Computer Security Act of 1987

The Computer Security Act of 1987, Public Law No. 100-235 (H.R. 145), (Jan. 8, 1988), is a United States federal law enacted in 1987. It is intended to improve the security and privacy of sensitive information in federal computer systems and to establish minimally acceptable security practices for such systems. It required the creation of computer security plans, and appropriate training of system users or owners where the systems would display, process or store sensitive information.

Provisions

 * Assigned the National Institute of Standards and Technology (NIST, At the time named National Bureau of Standards) to develop standards of minimum acceptable practices with the help of the NSA
 * Required establishment of security policies for Federal computer systems that contain sensitive information.
 * Mandatory security awareness training for federal employees that use those systems.