Skip to Main Content

Cybersecurity: Government Reports

The law library curates this guide to cybersecurity resources in order to support graduate research in cybersecurity and the work of practicing lawyers.
On This Page
  • Links to search US government reports on cybersecurity, individually from the CRS, DHS, DOJ, FTC, GAO or SEC.

To search multiple types of US government reports at once, including policy and strategy documents, legislation, statistics and more:

Please Ask a Librarian. We are here to make your search process easier!

Congressional Research Service (CRS) Reports

"The Congressional Research Service (CRS) ... approaches complex topics from a variety of perspectives and examines all sides of an issue. Staff members analyze current policies and present the impact of proposed policy alternatives." 
http://www.loc.gov/crsinfo/about/

Search for CRS Reports on cybersecurity:

Examples of CRS Reports on cybersecurity:

Congressional Research Service "In Focus" Data Protection and Privacy Law: An Introduction, Updated October 12, 2022

Congressional Research Service "Insight" Digital Assets and Illicit Finance: E.O. 14067 and Recent Anti-Money Laundering Developments, October 26, 2022

Federal Trade Commission (FTC)

The Federal Trade Commission (FTC) has roles in enforcement, policy, and guidance as to data privacy and security. The FTC's website contains materials designed to educate consumers and small businesses about cybersecurity basics. The FTC's website also contains cases, press releases, public statements, reports, advocacy filings, and testimony.

Browse FTC materials:

 

Department of Homeland Security (DHS)

The Department of Homeland Security (DHS) oversees these agencies' and offices' work on cybersecurity:

Cybersecurity and Infrastructure Security Agency (CISA)
Cyber Safety Review Board (CSRB)
Transportation Security Agency (TSA)
United States Coast Guard (USCG)
United States Secret Service (USSS)
Immigration and Customs Enforcement - Homeland Security Investigations (ICE HSI)
Office of the Chief Information Officer (OCIO)
Office of Policy

Search for cybersecurity updates from DHS agencies:

Government Accountability Office (GAO) Reports

"GAO provides Congress, the heads of executive agencies, and the public with timely, fact-based, non-partisan information that can be used to improve government and save taxpayers billions of dollars."
https://www.gao.gov/about/what-gao-does/

Browse GAO by topic:

Search for GAO Reports on cybersecurity:

 

Department of Justice (DOJ)

The Department of Justice's (DOJ's) Criminal Division contains a Computer Crime and Intellectual Property Section (CCIPS). Within CCIPS, there is a Cybersecurity Unit, which serves "as a central hub for expert advice and legal guidance regarding how the criminal electronic surveillance and computer fraud and abuse statutes impact cybersecurity."

Browse DOJ Cybersecurity Unit white papers and other documents:

Securities and Exchange Commission (SEC) Reporting

"Companies should consider the materiality of cybersecurity risks and incidents when preparing the disclosure that is required in registration statements under the Securities Act of 1933 (“Securities Act”) and the Securities Exchange Act of 1934 (“Exchange Act”), and periodic and current reports under the Exchange Act.

"When a company is required to file a disclosure document with the Commission, the requisite form generally refers to the disclosure requirements of Regulation S-K16 and Regulation S-X. 

"Although these disclosure requirements do not specifically refer to cybersecurity risks and incidents, a number of the requirements impose an obligation to disclose such risks and incidents depending on a company’s particular circumstances." - https://www.sec.gov/rules/interp/2018/33-10459.pdf

Search for company reports with the SEC: