- Privacy Act of 1974, Public Law 93-579
- Computer Fraud & Abuse Act of 1986, as amended, Public Law 99-474
- Computer Security Act of 1987, Public Law 100-235
- Paperwork Reduction Act of 1978, as amended in 1995, U.S. Code 44 Chapter 35
- OMB Circular A-130, "Management of Federal Information Resources," Section 6, "Definitions" and Section 8, "Policy"
- OMB Circular A-130, Appendix III, "Security of Federal Automated Information Resources," Section A, "Requirements" and B, "Descriptive Information"
- The GAO's Federal Information System Controls Audit Manual, Chapter 3, "Evaluating and Testing General Controls"
- Department of Justice Order 2640.2E, Information Technology Security, Chapter 1, "Security Program Management" and Chapter 2, "Security Requirements"
- National Institute of Standards and Technology, Special Publication 800-12, "An Introduction to Computer Security: The NIST Handbook"
- National Institute of Standards and Technology, Special Publication 800-18, "Guide for Developing Security Plans for Information Technology Systems"
- National Institute of Standards and Technology, Special Publication 800-34, "Contingency Planning Guide for Information Technology Systems"
- National Institute of Standards and Technology, Special Publication 800-40
- National Institute of Standards and Technology, Federal Information Processing Standards Publication 73, Section 3.1.1
|