Cyber Legislation in the United States |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
return to Main |
|
|
|
Substantive
cybercrime laws (e.g., laws prohibiting online identity theft, hacking,
intrusion into computer systems, child pornography, intellectual property,
online gambling): |
|
|
18
U.S.C. § 1028 Fraud and related activity in connection with identification
documents, authentication features, and information |
|
|
18
U.S.C. § 1028A Aggravated identity theft |
|
|
18
U.S.C. § 1029 Fraud and related activity in connection with access
devices |
|
|
18
U.S.C. § 1030 Fraud and related activity in connection with computers
(1986 Computer Fraud & Abuse Act) |
|
|
18
U.S.C. § 1037 Fraud and related activity in connection with electronic
mail |
|
|
18
U.S.C. § 1343 Fraud by wire, radio, or television |
|
|
18
U.S.C. § 1362 [Malicious mischief related to] Communications lines,
stations, or systems |
|
|
18
U.S.C. § 1462 Importation or transportation of obscene matters |
|
|
18
U.S.C. § 1465 Transportation of obscene matters for sale or
distribution |
|
|
18
U.S.C. § 1466A Obscene visual representation of the sexual abuse of
children |
|
|
18
U.S.C. § 2251 Sexual exploitation of children |
|
|
18
U.S.C. § 2252 Certain activities relating to material involving the sexual
exploitation of minors |
|
|
18
U.S.C. § 2252A Certain activities relating to material constituting or
containing child pornography |
|
|
18
U.S.C. § 2252B Misleading domain names on the Internet [to deceive
minors] |
|
|
18
U.S.C. § 2252C Misleading words or digital images on the Internet |
|
|
18
U.S.C. § 2425 Use of interstate facilities to transmit information about a
minor |
|
|
18
U.S.C. § 2319 Criminal infringement of a copyright |
|
|
17
U.S.C. § 506 Criminal offenses [related to copyright] |
|
|
47
U.S.C. 605 Unauthorized publication or use of communications |
|
|
31
U.S.C. §§ 53615367 The Unlawful Internet Gambling Enforcement Act of
2006 |
|
|
Procedural
cybercrime laws (e.g., authority to preserve and obtain electronic data from
third parties, including internet service providers; authority to intercept
electronic communications; authority to search and seize electronic
evidence): |
|
18
U.S.C. §§ 2510-2522 Interception of wire, oral, or electronic
communication |
|
|
18
U.S.C. §§ 2701-2712 Preservation and disclosure of stored wire and
electronic communication |
|
|
18
U.S.C. §§ 3121-3127 Pen registers and trap and trace devices |
|
|
Agency Conduct |
|
|
44 U.S. Code Chapter 35, Subchapter II - Information
Security - Federal Information
Security Modernization Act of 2014 |
|
|
44 U.S. Code Chapter 35, Subchapter III - Federal
Information Security Management Act (FISMA) of 2002, Updated 2014 |
|
|
15 U.S. Code
Chapter 7 - NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY |
|
|
Other |
|
|
Cybersecurity Information Sharing Act of 2015 Cyber Info
Sharing Exchange between Private & Public Sectors |
|
|
Health
Insurance Portability and Accountability Act (HIPAA) of 1996 Privacy of
Health Information |
|
|
Gramm-Leach-Bliley Act of 1999 Privacy of Financial
Information |
|
|
Sarbanes Oxley Act of 2002 Public Company Accounting
Reform and Investor Protection Act - Audit of IT Cybersecurity |
|
|
42 U.S.C. ch. 149 §
15801 et se Energy Act of 2005 NERC
& NERC Critical Infrastructure Protection Requirements |
|
|
|
Code of Federal
Regulations (CFR) - Samples |
|
|
17
CFR §248.30 requires Security Exchange Commission (SEC) registered
individuals & firms to adopt written policies and procedures to protect
customer information against cyber-attacks and other forms of unauthorized
access |
|
|
32 CFR § 236
dictates Cyber Security requirements for DOD Defense Industrial Base (DIB)
organizations |
|
|
10 CFR § 73.54
dictates protection of digital computer and communication systems and
networks in Nuclear Facilities |
|
|
Federal
Acquisition Regulations (FAR) & Defense FAR (DFAR) |
|
|
FAR 52.204-21
Basic Safeguarding of Covered Contractor Information Systems |
|
|
13800DFARS
252.204-7012 Safeguarding Covered Defense Information & Cyber Incident
Reporting |
|
|
Power Act of
2005 -> FERC -> NERC -> NERC CIP Requirements |
|
|
|
State Laws on Cybercrime: |
|
|
https://statelaws.findlaw.com/criminal-laws/computer-crimes.html |
|
|
|
Convention on Cybercrime Treaty |
|
|
http://conventions.coe.int/Treaty/EN/Treaties/Html/185.htm |
|
|
|
UK Regulations & Framework |
|
|
https://www.legislation.gov.uk/uksi/2018/506/contents/made |
|
|
https://www.ncsc.gov.uk/collection/caf/cyber-assessment-framework |
|
|
|
Federal Data Sets on Cybercrime |
|
|
CART - Computer Analysis Response Team Database |
|
|
https://www.fbi.gov/news/stories/piecing-together-digital-evidence |
|
|
LEEP - Law Enforcement Enterprise Portal |
|
|
https://www.fbi.gov/services/cjis/leep |
|
|
N-Dex: National Data Exchange |
|
|
https://www.fbi.gov/services/cjis/ndex |
|
|
NCIC: National Crime Information Center (NCIC) |
|
|
https://www.fbi.gov/services/cjis/ncic |
|
|
NICS: National Instant Criminal Background Check System |
|
|
https://www.fbi.gov/services/cjis/nics |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|