The IT Law Wiki
Register
Advertisement

Overview[]

The Information Security and Privacy Advisory Board (ISPAB) is a federal advisory committee that is, in part, responsible for identifying emerging issues related to information security and privacy. It brings together senior professionals from industry, government, and academia to help advise the National Institute of Standards and Technology, the U.S. Office of Management and Budget (OMB), the Secretary of Commerce, and appropriate committees of the U.S. Congress about information security and privacy issues pertaining to unclassified federal government information systems.

The Board plays a central and unique role in providing the government with expert advice concerning information security and privacy issues that may affect federal information systems. No other similar group of experts meets regularly to review information security issues involved in unclassified Federal Government computer systems and networks. Also, Title III of the E-Government Act of 2002 reaffirmed the need for this Board by giving it additional responsibilities: to thoroughly review all of the proposed information technology standards and guidelines developed under Section 20 of the National Institute of Standards and Technology Act (15 U.S.C. 278g-3), as amended.

History[]

ISPAB was originally created by the Computer Security Act of 1987[1] as the "Computer System Security and Privacy Advisory Board" ("CSSPAB") to advise the Secretary of Commerce and the Director of the National Institute of Standards and Technology on security and privacy issues.

The CSSPAB was chartered in May 1988 in accordance with the Federal Advisory Committee Act, as amended, 5 U.S.C., App. In December 2002, the E-Government Act of 2002, Title III, The Federal Information Security Management Act of 2002 (FISMA), Section 21 of the National Institute of Standards and Technology Act (15 U.S.C. 278g-4) amended the statutory authority of the Board and renamed it the Information Security and Privacy Advisory Board.

Scope and Objectives[]

The scope and objectives of the Board are to —

The Board's authority does not extend to private-sector systems or to federal systems that process classified information.

Structure[]

The membership of the Board consists of 11 individuals and a Chairperson. The Director of NIST approves membership appointments and appoints the Chairperson. Each Board member serves for a four-year term. The Board’s membership draws from experience at all levels of information security and privacy work. The members’ careers cover government, industry, and academia.

Members have worked in the Executive and Legislative branches of the federal government, civil service, senior executive service, the military, some of the largest corporations worldwide, small and medium-size businesses, and some of the top universities in the nation. The members’ experience, likewise, covers a broad spectrum of activities including many different engineering disciplines, computer programming, systems analysis, mathematics, management positions, information technology auditing, legal experience, an extensive history of professional publications, and professional journalism.

Members have worked (and in many cases, continue to work in their full-time jobs) on the development and evolution of some of the most important pieces of information security and privacy legislation in the federal government, including the Privacy Act of 1974, the Computer Security Act of 1987, the E-Government Act (including FISMA), and numerous e-government services and initiatives.

The Board meets quarterly and all meetings are open to the public. NIST provides the Board with a Secretariat. The Board receives briefings from federal and private sector representatives on a wide range of privacy and security topics.

References[]

  1. Pub. L. No. 100-35.

Source[]

NIST, Computer Security Division 2010 Annual Report 9-10 (full-text).

Advertisement