Today the Office of Management and Budget (OMB) is releasing an update to the Federal Government’s governing document for the management of Federal information resources: Circular A-130, Managing Information as a Strategic Resource.
The way we manage information technology(IT), security, data governance, and privacy has rapidly evolved since A-130 was last updated in 2000. In today’s digital world, we are creating and collecting large volumes of data to carry out the Federal Government’s various missions to serve the American people. This data is duplicated, stored, processed, analyzed, and transferred with ease. As government continues to digitize, we must ensure we manage data to not only keep it secure, but also allow us to harness this information to provide the best possible service to our citizens.
Today’s update to Circular A-130 gathers in one resource a wide range of policy updates for Federal agencies regarding cybersecurity, information governance, privacy, records management, open data, and acquisitions. It also establishes general policy for IT planning and budgeting through governance, acquisition, and management of Federal information, personnel, equipment, funds, IT resources, and supporting infrastructure and services. In particular, A-130 focuses on three key elements to help spur innovation throughout the government:
This update to Circular A-130 underpins many of the policies and technological advances the Federal Government has undergone thus far. And it reflects the extensive thoughts and feedback of the public and stakeholders across government and industry. Going forward, A-130 will continue to be the foundation for government’s ability to innovate, service its citizens, and further secure our nation’s valuable data and information.
Find out more about the revised and updated A-130 Circular via the fact sheet below.
Tony Scott is the U.S. Chief Information Officer.
Howard Shelanski is the Administrator of the Office of Information and Regulatory Affairs.
Anne Rung is the U.S. Chief Acquisition Officer.
Marc Groman is the Senior Advisor for Privacy at the Office of Management and Budget.
FACT SHEET: A-130: Managing Information as a Strategic Resource
OMB Circular A-130 provides guidance to Federal agencies on general policy for the planning, budgeting, governance, acquisition, and management of Federal information, personnel, equipment, funds, information technology (IT) resources and supporting infrastructure and services. OMB has revised Circular A-130 to reflect changes in law and advances in technology, as well as to ensure consistency with Executive Orders, Presidential Directives, and other OMB policy.
The revised Circular consolidates in one guidance document a wide range of policy updates in information governance, acquisitions, records management, open data, workforce, security, and privacy. In particular, the revisions highlight requirements from the Federal Information Technology Acquisition Reform Act to improve the acquisition and management of information resources. Also discussed are electronic signature requirements in accordance with the Government Paperwork Elimination Act and Electronic Signatures in Global and National Commerce Act.
The revised Circular also emphasizes and clarifies the role of both privacy and security in the Federal information lifecycle. Importantly, the revised Circular represents a shift from viewing security and privacy requirements as compliance exercises to understanding security and privacy as crucial components of a comprehensive, strategic, and continuous risk-based program.
The updated Circular promotes innovation, enables information sharing, and fosters the wide-scale and rapid adoption of new technologies while protecting and enhancing security and privacy. The Circular can be previewed HERE and is effective July 28, 2016.
Appendix I: Responsibilities for Protecting and Managing Federal Information Resources
This Appendix establishes minimum requirements for Federal information security programs and assigns responsibilities for the security of information and information systems. It also establishes minimum requirements for Federal privacy programs, assigns responsibilities for privacy program management, and describes how agencies should take a coordinated approach to implementing information security and privacy controls.
Among other things, these revisions require agencies to:
The revised Appendix I also requires the National Institute of Standards and Technology (NIST) to develop guidance leveraging its Cybersecurity Framework and Risk Management Framework to improve agency information security.
Appendix II: Responsibilities for Managing Personally Identifiable Information (PII)
Appendix II outlines some of general responsibilities for Federal agencies managing personally identifiable information (PII) – including PII collected for statistical purposes under a pledge of confidentiality. While Appendix I focuses on both security and privacy, Appendix II is devoted to summarizing the responsibilities for Federal agencies managing information resources involving PII.
Among other things, Appendix II summarizes requirements for Federal agencies in the following areas:
The prior version of Appendix II (which was historically issued as Appendix I) described agency responsibilities for reporting and publication under the Privacy Act of 1974. This OMB guidance is being revised and will be issued as OMB Circular A-108, Federal Agency Responsibilities for Review, Reporting, and Publication under the Privacy Act, to be released this year