NIST SP 800-100, Information Security Handbook: a Guide for Managers

Total Page:16

File Type:pdf, Size:1020Kb

NIST SP 800-100, Information Security Handbook: a Guide for Managers NIST Special Publication 800-100 Information Security Handbook: A Guide for Managers Recommendations of the National Institute of Standards and Technology Pauline Bowen Joan Hash Mark Wilson I N F O R M A T I O N S E C U R I T Y Computer Security Division Information Technology Laboratory National Institute of Standards and Technology Gaithersburg, MD 20899-8930 October 2006 U.S. Department of Commerce Carlos M. Gutierrez, Secretary Technology Administration Robert Cresanti, Under Secretary of Commerce for Technology National Institute of Standards and Technology William Jeffrey, Director Reports on Information Systems Technology The Information Technology Laboratory (ITL) at the National Institute of Standards and Technology promotes the U.S. economy and public welfare by providing technical leadership for the Nation's measurement and standards infrastructure. ITL develops tests, test methods, reference data, proof-of-concept implementations, and technical analyses to advance the development and productive use of information technology. ITL's responsibilities include the development of management, administrative, technical, and physical standards and guidelines for the cost-effective security and privacy of nonnational-security-related information in federal information systems. This Special Publication 800 series reports on ITL's research, guidelines, and outreach efforts in information system security and its collaborative activities with industry, government, and academic organizations. iii Authority This document has been developed by the National Institute of Standards and Technology (NIST) in furtherance of its statutory responsibilities under the Federal Information Security Management Act (FISMA) of 2002, Public Law 107-347. NIST is responsible for developing standards and guidelines, including minimum requirements, and for providing adequate information security for all agency operations and assets, but such standards and guidelines shall not apply to national security systems. This guideline is consistent with the requirements of the Office of Management and Budget (OMB) Circular A-130, Section 8b(3), Securing Agency Information Systems, as analyzed in A-130, Appendix IV: Analysis of Key Sections. Supplemental information is provided A-130, Appendix III. This guideline has been prepared for use by federal agencies. It may also be used by nongovernmental organizations on a voluntary basis and is not subject to copyright regulations. (Attribution would be appreciated by NIST.) Nothing in this document should be taken to contradict standards and guidelines made mandatory and binding on federal agencies by the Secretary of Commerce under statutory authority. Nor should these guidelines be interpreted as altering or superseding the existing authorities of the Secretary of Commerce, Director of the OMB, or any other federal official. Certain commercial entities, equipment, or materials may be identified in this document in order to describe an experimental procedure or concept adequately. Such identification is not intended to imply recommendation or endorsement by NIST, nor is it intended to imply that the entities, materials, or equipment are necessarily the best available for the purpose. Acknowledgements NIST would like to thank the many people who assisted with the development of this handbook. NIST management officials who supported this effort include: Joan Hash, William C. Barker, Elizabeth Chew, and Matthew Scholl. The authors would like to thank Elizabeth Lennon, Alicia Clay, Elizabeth Chew, Richard Kissel, Carol Schmidt, Matthew Scholl, and Patricia Toth who assisted with reviewing this Handbook and provided comments and suggestions for improvement. Additional drafters of Handbook chapters include: Ron Ross, Tim Grance, and Marianne Swanson, NIST. Nadya Bartol, Joe Nusbaum, Laura Prause, Will Robinson, Karen Kent, and Randy Ewell, BAH, In addition, special thanks are due those contractors who helped craft the Handbook, prepare drafts, and review materials: Nadya Bartol of Booz, Allen, Hamiliton (BAH), served as Project Manager for BAH on this project. In addition, many BAH employees contributed to the Handbook, including: Anthony Brown, Linda Duncan, Gina Jamaldinian, Sedar Labarre, Ines Murphy, Steven Peck, Mike Kapetanovic, Michael Rohde, Jacob Tsizis, Aderonke Adeniji, and Marge Spanninger. The authors also gratefully acknowledge and appreciate the many contributions from individuals in the public and private sectors whose thoughtful and constructive comments improved the quality and usefulness of this publication. v Errata The following changes have been incorporated into Special Publication 800-100. 1. Chapter 10 Risk Management, Figure 10-1. Risk Management in the System Security Life Cycle diagram has been modified to remove numbers from diagram and to show the steps clearly in the risk management process in the system security life cycle. 2. Chapter 10 Risk Management, Table 10-1. Risk Level Matrix has been modified to correct the math in the diagram. vi Table of Contents Table of Contents 1. Introduction .................................................................................................... 1 1.1 Purpose and Applicability............................................................................................ 1 1.2 Relationship to Existing Guidance............................................................................... 1 1.3 Audience ..................................................................................................................... 1 2. Information Security Governance.................................................................... 2 2.1 Information Security Governance Requirements ........................................................ 2 2.2 Information Security Governance Components .......................................................... 5 2.2.1 Information Security Strategic Planning............................................. 6 2.2.2 Information Security Governance Structures ...................................... 7 2.2.3 Key Governance Roles and Responsibilities ........................................ 8 2.2.3.1 Agency Head ...................................................................... 9 2.2.3.2 Chief Information Officer...................................................... 9 2.2.3.3 Senior Agency Information Security Officer............................. 9 2.2.3.4 Chief Enterprise Architect ................................................... 10 2.2.3.5 Related Roles ................................................................... 11 2.2.4 Federal Enterprise Architecture (FEA).............................................. 12 2.2.5 Information Security Policy and Guidance ........................................ 14 2.2.6 Ongoing Monitoring ...................................................................... 14 2.3 Information Security Governance Challenges and Keys to Success ........................ 17 3. System Development Life Cycle ..................................................................... 19 3.1 Initiation Phase.......................................................................................................... 19 3.2 Development/Acquisition Phase................................................................................ 20 3.3 Implementation Phase............................................................................................... 20 3.4 Operations/Maintenance Phase................................................................................ 21 3.5 Disposal Phase ......................................................................................................... 21 3.6 Security Activities within the SDLC ........................................................................... 22 4. Awareness and Training ................................................................................ 26 4.1 Awareness and Training Policy................................................................................. 27 4.2 Components: Awareness, Training, Education, and Certification ............................. 28 4.2.1 Awareness .................................................................................. 28 4.2.2 Training...................................................................................... 29 4.2.3 Education.................................................................................... 29 4.2.4 Certification................................................................................. 29 4.3 Designing, Developing, and Implementing an Awareness and Training Program .... 30 4.3.1 Designing an Awareness and Training Program................................. 31 4.3.2 Developing an Awareness and Training Program ............................... 31 4.3.3 Implementing an Awareness and Training Program ........................... 31 4.4 Post-Implementation ................................................................................................. 32 4.4.1 Monitoring Compliance.................................................................. 32 4.4.2 Evaluation and Feedback............................................................... 33 4.5 Managing Change..................................................................................................... 33 4.6 Program Success Indicators ..................................................................................... 33 5. Capital Planning and Investment Control .....................................................
Recommended publications
  • Chief Security Officer
    Chief Security Officer Chief Security Office, Information and Knowledge Services The Chief Security Officer (CSO) is a new role and will develop and lead a cross-Departmental approach for all aspects of protective security, covering Security Governance, Personnel Security, Physical Security and Information Security (including Information and Information Communication Technology (ICT) security). The CSO is a transformational change leader, responsible for leading and building a strong security culture where people have a high degree of security awareness and good security practises become an integral part of how we do things around here. The CSO also assumes the function of Incident Controller in major and emergency situations, in line with DIA’s Incident Management Framework. Reporting to: Deputy Chief Executive, Information and Knowledge Services Location: Wellington Salary range: Corporate Band L What we do matters – our purpose Our purpose is to serve and connect people, communities and government to build a safe, prosperous and respected nation. In other words, it’s all about helping to make New Zealand better for New Zealanders. How we do things around here – our principles We make it easy, we make it work Customer centred Make things even better We’re stronger together Work as a team Value each other We take pride in what we do Make a positive difference Strive for excellence Working effectively with Māori Te Aka Taiwhenua – our Māori Strategic Framework – enables us to work effectively with Māori. We accept our privileged role and responsibility of holding and protecting the Treaty of Waitangi / Te Tiriti o Waitangi. The Department of Internal Affairs Te Tari Taiwhenua What you will do to contribute As a result we will see Strategic Leadership DIA has a security strategy and Lead the development and execution of a clear framework that is well positioned protective security strategy, framework and security and fit for purpose.
    [Show full text]
  • The Chief Information Security Officer: an Exploratory Study
    Journal of International Technology and Information Management Volume 26 Issue 2 Article 2 6-1-2017 The Chief Information Security Officer: An Exploratory Study Erastus Karanja North Carolina Central University, [email protected] Mark A. Rosso North Carolina Central University, [email protected] Follow this and additional works at: https://scholarworks.lib.csusb.edu/jitim Part of the Management Information Systems Commons Recommended Citation Karanja, Erastus and Rosso, Mark A. (2017) "The Chief Information Security Officer: An Exploratory Study," Journal of International Technology and Information Management: Vol. 26 : Iss. 2 , Article 2. Available at: https://scholarworks.lib.csusb.edu/jitim/vol26/iss2/2 This Article is brought to you for free and open access by CSUSB ScholarWorks. It has been accepted for inclusion in Journal of International Technology and Information Management by an authorized editor of CSUSB ScholarWorks. For more information, please contact [email protected]. Journal of International Technology and Information Management Volume 26, Number 2 2017 THE CHIEF INFORMATION SECURITY OFFICER: AN EXPLORATORY STUDY Erastus Karanja [email protected] Mark A. Rosso [email protected] Department of Computer Information Systems School of Business North Carolina Central University USA ABSTRACT The proliferation and embeddedness of Information Technology (IT) resources into many organizations’ business processes continues unabated. The security of these IT resources is essential to operational and strategic business continuity. However, as the large number of recent security breaches at various organizations illustrate, there is more that needs to be done in securing IT resources. Firms, through organizational structures, usually delegate the management and control of IT security activities and policies to the Chief Information Security Officer (CISO).
    [Show full text]
  • Civilian Market Analysis DHS Strategic Industry Conversation
    dlt.com WHITE PAPER REPORT Civilian Market Analysis DHS Strategic Industry Conversation Louis Dorsey Senior Director, Civilian Strategic Markets Accelerating Public Sector Growth for Technology Companies November 2018 DLT 2411 Dulles Corner Park, Suite 800, Herndon, VA 20171 Main 800.262.4358 eFax 703.709.8450 Civilian Market Analysis DHS Strategic Some of the mission-focused topics discussed by these Industry DHS leaders included: Conversation Keynote Address Nov 1, 2018 o Claire Grady, DHS, Acting Deputy Secretary Lessons Learned from an Unprecedented Disaster Season o Brock Long, FEMA, Administrator Soraya Correa, DHS Chief Procurement DHS Leadership Insights on Challenges Confronting DHS Officer o Kathleen Fox, FEMA, Assistant Administrator o Jeanette Manfra, CISA, Assistant Secretary o Robert Perez, CBP, Deputy Commissioner o Patricia Cogswell, TSA, Deputy Administrator DHS Security Operations Center Optimization—Crawl Phase o Paul Backman, DHS, CISO o Alma Cole, CBP, CISO o Kevin Graber, USSS, CISO o Vu Nguyen, Cyber Operations, Director o Rob Thorne, ICE, CISO How Management Directorate is Enabling the Mission o Chip Fulghum, DHS, Deputy Under Secretary for Management Claire Grady, DHS CXO Partnerships: Addressing the Needs of Tomorrow Acting Deputy Secretary o Chip Fulghum (Moderator) o Soraya Correa, DHS, Chief Procurement Officer o Tom Chaleki, DHS, Chief Readiness Officer o Debra Cox, Office of Program Accountability & Risk Management, Executive Director o Roland Edwards, DHS, Deputy Chief Human Capital Officer o Stacy Marcott,
    [Show full text]
  • COMPLAINT TIKTOK INC. and BYTEDANCE LTD. Against
    TIKTOK INC. et al v. TRUMP et al Doc. 1 Case 1:20-cv-02658 Document 1 Filed 09/18/20 Page 1 of 46 IN THE UNITED STATES DISTRICT COURT FOR THE DISTRICT OF COLUMBIA TIKTOK INC., 5800 Bristol Parkway Culver City, CA 90230 BYTEDANCE LTD., c/o Vistra (Cayman) Ltd. P.O. Box 31119 Grand Pavilion, Hibiscus Way Civil Case No. 20-cv-2658 George Town, KY1-1205 Cayman Islands COMPLAINT FOR INJUNCTIVE AND Plaintiffs, DECLARATORY RELIEF v. DONALD J. TRUMP, in his official capacity as President of the United States, 1600 Pennsylvania Avenue, N.W. Washington, DC 20500 WILBUR L. ROSS, JR., in his official capacity as Secretary of Commerce, 1401 Constitution Avenue, N.W. Washington, DC 20230 U.S. DEPARTMENT OF COMMERCE, 1401 Constitution Avenue, N.W. Washington, DC 20230 Defendants. Plaintiffs TikTok Inc. and ByteDance Ltd., for their Complaint against Defendants DONALD J. TRUMP, in his official capacity as President of the United States; WILBUR L. ROSS, JR., in his official capacity as Secretary of Commerce; and the U.S. DEPARTMENT OF COMMERCE; allege as follows: Dockets.Justia.com Case 1:20-cv-02658 Document 1 Filed 09/18/20 Page 2 of 46 INTRODUCTION 1. This action seeks to prevent the government from impermissibly banning TikTok, a mobile software application that 100 million Americans use to create and share short videos composed of expressive content. On September 18, 2020, the U.S. Department of Commerce identified the prohibited transactions (the “Prohibitions”) covered by President Trump’s August 6, 2020 executive order purportedly “Addressing the Threat Posed by TikTok” (the “August 6 order” and, together with the Prohibitions, the “TikTok ban”).
    [Show full text]
  • 2021 Annual Meeting Proxy Statement
    Notice of 2021 Annual Meeting •Proxy Statement American ElectricPower 1Riverside Plaza Columbus, OH 43215 Nicholas K. Akins Chairman of the Board and Chief Executive Officer March 10, 2021 Dear Shareholders: This year’s annual meeting of shareholders will be held at the New Albany Transmission Headquarters, 8500 Smiths Mill Road, New Albany, Ohio on Tuesday, April 20, 2021,at9:00 a.m. Eastern Standard Time. To support the health and safety of its employees, shareholders and communities, AEPstrongly urges shareholders to call into the meeting, rather than attend in person, by using the following toll-free number to listen to the meeting live: 877-336-4440, passcode 1581570. Shareholders are asked to call in 10 to 15 minutes before the scheduled start time. The company is sensitive to the public health and travel concerns its shareholders may have and the restrictions that federal, state and local governments have imposed on traveling and on the number of people that should attend gatherings. Attendees will be required to observe all physical distancing and face covering requirements. Your Board of Directors and Icordially invite you to attend as provided above. Registration will begin at 8:00 a.m. Only shareholders who owned shares on the record date, February 22, 2021, are entitledtovote and attend the meeting. To attend the meeting, you will need to present an admission ticket or the notice you received. If your shares are registered in your name, and you received your proxy materials by mail, your admission ticketisattached to your proxy card. If your shares are registered in your name and you received your proxy materials electronically via the Internet, you will need to print an admission ticket after you vote by clicking on the “Options” button.
    [Show full text]
  • Chief Security Officer
    80740ASFIS-ChiefSec-R3 .fh9 6/23/04 11:00 AM Page 3 C M Y CM MY CY CMY K Chief Security Officer 1625 Prince Street Alexandria, VA 22314-2818 USA 703-519-6200 Fax: 703-519-6299 www.asisonline.org Composite 80740ASFIS-ChiefSec-R6 .fh9 7/2/04 1:29 PM Page 1 C M Y CM MY CY CMY K ASIS INTERNATIONAL COMMISSION ON GUIDELINES The Commission on Guidelines was established in early 2001 by ASIS International (ASIS) in response to a concerted need for guidelines regarding security issues in the United States. As the preeminent organization for security professionals worldwide, ASIS has an important role to play in helping the private sector secure its business and critical infrastructure, whether from natural disaster, accidents, or planned actions, such as terrorist attacks, vandalism, etc. ASIS had previously chosen not to promulgate guidelines and standards, but world events have brought to the forefront the need for a professional security organization to spearhead an initiative to create security advisory provisions. By addressing specific concerns and issues inherent to the security industry, security guidelines will better serve the needs of security professionals by increasing the effectiveness and productivity of security practices and solutions, as well as enhancing the professionalism of the industry. Mission Statement To advance the practice of security through the development of risk mitigation guidelines within a voluntary, non-proprietary, and consensus-based process utilizing to the fullest extent possible the knowledge, experience,
    [Show full text]
  • Facility Security Committees
    1 Facility Security Committees An An Interagency Security Committee Standard January 1, 2012 2nd Edition Authority and Responsibility: This Interim Standard is developed under the authority of Executive Order 12977 (as amended). It provides procedures for Facility Security Committees (FSCs) to use when presented with security issues that affect an entire nonmilitary Federal facility. The document was developed after extensive interagency coordination, and Interagency Security Committee members have agreed to comply with this standard to the extent permitted by law and subject to the availability of appropriations. This Interim Standard is intended to improve the internal management of facility security and is not intended, and should not be construed, to create any right or benefit, substantive or procedural, enforceable at law by a party against the United States, its agencies, its officers, or its employees. Table of Contents 1. Purpose ...................................................................................................................................... 1 2. Background ............................................................................................................................... 1 3. Applicability and Scope ............................................................................................................ 1 4. How to Apply This Standard .................................................................................................... 2 4.1. Risk Mitigation or Acceptance .........................................................................................
    [Show full text]
  • MICHAEL D. PETERS 8242 Preservation Trail  Columbus, GA 31820  762-822-4174  [email protected]
    MICHAEL D. PETERS 8242 Preservation Trail Columbus, GA 31820 762-822-4174 [email protected] Chief Privacy Officer Chief Security Officer Chief Information Security Officer PROFILE Highly accomplished Technology Officer with proven ability to lead successful corporate information security and technology operations and facilitate corporate growth through technology-business alignment. Special expertise in cyber security, solution development, organizational excellence, program management, and process improvement. MBA and multiple certifications, including CISSP, CRISC, CISM, CMBA, SCSA, CCE, and ISSA Fellow. Adept at directing multi-national teams and administering multi- million dollar budgets. Extensive familiarity with military/defense, education, software development, manufacturing, transportation, health-care, insurance, energy, financial, and technology sectors. Excellent presentation, problem-solving, and technical skills. Entrepreneur and innovator behind the "Your Personal CISO" information security network and the popular Holistic Operational Readiness Security Evaluation HORSE Project. Cyber-Law IT Governance IT Risk Cloud Security Social Networking Security IT security Security Architecture Management Project/Program Management Threat & Incident Management Disaster Recovery / Business Continuity Strategic Planning IT Security Software Development Process Optimization Regulatory Compliance Technical Writing Cost/Budget Control Identity & Access Control Change Control Management Forensics E-Discovery
    [Show full text]
  • Marene N. Allison, Vice President and Chief Information Security Officer For
    Marene N. Allison, Vice President and Chief Information Security Officer for Johnson & Johnson, has responsibility for protecting the Information Technology (IT) systems and data worldwide through elimination and mitigation of IT risk. She co-leads the IT Risk Management Council and is a member of the Enterprise Compliance Council. Marene joined Johnson & Johnson in September of 2010. Prior to joining Johnson & Johnson, Marene was Chief Security Officer and Vice President for Medco, the largest pharmacy benefit manager in the United States. Marene was responsible for all aspects of the company's security, regulatory and compliance including, physical and logical security, executive protection as well as HIPPA, Payment Card Industry, Medicare and prescription fraud and IT controls. Prior to that, Marene was with Avaya as head of Global Security where she worked on securing the World Cup network in Korea and Japan in 2002. Before joining Avaya she was Vice President of Loss Prevention and Safety for the Great Atlantic and Pacific Tea Company. Before joining the corporate world, she served as a Special Agent in the FBI working on undercover drug operations in Newark, NJ and also working on terrorist bombings in San Diego, CA. She developed and participated in the nuclear terrorism exercise, Compass Rose ’88, the largest mock terrorism incident exercise by the federal government. Marene has a Bachelor of Science degree from The United States Military Academy at West Point, in the first class to include women. She has served in the US Army in the Military Police, at Ft Hood, TX, Ft Chaffee, AR and Ft McClellan, AL.
    [Show full text]
  • Deputy Chief Security Officer
    State of Michigan Position Code Civil Service Commission SENMGECXB36N Capitol Commons Center, P.O. Box 30002 Lansing, MI 48909 POSITION DESCRIPTION This position description serves as the official classification document of record for this position. Please complete the information as accurately as you can as the position description is used to determine the proper classification of the position. 2. Employee's Name (Last, First, M.I.) 8. Department/Agency Department of Technology, Management, & Budget 3. Employee Identification Number 9. Bureau (Institution, Board, or Commission) 4. Civil Service Position Code Description 10. Division Senior Management Executive 19 Cybersecurity and Infrastructure Protection 5. Working Title (What the agency calls the position) 11. Section Deputy Chief Security Officer 6. Name and Position Code Description of Direct Supervisor 12. Unit Chris DeRusha, Chief Security Officer 7. Name and Position Code Description of Second Level Supervisor 13. Work Location (City and Address)/Hours of Work Trish Foster, Director, Department of Technology, 7150 Harris Dr., Dimondale, MI 48821, M-F 8 am-5 pm Management and Budget 14. General Summary of Function/Purpose of Position The Deputy Chief Security Officer – Senior Management Executive 19 is responsible for supporting the formulation, establishment and implementation of cybersecurity and infrastructure protection policies and programs within the department and across state government for the State of Michigan. This position participates in and supports cybersecurity and infrastructure protection committees and programs at the local, state and national level. The position will ensure that critical processes and structures for all cybersecurity and infrastructure protection are effectively delivered and operationalized throughout the enterprise.
    [Show full text]
  • 2014 Rankings
    2014 RANKINGS Agriculture/Farming/Food Manufacturing Rank Company Name Security 500 Member Title City State 1 Archer Daniels Midland Jeffrey Larner Vice President of Global Security Decatur IL 2 General Mills, Inc. Christoph J. Welsh Director of Global Security Minneapolis MN 3 McDonald's Corporation Michael Peaster Vice President of Global Safety and Security Oak Brook IL 4 Perdue Farms Kort Dickson Director of Corporate Security Salisbury MD 5 McCormick & Company, Inc.* Bryan Fort Director of Corporate Security Sparks MD 6 Pepsico, Inc.* David Carpenter Vice President of Security Purchase NY 7 Farmer John Meats Robert L. Jones Vice President of Human Resources Vernon CA 8 Hershey's* Matthew F. Ryan Director of Corporate Security Worldwide Hershey PA 9 Kellogg Company* Scott Lindahl Chief Security Officer Battle Creek MI Senior Manager of GIS and ITOPS Security for America, Kraft Foods Global, Inc.* Ruben Chacon, CISSP, CISM Northfield IL 10 Spain 11 Land O'Lakes, Inc.* Dan Taussig Director of Global Security Arden Hills MN Executive Vice President of Corporate Development and Agrium* Leslie O’Donoghue Calgary AB 12 Strategy; Chief Risk Officer 13 Syngenta Corporation* C. David Gelly Director of Corporate Security Winston-Salem NC 14 The Scotts Company* Lenny Hall Global Security Manager; Chief Security Officer Marysville OH LISTED ALPHABETICALLY Mars, Incorporated Scott W. Sheafe Global Security Director McLean VA Monsanto Company Peter Sullivan Director of Global Security St. Louis MO Business Services/Consulting Rank Company Name Security 500 Member Title City State 1 ADP Roland Cloutier Chief Security Officer Roseland NJ 2 EY (formerly Ernst & Young) John Imhoff Director of Global Security Washington DC 3 Deloitte Ted Almay Global Chief Security Officer Raleigh NC 4 Iron Mountain Incorporated Jack Faer Chief Security Officer Boston MA 5 CACI International, Inc.
    [Show full text]
  • SBN 129937)** [email protected] 2 Alexander A
    Case 2:20-cv-07672 Document 1 Filed 08/24/20 Page 1 of 39 Page ID #:1 1 Beth S. Brinkmann (SBN 129937)** [email protected] 2 Alexander A. Berengaut* [email protected] 3 Megan C. Keenan* [email protected] 4 COVINGTON & BURLING LLP 850 Tenth Street, NW 5 Washington, DC 20001 Telephone: +1 (202) 662-6000 6 Facsimile: + 1 (202) 778-6000 7 John E. Hall (SBN 118877) [email protected] 8 Anders Linderot* [email protected] 9 COVINGTON & BURLING LLP 620 Eighth Avenue 10 New York, New York 10018-1405 Telephone: +1 (212) 841-1000 11 Facsimile: + 1 (212)Deadline 841-1010 12 Mitchell A. Kamin (SBN 202788) [email protected] 13 Benjamin G. Cain (SBN 325122)** [email protected] 14 COVINGTON & BURLING LLP 1999 Avenue of the Stars, Suite 3500 15 Los Angeles, California 90067-4643 Telephone: + 1 (424) 332-4800 16 Facsimile: + 1 (424) 332-4749 17 Attorneys for Plaintiffs 18 *Pro hac vice application forthcoming **C.D. California admission forthcoming 19 20 UNITED STATES DISTRICT COURT CENTRAL DISTRICT OF CALIFORNIA 21 WESTERN DIVISION 22 TIKTOK INC. and BYTEDANCE LTD., Case No. 2:20-cv-7672 23 Plaintiffs, COMPLAINT FOR INJUNCTIVE AND DECLARATORY RELIEF 24 v. 25 DONALD J. TRUMP, in his official capacity as President of the United States; 26 WILBUR L. ROSS, JR., in his official capacity as Secretary of Commerce; and 27 U.S. DEPARTMENT OF COMMERCE, 28 Defendants. COMPLAINT FOR INJUNCTIVE AND DECLARATORY RELIEF Case 2:20-cv-07672 Document 1 Filed 08/24/20 Page 2 of 39 Page ID #:2 1 Plaintiffs TikTok Inc.
    [Show full text]