The NRL IS Security Course Handbook

IS Security Program Compliance

The IS Security program developed here at the Naval Research Laboratory is designed to provide the end-users with good IS security practices as well as comply with current Government requirements. This practice establishes good habits within the NRL community and narrows the possibility of: disclosure of data, equipment loss, and misuse of government resources, to name a few.

Applicable Statutes

DOD 5200.28-STD (Orange Book)

NRLINST 5239.1

OPNAVINST 5239

SECNAVINST 5239

DODINST 5200.28

Relevant Laws/Acts

PL 100-235 - Privacy Act

Computer Security Act of 1987

PL 100-503

Computer Matching and Privacy Protection Act

PL 99-474

Computer Fraud & Abuse Act of 1986

OMB Circular A-130

Mgt. of Federal Information Resources

NRL's program is required to comply with a number of Public Laws, DOD, and Navy standards and instructionals. In particular, our program is designed around SECNAVINST 5239.2.

SECNAVINST 5239.2 defines ADP security as: "Measures required to protect against unauthorized (accidental or intentional) disclosure, modification, or destruction of ISs, networks, and computer resources or denial of service to process data."

Public Law 100-235 is intended: "To provide for a computer standards program within the National Bureau of Standards, to provide for Government-wide computer security, and to provide for the training in security matters of persons who are involved in the management, operation, and use of Federal computer systems, and for other purposes."

Public Law 1030 (Computer Fraud and Abuse Act) is intended to address actions by those who "knowingly and intentionally access Federal computers with the intent to defraud, cause a loss, modify, or use in an unauthorized means."

OMB Circular A130 Federal ADP guidelines. "The Paperwork Reduction Act (44 U.S.C. Chapter 35) assigns the Director of the Office of Management and Budget (OMB) responsibility for maintaining a comprehensive set of information resources management policies and for promoting the application of information technology to improve the use and dissemination of information by Federal agencies."