Cyber Legislation in the United States
return to Main
Substantive cybercrime laws (e.g., laws prohibiting online identity theft, hacking, intrusion into computer systems, child pornography, intellectual property, online gambling): 
18 U.S.C. § 1028 – Fraud and related activity in connection with identification documents, authentication features, and information 
18 U.S.C. § 1028A – Aggravated identity theft 
18 U.S.C. § 1029 – Fraud and related activity in connection with access devices 
18 U.S.C. § 1030 – Fraud and related activity in connection with computers – (1986 Computer Fraud & Abuse Act) 
18 U.S.C. § 1037 – Fraud and related activity in connection with electronic mail 
18 U.S.C. § 1343 – Fraud by wire, radio, or television
18 U.S.C. § 1362 – [Malicious mischief related to] Communications lines, stations, or systems 
18 U.S.C. § 1462 – Importation or transportation of obscene matters 
18 U.S.C. § 1465 – Transportation of obscene matters for sale or distribution 
18 U.S.C. § 1466A – Obscene visual representation of the sexual abuse of children 
18 U.S.C. § 2251 – Sexual exploitation of children 
18 U.S.C. § 2252 – Certain activities relating to material involving the sexual exploitation of minors 
18 U.S.C. § 2252A – Certain activities relating to material constituting or containing child pornography 
18 U.S.C. § 2252B – Misleading domain names on the Internet [to deceive minors] 
18 U.S.C. § 2252C – Misleading words or digital images on the Internet 
18 U.S.C. § 2425 – Use of interstate facilities to transmit information about a minor 
18 U.S.C. § 2319 – Criminal infringement of a copyright
17 U.S.C. § 506 – Criminal offenses [related to copyright] 
47 U.S.C. 605 – Unauthorized publication or use of communications 
31 U.S.C. §§ 5361–5367 The Unlawful Internet Gambling Enforcement Act of 2006 
Procedural cybercrime laws (e.g., authority to preserve and obtain electronic data from third parties, including internet service providers; authority to intercept electronic communications; authority to search and seize electronic evidence): 
18 U.S.C. §§ 2510-2522 – Interception of wire, oral, or electronic communication 
18 U.S.C. §§ 2701-2712 – Preservation and disclosure of stored wire and electronic communication 
18 U.S.C. §§ 3121-3127 – Pen registers and trap and trace devices
Agency Conduct
44 U.S. Code Chapter 35, Subchapter II - Information Security -  Federal Information Security Modernization Act of 2014
44 U.S. Code Chapter 35, Subchapter III - Federal Information Security Management Act (FISMA) of 2002, Updated 2014
15 U.S. Code Chapter 7 - NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY
•Other
Cybersecurity Information Sharing Act of 2015 – Cyber Info Sharing Exchange between Private & Public Sectors
Health Insurance Portability and Accountability Act (HIPAA) of 1996 – Privacy of Health Information
Gramm-Leach-Bliley Act of 1999 – Privacy of Financial Information
Sarbanes Oxley Act of 2002 – Public Company Accounting Reform and Investor Protection Act - Audit of IT Cybersecurity
–42 U.S.C. ch. 149 § 15801 et se Energy  Act of 2005 – NERC & NERC Critical Infrastructure Protection Requirements
•Code of Federal Regulations (CFR) - Samples
–17 CFR §248.30 requires Security Exchange Commission (SEC) registered individuals & firms to adopt written policies and procedures to protect customer information against cyber-attacks and other forms of unauthorized access
–32 CFR § 236 – dictates Cyber Security requirements for DOD Defense Industrial Base (DIB) organizations
–10 CFR § 73.54 dictates protection of digital computer and communication systems and networks in Nuclear Facilities
•Federal Acquisition Regulations (FAR) & Defense FAR (DFAR)
–FAR 52.204-21 Basic Safeguarding of Covered Contractor Information Systems
–13800DFARS 252.204-7012 Safeguarding Covered Defense Information & Cyber Incident Reporting
•Power Act of 2005 -> FERC -> NERC -> NERC CIP Requirements
State Laws on Cybercrime:
https://statelaws.findlaw.com/criminal-laws/computer-crimes.html
Convention on Cybercrime Treaty
http://conventions.coe.int/Treaty/EN/Treaties/Html/185.htm
UK Regulations & Framework
https://www.legislation.gov.uk/uksi/2018/506/contents/made
https://www.ncsc.gov.uk/collection/caf/cyber-assessment-framework
Federal Data Sets on Cybercrime
•CART - Computer Analysis Response Team Database
https://www.fbi.gov/news/stories/piecing-together-digital-evidence 
•LEEP - Law Enforcement Enterprise Portal
https://www.fbi.gov/services/cjis/leep
•N-Dex: National Data Exchange
https://www.fbi.gov/services/cjis/ndex 
•NCIC: National Crime Information Center (NCIC)
https://www.fbi.gov/services/cjis/ncic
•NICS: National Instant Criminal Background Check System
https://www.fbi.gov/services/cjis/nics