CyberSecurity: Federal Agencies
| DHS | DOJ | USAO | FBI | NSF | DOD | DOC | NIST | FCC |
Department of Justice
Derived From: GAO Cybercrime Public and Private Entities Face Challenges in Addressing Cyberthreats (June 2007)
"Implements and supports both the department’s Computer Crime Initiative, designed to combat electronic penetrations, data thefts, and cyber attacks on critical information systems, and the department’s aggressive battle to protect children from individuals who use computers and the Internet to sexually abuse and exploit them.
- "Computer Crimes and Intellectual Property Section (CCIPS):
- Investigates and prosecutes computer crime and intellectual property offenses.
- Works with other government agencies, the private sector, academic institutions, and foreign counterparts to prevent, investigate, and prosecute computer crimes.
- Provides training to federal, state, and local law enforcement agents; prosecutors; and other government officials on a number of cybercrime-related topics.
- Performs public outreach to improve communications and trust between the public and private sectors.
- Coordinates closely with the Department of State on international cybercrime initiatives, such as the G-8 High-Tech Crime Subgroup, and negotiation of the Council of Europe’s Convention on Cybercrime.
- Develops policy and legislation aimed at enhancing the government’s ability to combat cybercrime.
- "Child Exploitation and Obscenity Section (CEOS):
- Leads and coordinates federal law enforcement agencies in effective strategies and policies to combat online child sexual exploitation.
- Investigates and prosecutes complex and significant online child sexual exploitation cases.
- Provides training, policy, and legislative support for prosecution efforts with U.S. Attorneys and law enforcement partners.
- Works with nongovernment organizations such as the National Center for Missing and Exploited Children and with foreign partners to combat online child sexual exploitation.
- "Fraud Section:
- Investigates and prosecutes fraud offenses involving misuse of computers and the Internet (e.g., Internet fraud, identity theft).
- Provides coordination with other departmental components and federal, state, and local law enforcement agencies in investigating and prosecuting Internet fraud.
- Provides and coordinates training for federal, state, and local law enforcement agencies on Internet fraud and identity theft.
- Participates in multilateral law enforcement meetings on Internet fraud and identity theft, including heading the U.S. delegation to the United Nations Crime Commission Expert Group on Fraud and Identity Theft."
- Computer and Telecommunications Coordinator (CTC) Program"In 1995, at the recommendation of the then-Computer Crime Unit (now the Computer Crime and Intellectual Property Section (CCIPS)), the Department of Justice created the Computer and Telecommunication Coordinator (CTC) Program to protect the nation's businesses and citizens from the rising tide of computer crime. The CTC program has now grown to 137 attorneys. Each United States Attorney's Office (USAO) has designated at least one CTC and over thirty-five districts have two or more. In addition, a number of Sections in the Criminal Division and other Divisions of Justice also have designated CTCs." Contact List | CTC Responsibilities
- National Internet Crimes Against Children Task Force (ICAC) Program. The Juvenile Justice and Delinquency Prevention Act of 1974 authorized and created an ICAC within DOJ , which is described as: "The Internet Crimes Against Children (ICAC) Task Force Program helps state and local law enforcement agencies develop an effective response to cyber enticement and child pornography cases. This help encompasses forensic and investigative components, training and technical assistance, victim services, and community education. Numerous task forces have been established throughout the nation. " DOJ ICAC Website .
- PROTECT Our Children Act of 2008: Section 102 requires the formation of the National Internet Crimes Against Children Task Force (ICAC) Program. The Section 102 ICAC will consist "of state and local task forces (including at least one ICAC Task Force for each state) to address online enticement of children, child exploitation, and child obscenity and pornography." [CRS Summary] Sections 102 - 107 give details of the work of the new program.
- The Adam Walsh Child Protection and Safety Act of 2006, Sec. 705, increase by not less than 10 the number of Internet Crimes Against Children Task Forces that are part of the Internet Crimes Against Children Task Force Program
US Attorney's Office
- Derived From: GAO Cybercrime Public and Private Entities Face Challenges in Addressing Cyberthreats (June 2007)
- "Coordinate the investigation of, and prosecutes, cybercrime matters.
- "Computer Hacking and Intellectual Property (CHIP) units: 25 units assigned to select U.S. Attorneys’ Offices throughout the United States. In addition, the remaining 68 U.S. Attorneys’ Offices have at least one full-time equivalent designated to work on CHIP prosecutions. Within their region of jurisdiction, the attorneys
• prosecute high-technology offenses, including computer hacking, virus and worm proliferation, Internet fraud, and other attacks on computer systems;
• coordinate with CCIPS, FBI, and other agencies to establish good working relationships with the high-technology community and encourage victims to report crimes;
• develop and offer regional training programs to increase expertise among federal, state, and local prosecutors; and
• provide legal advice to prosecutors and law enforcement officers in their respective districts on the collection of digital evidence, cybercrimes, and intellectual property laws.
Project Safe Childhood Coordinators: Each U.S. Attorneys’ Office has one coordinator trained to prosecute child pornography cases that typically involve the collection and presentation of digital evidence and the use of the Internet."
- Computer Hacking and Intellectual Property (CHIP) Units Fact Sheet | Ashcroft's Speech | Press Release of CHIP Unit established in SDNY on Sept 5, 2001 | CHIPs Unit Established in the Eastern District of California United States Attorney Office (March 5, 2002) | CHIPs Unit Established in the Eastern District of Virginia United States Attorney Office (January 14, 2002) | CHIPs Unit Established in the Eastern District of New York (August 21, 2001) | CHIPs Unit Established in Central District of California United States Attorney Office (September 6, 2001) |
- Cyber Division.
"Investigates cyber matters and cybercrime as the federal lead agency and as its third strategic priority.
"Computer Intrusion Section: Agents in FBI headquarters and 56 field offices trained to investigate computer intrusion incidents. These agents
- investigate and prevent computer intrusions;
- deploy Cyber Action Teams—highly trained teams of FBI agents, analysts, and computer forensics and malicious code experts—to respond to fast-moving cyber threats; and
- work with the Computer Analysis Response Teams under the Operations Technology Division, Science and Technology Branch, that conduct cyber forensic analysis and evidence gathering in support of cybercrime investigations.
Cyber Crime Section: Agents in FBI headquarters and 56 field offices responsible for computer fraud and child exploitation cases. These agents
- Child Protection
- maintain the Innocent Images National Initiatives unit to conduct undercover operations and investigations of child exploitation cases
- work with public and private entities such as the National Center for Missing and Exploited Children to investigate and share information on child exploitation;
- Child Pornography
- coordinate with other federal and local law enforcement to combat cybercrime through the Internet Crime Complaint Center and the Cyber Initiative and Resource Fusion Unit.
- Intellectual Property
- fraud, spam, phishing
- Identity Theft
- Drug sales
- Cyberattacks, DOS,
Information Sharing and Analysis Section:
- Maintains a national-level responsibility for analyzing and disseminating all FBI cyber threat information.
- Establishes cyber threat collection requirements, in order to deter, detect, and disrupt cyber threats that affect national security and criminal activity.
- Manages the FBI’s InfraGard Program.
The mission of the Cyber Division is to:
coordinate, supervise and facilitate the FBI's investigation of those federal violations in which the Internet, computer systems, or networks are exploited as the principal instruments or targets of terrorist organizations, foreign government sponsored intelligence operations, or criminal activity and for which the use of such systems is essential to that activity;
form and maintain public/private alliances in conjunction with enhanced education and training to maximize counterterrorism, counter-intelligence, and law enforcement cyber response capabilities; and
until such time as a final decision is made regarding the future role and location of the National Infrastructure Protection Center (NIPC), the FBI will direct and coordinate the Center's mission to protect the Nation's critical information infrastructure and other key assets.
- Bobby Flaim, The FBI and the Internet, ARIN 16 (Cyber Division created 2002).
- FBI Field Offices
- Derived From: GAO Cybercrime Public and Private Entities Face Challenges in Addressing Cyberthreats (June 2007)
- "Investigate cyber matters and cybercrime within their region of responsibility.
- "Computer Intrusion Program: agents in each of the 56 offices assigned to investigate computer intrusion matters in every state and Puerto Rico.
Computer Crime Task Forces: 93 task forces located throughout the country that combine state-of-the-art technology and the resources of federal, state, and local counterparts to combat all types of cybercrimes.
Regional Computer Forensics Laboratories: FBI-funded laboratories that provide forensic laboratory services to a geographic area’s entire law enforcement community.
Computer Analysis Response Teams: specialists that gather evidence and perform cyberforensic examinations in support of field-led investigations and gather evidence for the headquarters forensics laboratory.
- FBI Local Field Offices
- National Cyber Forensics and Training Alliance (seeking to "find better ways to migitate, respond to, and prosecute computer crimes")
- Chicago Computer Crime Squad
- FBI Federal Intrusion Detection Network (FIDNet) (reported defunct project) See CDT
- Infragard.net " A government and private sector alliance. InfraGard was developed by FBI Cleveland in 1996 to promote protection of critical information systems. InfraGard provides formal and informal channels for the exchange of information about infrastructure threats and vulnerabilities. "
- Seattle Computer Crime Office
- N'Orleans Computer Crime Division
Federal Trade Commission
"Both the public and private sectors have noted the importance of user education and consumer awareness relating to emerging cybersecurity threats. The Federal Trade Commission (FTC) has been a leader in this area, issuing consumer alerts and releasing several reports on spam as well as guidance for businesses on how to reduce identity theft. In addition, FTC has sponsored various events, including a spam forum in the spring of 2003, a spyware workshop in April 2004, and an e-mail authentication summit in the fall of 2004. Also notable is its Identity Theft Clearinghouse, an online resource for taking complaints from consumers." [GAO 05 p 7]
"The FTC’s enforcement authority stems from Section 5 of the FTC Act, which declares unlawful all “unfair or deceptive acts or practices in or affecting commerce.” 15 U.S.C. § 45(a). In order for the FTC to assert that a commercial practice is “unfair,” the consumer injury that results from the practice must be substantial, without corresponding benefits, and one that consumers cannot reasonably avoid.[15 U.S.C. § 45(n) (stating the FTC requirements for the FTC to utilize its unfairness authority)] Similarly, the FTC will bring an action against a company for engaging in a deceptive trade practice if the company makes a representation; that representation is likely to mislead reasonable consumers; and the representation is material. FTC Policy Statement on Deception, appended to Cliffdale Associates, Inc., 103 F.T.C. 110, 174 (1984) (noting the elements the FTC must establish to find a business practice deceptive under §5 of the FTC Act).] Using its authority, the FTC has brought several enforcement actions against companies for failing to safeguard consumer data through reasonable security measures. See, e.g., Complaint at 1-3, In the Matter of BJ’s Wholesale Club, Inc., (No. C-4148), 2005 WL 2395788 (F.T.C.) (alleging that BJ’s engaged in an unfair practice by failing to take reasonable data security measures); Complaint at 2-5, In the Matter of Twitter, Inc., (No. C-4316), 2011 WL 914034 (F.T.C.), (attacking Twitter’s data security practices as deceptive).] Over the past two decades, the FTC has engaged in numerous enforcement actions that have involved security breaches and other cybersecurity issues with a particular focus around personal privacy and data security issues.20 The FTC’s role in challenging both deceptive and unfair acts or practices in the data security area is vital so that companies’ voluntary efforts to implement specific cybersecurity best practices are backed by a legal obligation to implement reasonable and appropriate security. Public companies must also comply with the Information Integrity provisions of Sarbanes-Oxley that require management to certify internal controls are in place to address a wide range of issues including data security. 15 U.S.C. § 7262" - Cybersecurity, Innovation and the Internet Economy, The Department of Commerce Internet Policy Task Force, p. 12 (June 2011)
Defense Criminal and Counterintelligence Investigative organizations
- Derived From: GAO Cybercrime Public and Private Entities Face Challenges in Addressing Cyberthreats (June 2007)
- Leading law enforcement agencies in the DOD for investigating computer crimes.
- Department of Defense Criminal Investigative Service (DCIS):
Computer Crime Coordinators (CCCs) and Agents (CCAs) investigating cybercrime and computer intrusions that directly impact DOD.
• Establishes policies and procedures for computer crime investigations and computer forensics.
• Investigates all computer intrusions and attacks involving DOD and DOD-protected computers.
• Maintains six field offices with CCCs to determine the appropriate investigative response for computer crimes and CCAs to investigate and provide computer forensics support.
• Manages a Web site to increase awareness about threats children face from the Internet and to provide a Web portal to report suspicious situations.
Air Force Office of Special Investigation (AFOSI): Special agents and support personnel in AFOSI’s Information Operations and Investigations program conduct criminal and counterintelligence investigations in response to cyber crimes and threats directed against the U.S. Air Force and numerous DOD activities.
• Provides forensic analysis of digital evidence and other highly specialized investigative support to criminal, fraud, counterintelligence, and counterespionage cybercrime investigations.
• Conducts local, national, and international computer network intrusion investigations.
• Investigates reported cybercrimes to determine if counterintelligence efforts are warranted.
Naval Criminal Investigative Service (NCIS): Special agents and computer scientists in NCIS’s Cybercrime Department investigate cyber threats against the U.S. Navy and Marine Corps.
• Conducts national and local computer network intrusion investigations.
• Provides advanced forensic media analysis tools and techniques to support cybercrime investigations.
• Collaborates with the Naval Network Warfare Command and Navy Cyber Defense Operations Command on cybercrime investigation, counter intelligence, and operational defense efforts related to Navy networks.
- "Performs computer forensic investigations for the Defense Criminal and Counterintelligence Investigative organizations.
- "Defense Computer Forensics Laboratory: An accredited laboratory for digital forensic examinations in DOD.
• Performs digital forensic examinations on digital evidence from counterintelligence, child pornography, and illegal use of government computer investigations.
• Provides services such as digital media restoration.
Defense Computer Investigations Training Program: A program producing digital forensic examiners and cybercrime investigators.
• Trains investigators from the DOD, FBI, Secret Service, and the State Department’s Diplomatic Security Services.
• Introduces trainees to state-of-the-art equipment and technologies.
Defense Cyber Crime Institute: A research and development directorate for cyber forensics.
• Researches and tests digital forensic hardware and software that includes the preview and testing of vendor products.
• Develops and tests digital forensics tools.
• Maintains a knowledge management system for digital forensics tactics.
- Joint Task Force—Global Network Operations
- "Protects and detects computer crimes affecting the DOD Global Information Grid.
- "Global Network Operations: A task force of 375 special agents and analysts from each of the Defense Criminal Investigative and Counterintelligence organizations.
• Directs the operations and defense of the DOD Global Information Grid.
• Continually monitors the grid and notifies its collocated law enforcement and counterintelligence staff of any unusual activity.
- Cyber Crime Center
- Office of the Inspector General: Defense Criminal Investigative Service: Computer Crimes Program
Department of Commerce
- Federal Register Notice : Cybersecurity, Innovation and the Internet Economy : The Department of Commerce's Internet Policy Task Force is conducting a comprehensive review of the nexus between cybersecurity challenges in the commercial sector and innovation in the Internet economy. The Department seeks comments on measures to improve cybersecurity while sustaining innovation. The Department intends to issue a report that will contribute to the Administration's domestic and international policies and activities in advancing both cybersecurity and the Internet economy. (455 KB PDF file) Posted July 26, 2010 . Comments Due 45 days from Fed Reg posting.
- Computer Security Division
- About: "The Computer Security Division (CSD), a component of NIST's Information Technology Laboratory (ITL), provides standards and technology to protect information systems against threats to the confidentiality, integrity, and availability of information and services. During Fiscal Year 2008 (FY2008), CSD successfully responded to numerous challenges and opportunities in fulfilling its mission. CSD carried out a diverse research agenda and participated in many national priority initiatives, leading to the development and implementation of high-quality, cost-effective security and privacy mechanisms that improved information security across the federal government and throughout the national and international information security community." 2008 Annual Report
- Computer Security Resource Center
- Security Management and Assistance Group
- Security Testing and Metrics Group
- Security Technology Group
- Systems and Network Security Group
- Information Security and Privacy Advisory Board
- Formerly Computer System Security and Privacy Advisory Board
- " The Information Security and Privacy Advisory Board (ISPAB) was originally created by the Computer Security Act of 1987 (P.L. 100-235) as the Computer System Security and Privacy Advisory Board. As a result of Public Law 107-347, The E-Government Act of 2002, Title III, The Federal Information Security Management Act of 2002, the Board's name was changed and its mandate was amended.
- Identify emerging managerial, technical, administrative, and physical safeguard issues relative to information security and privacy;
- Advise the National Institute of Standards and Technology (NIST), the Secretary of Commerce and the Director of the Office of Management and Budget on information security and privacy issues pertaining to Federal Government information systems, including thorough review of proposed standards and guidelines developed by NIST.
- Annually report its findings to the Secretary of Commerce, the Director of the Office of Management and Budget, the Director of the National Security Agency and the appropriate committees of the Congress.
The Board's authority does not extend to private sector systems or federal systems which process classified information. Their objectives and duties include:
The membership of the Board consists of twelve members and a Chairperson. TheDirector of NIST approves membership appointments and appoints the Chairperson. The Board meets quarterly throughout the year and all meetings are open to the public.
National Science Foundation
- Computer and Information Science & Engineering
- Computer and Network Systems Division
- CISE Pathways to Revitalized Undergraduate Computing Educatio
- Undergraduate Education Division
- Federal Cyber Service: Scholarship for Service (aka Cyber Corps)
- " Scholarship For Service (SFS) is a unique program designed to increase and strengthen the cadre of federal information assurance professionals that protect the government's critical information infrastructure. This program provides scholarships that fully fund the typical costs that students pay for books, tuition, and room and board while attending an approved institution of higher learning. Additionally, participants receive stipends of up to $8,000 for undergraduate and $12,000 for graduate students. The scholarships are funded through grants awarded by the National Science Foundation NSF . "
Department of State, Bureau of Diplomatic Security, Office of Computer Security, Cyber Threat Division
See Protecting Information
Critical Infrastructure Protection Board
Executive Order : Critical Infrastructure Protection in the Information Age, WH 10/16/01 ("I hereby establish the "President's Critical Infrastructure Protection Board" (the "Board")"). The Board has membership from the leadership of federal agencies. It is not at this time clear what the Board will be doing. Howard Schmidt, Chairman of the PCIP
One of the oldest and most active internal federal efforts is the US Dept of Energy Computer Incident Advisory Capability (CIAC) "provides on-call technical assistance and information to U.S. Department of Energy (DOE) sites faced with computer security incidents. This central incident handling capability is one component of all encompassing service provided to the DOE community. The other services CIAC provides are: awareness, training, and education; trend, threat, vulnerability data collection and analysis; and technology watch. CIAC was established in 1989 to serve the DOE Community. CIAC is one of two oldest response teams and is recognized nationally and internationally for its contributions to the Internet community. CIAC is a founding member of FIRST, the Forum of Incident Response and Security Teams, a global organization established to foster cooperation and coordination among computer security teams worldwide." Who is CIAC One of the more interesting services that CIAC provides is Hoaxbusters, an information source debunking many of the popular myths and legends on the Internet. See Hoaxbusters.
- M-001: Cisco Secure IDS Signature Obfuscation Vulnerability October 1, 2001 20:00 GMT
- M-013: Mac OS X Downloading Applications Vulnerability [Microsoft Security Bulletin MS01-053] November 1, 2001 22:00 GMT
- M-012: Oracle File Overwrite Security Vulnerability [Oracle Security Alert #20] October 29, 2001 22:00 GMT
- DOE ISRC Information Security Resource Center
Information Assurance Directorate
"NSA/CSS provides the Solutions, Products and Services, and conducts Defensive Information Operations, to achieve Information Assurance for information infrastructures critical to U.S. National Security interests." NSA/CSS Infosec Page
"In order to enable our customers to protect and defend cyber systems, the NSA develops, and supports a variety of products and services. We also conduct ongoing research to aid in the development of next generation solutions. Our IA solutions must encompass a wide range of voice, data and video applications, extending across networked, tactical and satellite systems. IA solutions include the technologies, specifications and criteria, products, product configurations, tools, standards, operational doctrine and support activities needed to implement the protect, detect and report, and respond elements of cyber defense.
"The Information Assurance Framework Forum, developed in a collaborative effort by NSA solution architects, customers with requirements, component vendors, and commercial integrators, guides our solution development. It finds the right solution for environments ranging from outerspace to the office or foxhole. Our framework provides top level guidance in addition to the specification of essential security features and assurances for the security products. It brings producers and consumers together before products are built so that products which better meet our customers' needs will be built.
"The internationally recognized Common Criteria (CC) employs standardized terms to describe the security functionality and assurance of consumers' requirements and manufacturers' products. CC-based Protection Profiles specify what consumers need at both the system and the component level to fulfill their mission. CC-based Security Targets describe how specific products meet consumers' requirements.
"These IA solutions take maximum advantage of commercial components, using NSA developed products and services to fill gaps in areas not satisfied by commercial offerings. Commercial-off-the-shelf (COTS) products include security products (e.g. a firewall) or security enabled or enhanced Information Technology (IT) products (e.g. an e-mail application or secure cellular phone). Our solutions include technologies and tools necessary for a layered defense-in-depth strategy and tools for defensive information operations such as intrusion detection, automated data reduction and modeling/simulation tools.
The NSA constantly works with its government and industry partners to facilitate emerging technology, taking the lead in problems not addressed by industry." About the ISSO
- The Air Force Computer Emercency Response Team (AFCERT)
- The Navy Computer Incident Response Team (NAVCIRT)
- The National Aeronautics and Space Administartion's NASA INCIDENT RESPONSE CENTER (NASIRC)
- DOD CERT
- The National Institute of Health Computer Security Information
|CERT Cordination Center|
One of the best known efforts is the CERT Coordination Center. CERT/CC's scope is Internet security issues. It is a part Carnegie Mellon University's Software Engineering Institute, a federally funded research and development center. It was created after the Morris Worm by the Department of Defense DARPA, which continues to be a major sponsor of the effort. CERT was charged with the task of coordinating communications among experts during emergencies and helping to prevent future situations. CERT's focus is on network vulnerabilities, advising network operators of the problems and how they can be addressed. CERT has become a model effort and its practices have been adopted by 90 similar efforts worldwide. CERT disseminates security information through its website, a hotline, a mailing group, and USENET. It is frequently the authority quoted by the media in coverage of cyber events. CERT disseminates information through multiple channels:
telephone and email
hotline: +1 412 268-7090
mailing list: email@example.com
USENET newsgroup: comp.security.announce
World Wide Web: http://www.cert.org/"
See About the CERT/CC; CERT Homepage;SEI Sponsoring and Oversight Organization; Annual Report 2000.
Other Federal Links
- DOJ Reporting Computer, Internet-Related, or Intellectual Property Crime
- National Counterintelligence Center
- National Infrastructure Simulation and Analysis Center which is a part of the Defense Threat Reduction Agency and Los Alamos
- FEMA - Federal Emergency Management Agency
- Los Alamos
- National Infrastructure Simulation and Analysis Center – NISAC
- Cyber Defenders Institute
- National Science Foundation NSF
- Cyber Corps
- The Cyber Corps Program is open to students currently completing their junior year of undergraduate school or first-year of graduate school. In addition to a stipend of approximately $1,000 per month, the Program pays for each student's tuition for two years, room and board, and travel to conferences. After one year of training, students complete a summer internship in a federal agency, learning first-hand about computer security issues and putting into practice what they've learned in class. By the end of the second year students earn an undergraduate or graduate degree in computer science in addition to multiple federal-level computer security certificates as endorsed by the Committee on National Security Systems (CNSS).
- Cyber Corps Funding Boosted, fcw 8/14/02
- CyberTrust Funding (Directorate for Computer and Information Science & Engineering)
- "CT will support a portfolio of projects that:
- contribute to the cybersecurity knowledge base and advance cybersecurity technologies;
- address trustworthiness at all levels of system design, implementation and use;
- consider the social, economic, organizational and legal factors influencing the successful adoption of new cybersecurity approaches and technologies; and,
- build national education and workforce capacity, addressing undergraduate, graduate, and faculty development and training.
Proposals funded will cover a broad range of disciplines contributing to the CT vision."
- NSF Advisory Committee for Cyberinfrastructure, NSF 2/4/03
- National Cyber Leap Year Summit: Background, NITRD.GOV,
- 114 Federal Cybersecurity Game-change R&D: Introduction, NITRD.GOV,
- Partnership for Critical Infrastructure Security
- North American Electric Reliability Council
- Reliability Standards :: Critical Infrastruction Protection (Best Practices)
- ITU : Cybersecurity " A fundamental role of ITU, following the World Summit on the Information Society (WSIS) and the 2006 ITU Plenipotentiary Conference is to build confidence and security in the use of information and communication technologies (ICTs). "
"NASCIO represents state chief information officers and information resource executives and managers from the 50 states, six U. S. territories, and the District of Columbia. State members are senior officials from any of the three branches of state government who have executive-level and statewide responsibility for information resource management. Representatives from federal, municipal, and international governments and state officials who are involved in information resource management but do not have chief responsibility for that function participate in the organization as associate members. Private-sector firms and non-profit organizations may join as corporate members." About NASCIO
Multi State ISAC