Читать книгу (ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide - Mike Chapple - Страница 206

The Computer Fraud and Abuse Act (CFAA) was the first major piece of cybercrime-specific legislation in the United States. Congress had earlier enacted computer crime law as part of the Comprehensive Crime Control Act (CCCA) of 1984, but the CFAA was carefully written to exclusively cover computer crimes that crossed state boundaries to avoid infringing on states' rights and treading on thin constitutional ice. The major provisions of the original CCCA made it a crime to perform the following:

 Access classified information or financial information in a federal system without authorization or in excess of authorized privileges

 Access a computer used exclusively by the federal government without authorization

 Use a federal computer to perpetrate a fraud (unless the only object of the fraud was to gain use of the computer itself)

 Cause malicious damage to a federal computer system in excess of $1,000

 Modify medical records in a computer when doing so impairs or may impair the examination, diagnosis, treatment, or medical care of an individual

 Traffic in computer passwords if the trafficking affects interstate commerce or involves a federal computer system

When Congress passed the CFAA, it raised the threshold of damage from $1,000 to $5,000 but also dramatically altered the scope of the regulation. Instead of merely covering federal computers that processed sensitive information, the act was changed to cover all “federal interest” computers. This widened the coverage of the act to include the following:

 Any computer used exclusively by the U.S. government

 Any computer used exclusively by a financial institution

 Any computer used by the government or a financial institution when the offense impedes the ability of the government or institution to use that system

 Any combination of computers used to commit an offense when they are not all located in the same state

When preparing for the CISSP exam, be sure you're able to briefly describe the purpose of each law discussed in this chapter.