Tuesday, July 24, 2007, the Committee held a hearing to examine recent developments regarding inadvertent file sharing over peer-to-peer (P2P) networks, the impact of such sharing on consumers, corporations and government entities, and whether such sharing creates privacy or security risks for users. The following witnesses testified:

In recent years, many entities in the private, public, and government sectors have reported the loss or theft of sensitive personal information. These breaches have raised concerns in part because they can result in identity theft--either account fraud (such as misuse of credit card numbers) or unauthorized creation of new accounts (such as opening a credit card in someone else's name). Many states have enacted laws requiring entities that experience breaches to notify affected individuals, and Congress is considering legislation that would establish a national breach notification requirement. GAO was asked to examine (1) the incidence and circumstances of breaches of sensitive personal information; (2) the extent to which such breaches have resulted in identity theft; and (3) the potential benefits, costs, and challenges associated with breach notification requirements. To address these objectives, GAO reviewed available reports on data breaches, analyzed 24 large data breaches, and gathered information from federal and state government agencies, researchers, consumer advocates, and others.

This letter states the higher education community's grave concerns about a proposed amendment to the Higher Education Act developed by the entertainment industry.  This letter describes how this amendment would establish the Secretary of Education as an agent of the entertainment industry by requiring the Secretary annually to create a list of the 25 colleges and universities with the highest levels of unauthorized peer-to-peer (P2P) file sharing based on data supplied by the industry. 

A three-judge panel of the 6th U.S. Circuit Court of Appeals has held unanimously that the Fourth Amendment applies to e-mail. When it comes to government searches, e-mail is analogous to a sealed envelope. As a result of the case, Warshak v. USA, certain laws allowing warrantless access to e-mail, such as the Stored Communications Act and various provisions of the USA PATRIOT Act, are unconstitutional, at least within the jurisdiction of the 6th Circuit Court (Ohio, Michigan, Kentucky, and Tennessee). The court pointedly recognized the evolving role of e-mail: "It goes without saying that like the telephone earlier in our history, e-mail is an ever-increasing mode of private communication, and protecting shared communications through this medium is as important to Fourth Amendment principles today as protecting telephone conversations has been in past."

The President directed top officials at the Departments of Education, Justice, and Health and Human Services to participate in a federal review of the broad questions raised by the shooting tragedy at Virginia Tech.

This report is a review of their findings and includes recommended actions the federal government can take to support state and local communities and ensure that the federal government and federal law are not obstacles to achieving these goals.