In plain terms. This was Congress's first attempt to set minimum security practices for federal computers that handle sensitive information. It put one agency — today's NIST — in charge of writing the security standards.
Who it applies to. Federal agencies and the federal employees who use, operate, or manage their computer systems. The standards it produced also became reference points the private sector could adopt.
What it requires.
- It named the National Bureau of Standards (now the National Institute of Standards and Technology, NIST) as the agency responsible for developing technical, management, physical, and administrative security standards for sensitive federal systems.
- The Administrator of General Services must make those standards binding where needed to improve security, privacy, or efficiency.
- Each agency must run a recurring security-awareness training program for everyone involved in operating federal computer systems.
Why it matters. It established the foundational idea — still in force — that a single standards body (NIST) defines federal computer security, which is why NIST publications drive contractor requirements today. It defined "sensitive information" as anything whose loss, misuse, or unauthorized access could harm the national interest, including Privacy Act data.
Citation. Pub. L. 100-235 (Jan. 8, 1988).
Superseded by FISMA; NIST's standards role continues under 15 U.S.C. § 278g-3.