COMPUTER SYSTEM SECURITY AND PRIVACY ADVISORY BOARD Resolution 97-1 June 6, 1997 In order to enhance security and privacy of Federal information, and to strengthen the implementation of the Computer Security Act of 1987, Federal agencies should receive additional computer security guidance and assistance for selection and implementation of computer products, systems, and applications. Increased focus will enhance the economy and efficiency of computer systems security and privacy in the Federal government. Therefore, we resolve: That NIST should elevate its commitment to implementing the Computer Security Act of 1987 by increasing its assistance to the civilian Federal agencies. Greater managerial focus and resources should address current computer security and privacy issues, including greater emphasis on today's managerial and administrative aspects. High priority items NIST should address include: Act as central service within the Federal government to advise on the selection, integration, and use of products and procedures for securing non-classified systems. Provide a computer systems security assessment capability for civilian Federal agencies. Maintain a register of security and privacy incidents, problems and solutions (in accordance with Resolution 97-2). Provide suggested corrective actions to remedy computer security vulnerabilities which have been identified. Maintain a repository and act as a clearing house for information, techniques, guidelines, and consultation to aid proper use of security features available in government-used commercial off-the-shelf software. Identify exemplary activities within Federal agencies that can be used as models and proof-of-concepts for secure civilian government systems. FOR: Burns, Layton, Leo, Sanovic, Spix, Vetter, Weingarten AGAINST: None ABSTAIN: None ABSENT: Fisher* *Present for meeting but not available for this vote