Recognize that the cornerstone of many computer-related federal laws as mentioned in the text is the Computer Fraud and Abuse Act of 1986 (CFA Act or CFAA).
Recall that the CFAA was amended in 1996 and rebranded as the National Information Infrastructure Protection Act of 1996. Stress that punishment for prosecuted offenses includes fines, prison sentences of up to 20 years, or both depending on the severity of the crime committed.
Discuss the USA PATRIOT Act of 2001, which modified a wide range of existing laws to provide law enforcement agencies with broader latitude of actions to combat terrorism-related activities.
Report that further modifications took place and in 2006, the act was amended with the USA PATRIOT Improvement and Reauthorization Act, which made permanent 14 of the 16 expanded powers of the Department of Homeland Security (DHS) and the FBI in investigating terrorist activity. The act also reset the date of expiration written into the law for certain wiretaps under the Foreign Intelligence Surveillance Act of 1978 (FISA) and revised many of the criminal penalties and procedures associated with criminal and terrorist activities.
Explain that the PATRIOT Sunset Extension Act of 2011 provided extension of certain provisions of the USA PATRIOT Act, specifically those related to wiretaps, searching of business records, and the surveillance of suspected terrorists.
State that in May 2015, the U.S. Senate failed to extend the USA PATRIOT Act, resulting in its expiration on June 1, 2015. However, President Obama signed the USA FREEDOM Act into law in June 2015 as a replacement. Note that this has now since expired but has been indefinitely postponed by Congress at the time of publication in 2020.
Examine the Computer Security Act of 1987. This law was one of one of the first attempts to protect federal computer systems by establishing minimum acceptable security practices.
Evaluate the passage of the Federal Information Security Management Act (FISMA), which mandates all federal agencies to establish information security programs to protect information assets. Note that this has since been updated by the Federal Information Security Modernization Act of 2014 (FISMA Reform)which enhances the federal government’s ability to respond to security attacks on agencies and departments.
State that in the future, additional laws and regulations are likely to be created, and it is the responsibility of the information security team to be aware of those should they significantly impact the organization, information managed, or other aspects that could require changes.