The IT Law Wiki

Cybersecurity Bill of Rights

32,080pages on
this wiki
Add New Page
Add New Page Talk0

Overview Edit

In 1997, the National Research Council, Committee on Improving Cybersecurity Research in the United States published a Cybersecurity Bill of Rights (CBoR). The following is a list of the 10 provisions in this CBoR.

The first three provisions relate to properties of holistic systems, including availability, recoverability, and control of systems:

I. Availability of system and network resources to legitimate users.
II. Easy and convenient recovery from successful attacks.
III. Control over and knowledge of one's own computing environment.

The next three provisions relate to the traditional security properties of confidentiality, authentication (and its extension, provenance), and authorization:

IV. Confidentiality of stored information and information exchange.
V. Authentication and provenance.
VI. The technological capability to exercise fine-grained control over the flow of information in and through systems.

The next three provisions relate to crosscutting properties of systems:

VII. Security in using computing directly or indirectly in important applications, including financial, health care, and electoral transactions and real-time remote control of devices that interact with physical processes.
VIII. The ability to access any source of information (e.g., e-mail, Web page, file) safely.
IX. Awareness of what security is actually being delivered by a system or component.

The last provision relates to justice:

X. Justice for security problems caused by another party.

Source Edit

Also on Fandom

Random Wiki