The Computer Security Act of 1987 established standards for the security of US government-owned computers and created a new level of security classification called “sensitive”. The act required uniform security policies, practices, and training for personnel operating such systems, with oversight from the National Bureau of Standards. It was eventually replaced by the Federal Information Security Management Act of 2002.
The Computer Security Act of 1987 was enacted by the United States Congress in 1987 in an early attempt to establish standards for the security of the new generation of computers owned by the national government. Another goal of the act was to give legislative recognition to the idea that there is a type of information that cannot be qualified as “secret”, but which deserves to be safeguarded on the nation’s computer systems. Giving effect to that recognition by establishing security protocols and training for working with and safeguarding it was the bulk of the Computer Security Act of 1987, as well as appointing a single federal entity, the National Bureau of Standards, to oversee and coordinate these efforts across the federal government
In the early 1980s, what were then called personal computers were recognized as powerful tools, and the world wide web was still in its formative stages, but the full potential and vulnerabilities of computers were only guessed at. The federal government was already a major user of desktop computers, both standalone and networked, but there was no central authority responsible for overseeing security and training matters; instead, responsibility for federally owned computers and the information they stored was haphazardly divided among three agencies. Setting cybersecurity policy for the federal government was the responsibility of the Office of Management and Budget, and the Department of Commerce was responsible for setting the computing and computing standards of government-purchased computers. The National Security Agency (NSA), in turn, has been charged with protecting classified information on federal computers. Coordination of efforts between these three agencies was non-existent, and turf wars were common.
In 1984, President Ronald Reagan signed a directive creating a framework within which the NSA, the Department of Defense (DoD), and the National Security Council had significant responsibilities in developing computer security standards, but their activities they appeared to mix civilian and defense issues, as well as jeopardizing civilian access to government records. Reagan’s order was overturned during hearings on the Computer Security Act of 1987, which were held due to the failure to pass a law in 1985 that would have assigned the National Bureau of Standards the task of developing and enforcing security standards for federal computers.
The Computer Security Act of 1987 addressed four specific areas. First, it established a new level of security classification: “sensitive”, which was assigned to information that should be safeguarded but did not rise to the level of “secret”. Second, it required the development of uniform security policies and practices for federal computer systems that contained sensitive material, as well as the identification of those systems. Third, the law required uniform standards of training for personnel operating such systems. The law eventually assigned the National Bureau of Standards the task of developing acceptable minimum standards for the security of all federal computers and computer systems, with assistance from the NSA. Subject to numerous hearings and revisions, the Computer Security Act of 1987 was eventually replaced by the Federal Information Security Management Act of 2002.
Protect your devices with Threat Protection by NordVPN