The House has passed H.R. 3159, the "Government Network Security Act of 2003", which is intended "To require Federal agencies to develop and implement plans to protect the security and privacy of government computer systems from the risks posed by peer-to-peer file sharing".
They wisely chose NOT to legislate the technology that should be used .
. .
(a) PLANS REQUIRED- As part of the Federal agency responsibilities set forth in sections 3544 and 3545 of title 44, United States Code, the head of each agency shall develop and implement a plan to protect the security and privacy of computers and networks of the Federal Government from the risks posed by peer-to-peer file sharing.
(b) CONTENTS OF PLANS- Such plans shall set forth appropriate methods, including both technological (such as the use of software and hardware) and nontechnological methods (such as employee policies and user training), to achieve the goal of protecting the security and privacy of computers and networks of the Federal Government from the risks posed by peer-to-peer file sharing.
(c) IMPLEMENTATION OF PLANS- The head of each agency shall--
(1) develop and implement the plan required under this section as expeditiously as possible, but in no event later than six months after the date of the enactment of this Act; and
(2) review and revise the plan periodically as necessary.
(d) REVIEW OF PLANS- Not later than 18 months after the date of the enactment of this Act, the Comptroller General shall--
(1) review the adequacy of the agency plans required by this section; and
(2) submit to the Committee on Government Reform of the House of Representatives and the Committee on Governmental Affairs of the Senate a report on the results of the review, together with any recommendations the Comptroller General considers appropriate.
They wisely chose NOT to legislate the technology that should be used .
. .
(a) PLANS REQUIRED- As part of the Federal agency responsibilities set forth in sections 3544 and 3545 of title 44, United States Code, the head of each agency shall develop and implement a plan to protect the security and privacy of computers and networks of the Federal Government from the risks posed by peer-to-peer file sharing.
(b) CONTENTS OF PLANS- Such plans shall set forth appropriate methods, including both technological (such as the use of software and hardware) and nontechnological methods (such as employee policies and user training), to achieve the goal of protecting the security and privacy of computers and networks of the Federal Government from the risks posed by peer-to-peer file sharing.
(c) IMPLEMENTATION OF PLANS- The head of each agency shall--
(1) develop and implement the plan required under this section as expeditiously as possible, but in no event later than six months after the date of the enactment of this Act; and
(2) review and revise the plan periodically as necessary.
(d) REVIEW OF PLANS- Not later than 18 months after the date of the enactment of this Act, the Comptroller General shall--
(1) review the adequacy of the agency plans required by this section; and
(2) submit to the Committee on Government Reform of the House of Representatives and the Committee on Governmental Affairs of the Senate a report on the results of the review, together with any recommendations the Comptroller General considers appropriate.