1989 Computer Security and Privacy Plans (CSPP) Review Project: A First-Year Federal Response to the Computer Security Act of 1987 (Final Report)

The goal of the Computer Security Act of 1987 (Public Law 100-235) (the Act) is to prompt federal agencies to take measures to improve the security and privacy of sensitive information in federal computer systems. The Act requires federal agencies to prepare and submit for review security plans for unclassified computer systems that contain sensitive information. The Act provides that the plans be submitted to the National Institute of Standards and Technology (NIST) and the National Security Agency (NSA) for review and comment. This report describes the Computer Security and Privacy Plan (CSPP) review effort that was conducted in response to the Act by a joint team from NIST and NSA in 1989; the team examined 1,583 plans for 63 federal civilian agencies and 27,992 plans from 441 Department of Defense (DoD) organizations. The report also discusses future directions for implementing the Act.