Page:United States Statutes at Large Volume 116 Part 3.djvu/679

 PUBLIC LAW 107-296—NOV. 25, 2002 116 STAT. 2271 "(4) develop and periodically revise performance indicators and measures for agency information security policies and practices; "(5) evaluate private sector information security policies and practices and commercially available information technologies to assess potential application by agencies to strengthen information security; "(6) evaluate security policies and practices developed for national security systems to assess potential application by agencies to strengthen information security; "(7) periodically assess the effectiveness of standards and guidelines developed under this section and undertake revisions as appropriate; "(8) solicit and consider the recommendations of the Information Security and Privacy Advisory Board, established by section 21, regarding standards and guidelines developed under subsection (a) and submit such recommendations to the Director of the Office of Management and Budget with such standards submitted to the Director; and "(9) prepare an annual public report on activities undertaken in the previous year, and planned for the coming year, to carry out responsibilities under this section. "(e) As used in this section— "(1) the term 'agency' has the same meaning as provided in section 3502(1) of title 44, United States Code; "(2) the term 'information security' has the same meaning as provided in section 3532(1) of such title; "(3) the term 'information system' has the same meaning as provided in section 3502(8) of such title; "(4) the term 'information technology' has the same meaning as provided in section 11101 of title 40, United States Code; and "(5) the term 'national security system' has the same meaning as provided in section 3532(b)(2) of such title.". SEC. 1004. INFORMATION SECURITY AND PRIVACY ADVISORY BOARD. Section 21 of the National Institute of Standards and Technology Act (15 U.S.C. 278g-4), is amended— (1) in subsection (a), by striking "Computer System Security and Privacy Advisory Board" and inserting "Information Security and Privacy Advisory Board"; (2) in subsection (a)(1), by striking "computer or telecommunications" and inserting "information technology"; (3) in subsection (a)(2)— (A) by striking "computer or telecommunications technology" and inserting "information technology"; and (B) by striking "computer or telecommunications equipment" and inserting "information technology"; (4) in subsection (a)(3)— (A) by striking "computer systems" and inserting "information system"; and (B) by striking "computer systems security" and inserting "information security"; (5) in subsection (b)(1) by striking "computer systems security" and inserting "information security"; (6) in subsection (b) by striking paragraph (2) and inserting the following: Reports. Government organization.

�