Information System Security It 255 Final Project Scenario Part 2 Pdf
Download File --->>> https://urlgoal.com/2t7vch
Section 508 requires access to ICT developed, procured, maintained, or used by federal agencies. Examples include computers, telecommunications equipment, multifunction office machines such as copiers that also operate as printers, software, websites, information kiosks and transaction machines, and electronic documents. The Section 508 Standards, which are part of the Federal Acquisition Regulation, ensure access for people with physical, sensory, or cognitive disabilities.
The purpose of this part is to implement section 508 of the Rehabilitation Act of 1973, as amended (29 U.S.C. 794d). Section 508 requires that when Federal agencies develop, procure, maintain, or use electronic and information technology, Federal employees with disabilities have access to and use of information and data that is comparable to the access and use by Federal employees who are not individuals with disabilities, unless an undue burden would be imposed on the agency. Section 508 also requires that individuals with disabilities, who are members of the public seeking information or services from a Federal agency, have access to and use of information and data that is comparable to that provided to the public who are not individuals with disabilities, unless an undue burden would be imposed on the agency.
In this final rule, the Access Board is updating its existing Electronic and Information Technology Accessibility Standards under section 508 of the Rehabilitation Act of 1973, ("508 Standards"), as well as our Telecommunications Act Accessibility Guidelines under Section 255 of the Communications Act of 1934 ("255 Guidelines"). Given the passage of nearly two decades since their issuance, the existing 508 Standards and 255 Guidelines are in need of a "refresh" in several important respects. This final rule is intended to, among other things, address advances in information and communication technology that have occurred since the guidelines and standards were issued in 1998 and 2000 respectively, harmonize with accessibility standards developed by standards organizations worldwide in recent years, and ensure consistency with the Board's regulations that have been promulgated since the late 1990s. The Revised 508 Standards and 255 Guidelines support the access needs of individuals with disabilities, while also taking into account the costs of providing accessible information and communication technology to Federal agencies, as well as manufacturers of telecommunications equipment and customer premises equipment.
Table 1 below summarizes the results from the Final RIA with respect to the likely monetized benefits and costs, on an annualized basis, from the Revised 508 Standards and 255 Guidelines. All monetized benefits and costs are incremental to the applicable baseline, and were estimated for a 10-year time horizon (starting in 2018 since the final rule requires Federal agencies to comply one year after its publication) and converted to annualized values using discount rates of 7 and 3 percent. Three scenarios of incremental benefits and costs are presented using alternative parameters that are assumptions-based. These scenarios include: a low net benefit scenario (using parameters which results in lower benefits and higher costs), an expected scenario (consisting of expected values for assumed parameters), and a high net benefit scenario (using parameters which results in higher benefits and lower costs).
In the final rule, the Board has made multiple changes that are similar to EN 301 549. Both the final rule and EN 301 549 address the functions of technology, rather than categories of technologies. Similarly, both offer technical requirements and functional performance criteria for accessible ICT. For example, our use of the phrase "information and communication technology" (ICT) in the final rule, as a replacement of the existing term "electronic and information technology," originates in the common usage of ICT throughout Europe and the rest of the world. Moreover, both documents are organized in similar ways, in that they both have initial scoping and definitions chapters, followed by separate chapters containing technical requirements and functional performance criteria.
After review of the comments, we have determined that we would be providing clearer information by including more terms, and we therefore added definitions for "document," "non-Web document," "non-Web software," and "Web page" to the list of defined terms in E103.4 in the final rule. The definitions provided for these terms closely track the definitions used in WCAG 2.0 and EN 301 549. For similar reasons of completeness, we also added the terms "software tools" and "variable message signs." Additionally, based on commenter concerns, we amended the definitions of "software" and "operable part" in the final rule. The definition of "software" clarifies the term by giving the examples of applications, non-Web software, and platform software. The definition of "operable part" now makes clear that the term applies to physical parts (hardware). Finally, the Board added definitions for "alteration" and "existing ICT," which are new terms used in the safe harbor provision applicable to existing 508-covered ICT (E202.2). Additional discussion of these new terms appears below in section IV.C (508 Chapter 2: Scoping Requirements in the discussion of the safe harbor provision at E202.2). In response to the requests to align the definition for "authoring tool" to EN 301 549, the Board regards the two definitions as being equivalent, but has decided to retain the definition from the proposed rule due to editorial consideration. The main difference between the approach taken in the proposed rule and that of EN 301 549 is that the EN 301 549 definition for "authoring tools" includes three notes containing advisory guidance. Our practice is to provide advisory guidance in supplemental materials.
Agencies and the public may need to refer to the existing 508 Standards to determine whether existing ICT complies with its accessibility requirements once the final rule takes effect. To that end, the existing 508 Standards have been republished as an appendix (Appendix D) to part 1194 for reference when evaluating legacy ICT under the safe harbor provision. In Appendix D, while the text and structure of each provision remains the same as in the existing 508 Standards, the numbering convention for each provision has been modified to comply with publication requirements for matter located in regulatory appendices.
We received six comments expressing concern or requesting changes to proposed E202. Two commenters (a disability advocacy organization and an ICT subject matter expert) requested deletion of proposed E202.2, which exempts national security systems as defined by 40 U.S.C 1103(a). These commenters asserted that ICT that is part of a National Security System should be required to conform to the maximum extent possible, instead of being exempted entirely from compliance. Two commenters (a disability advocacy organization and an ICT subject matter expert) also requested that the exception for ICT acquired incidental to a contract in proposed E202.3 be removed, asserting it would discourage contractors from hiring employees with disabilities. Additionally, an individual commented that proposed E202.3 needed a major change because it has not been successful in the past in getting software manufacturers to make accessible software. This individual requested that the final rule require refunds if a future version of software failed to meet accessibility requirements. The Board also received three comments (one ICT company and two industry trade associations) seeking expansion of proposed E202.4, which exempts certain functions of ICT located in maintenance or monitoring spaces, to include a "back office exemption" for maintenance functions and maintenance spaces.
E202.4 in the proposed rule (final E202.5) was a change to existing 508 Standards ยง1194.3(f) in that the exception was narrowed to apply only to those status indicators and operable parts that are available from maintenance spaces. Since it is the usual case that rack-mounted equipment is operated remotely, this change makes it clear that the Revised 508 Standards do not preclude this usual business practice.
Three commenters raised concerns with proposed E205.2, specifically in regards to the application of this provision to social media platforms. One individual questioned whether social media constituted public-facing content under proposed E205.2. Another individual questioned whether third-party content added by members of the public to agency controlled social media sites would constitute public-facing content under proposed E205.2. The third commenter, a disability advocacy organization, recommended that agencies be precluded from using any social media platforms that are not compliant with the final rule.
In the NPRM preamble, we described public-facing content and included social media pages as an example of such content. 80 FR 10880, 10893 (Feb 27, 2015). The Board refers commenters on this topic to the discussion in the NPRM, as its position on this matter has not changed. Additionally, we note that under Section 508 of the Rehabilitation Act (as amended), agencies have responsibility for all content that they develop, procure, maintain, or use. 29 U.S.C. 794d. Agencies are therefore responsible for third-party content added to and maintained on their sites, and will need to develop policies and practices to ensure the accessibility of that third-party content. This is consistent with other policies and practices agencies employ regarding personally identifiable information, security, obscenities, or other concerns presented by third-party content. If an agency invokes an exception and uses inaccessible ICT to provide information and data to the public, the statute requires that the agency provide the same information and data to individuals with disabilities by an alternative means. Id. (stating that "the Federal department or agency shall provide individuals with disabilities covered by paragraph (1) with the information and data involved by an alternative means of access that allows the individual to use the information and data"). Under current law, an agency is not prevented from using an inaccessible social media platform under a provided exception, as long as the agency provides individuals with disabilities an alternative means of accessing the same information and data. Accordingly, the Board has not made a change to this requirement. 2b1af7f3a8