OMB Circular A-130

Last updated

OMB Circular A-130, titled Managing Information as a Strategic Resource, is one of many Government circulars produced by the United States Federal Government to establish policy for executive branch departments and agencies.

Contents

Circular A-130 was first issued in December 1985 to meet information resource management requirements that were included in the Paperwork Reduction Act (PRA) of 1980. Specifically, the PRA assigned responsibility to the OMB Director to develop and maintain a comprehensive set of information resources management policies for use across the Federal government, and to promote the application of information technology to improve the use and dissemination of information in the operation of Federal programs. [1] The initial release of the Circular provided a policy framework for information resources management (IRM) across the Federal government.

Since the time of the Circular's first release in 1985, Congress has enacted several additional laws and OMB issued several guidance documents that related to information technology management in federal agencies. To account for these new laws and guidance, OMB has revised the Circular three times, in 1994, [2] 1996, [3] and 2000. [4] A complete rewrite of the Circular to both update and to correct for known deficiencies has been considered since at least 2005, [5] but as of October 2014, this rewrite has not yet occurred. A revised version was released on July 27, 2016. [6]

As expressed in the US Federal CIO Council's Architecture Alignment and Assessment Guide (2000), Circular A-130 can be thought of as a "one-stop shopping document for OMB policy and guidance on information technology management". [7]

Specific Guidance

A-130 includes specific guidelines that require

Federal DAA Involvement

The Federal Designated Approving Authority has specific requirements and responsibilities provided by this circular. It is required that this individual should be a management official, knowledgeable in the information and processes supported by the system. The individual should also know the management, personnel, operational, and technical controls used in the protection of this system.

The Federal DAA is also responsible for the security of this system as well as the use of the security products and techniques used therein.

Authorities

A-130 establishes official OMB policy and guidance on information technology management for federal executive agencies based on the following laws, Executive Orders, and prior OMB guidance documents:

Laws:

Executive Orders:

Other OMB circulars:

Prior OMB guidance documents: (All below have been rescinded after incorporation of guidance content into A-130): [8]

Any information that the information system uses that is classified automatically requires the system to have National security emergency preparedness guidelines that conform to Executive Order 12472.

Related Research Articles

National Communications System

The National Communications System (NCS) was an office within the United States Department of Homeland Security charged with enabling national security and emergency preparedness communications using the national telecommunications system. The NCS was disbanded by Executive Order 13618 on July 6, 2012.

Continuity of Operations (COOP) is a United States federal government initiative, required by U.S. Presidential Policy Directive 40 (PPD-40), to ensure that agencies are able to continue performance of essential functions under a broad range of circumstances. PPD-40 specifies certain requirements for continuity plan development, including the requirement that all federal executive branch departments and agencies develop an integrated, overlapping continuity capability, that supports the eight National Essential Functions (NEFs) described in the document.

Office of Management and Budget Office within the Executive Office of the President of the United States

The Office of Management and Budget (OMB) is the largest office within the Executive Office of the President of the United States (EOP). OMB's most prominent function is to produce the president's budget, but it also examines agency programs, policies, and procedures to see whether they comply with the president's policies and coordinates inter-agency policy initiatives.

Office of Information and Regulatory Affairs subagency within Office of Management and Budget, responsible for oversight of regulatory actions of other executive branch agencies

The Office of Information and Regulatory Affairs is a Division within the Office of Management and Budget (OMB), which in turn, is within the Executive Office of the President. OIRA oversees the implementation of government-wide policies in, and reviews draft regulations under, Executive Order 12866, the Paperwork Reduction Act, and the Information Quality Act.

Federal Information Security Management Act of 2002 United States Law

The Federal Information Security Management Act of 2002 is a United States federal law enacted in 2002 as Title III of the E-Government Act of 2002. The act recognized the importance of information security to the economic and national security interests of the United States. The act requires each federal agency to develop, document, and implement an agency-wide program to provide information security for the information and information systems that support the operations and assets of the agency, including those provided or managed by another agency, contractor, or other source.

A federal enterprise architecture framework (FEAF) is the U.S. reference enterprise architecture of a federal government. It provides a common approach for the integration of strategic, business and technology management as part of organization design and performance improvement.

Paperwork Reduction Act

The Paperwork Reduction Act of 1980 is a United States federal law enacted in 1980 designed to reduce the total amount of paperwork burden the federal government imposes on private businesses and citizens. The Act imposes procedural requirements on agencies that wish to collect information from the public. It also established the Office of Information and Regulatory Affairs (OIRA) within the Office of Management and Budget (OMB), and authorized this new agency to oversee federal agencies' collection of information from the public and to establish information policies. A substantial amendment, the Paperwork Reduction Act of 1995, confirmed that OIRA's authority extended over not only agency orders to provide information to the government, but also agency orders to provide information to the public.

Packet Clearing House Organization maintaining the domain name system and internet exchange points

Packet Clearing House (PCH) is an international nonprofit organization responsible for providing operational support and security to critical internet infrastructure, including Internet exchange points and the core of the domain name system.

The Information Technology Management Reform Act of 1996 is a United States federal law, designed to improve the way the federal government acquires, uses and disposes information technology (IT). It was passed as Division E of the National Defense Authorization Act for Fiscal Year 1996. Together with the Federal Acquisition Reform Act of 1996, it is known as the Clinger–Cohen Act.

The United States federal civil service is the civilian workforce of the United States federal government's departments and agencies. The federal civil service was established in 1871. U.S. state and local government entities often have comparable civil service systems that are modeled on the national system, in varying degrees.

OMB Circular A-16, revised August 19, 2002, is a Government circular that was created by the United States Office of Management and Budget (OMB) to provide guidance for federal agencies that create, maintain or use spatial data directly or indirectly through the establishment of the National Spatial Data Infrastructure (NSDI) and the Federal Geographic Data Committee (FGDC).

Managed Trusted Internet Protocol Service (MTIPS) was developed by the US General Services Administration (GSA) to allow US Federal agencies to physically and logically connect to the public Internet and other external connections in compliance with the Office of Management and Budget's (OMB) Trusted Internet Connection (TIC) Initiative.

Risk Management Framework

The Risk Management Framework (RMF) is a United States federal government guideline, standard and process for risk management to help secure information systems developed by National Institute of Standards and Technology. The Risk Management Framework (RMF), illustrated in the diagram to the right, provides a disciplined and structured process that integrates information security, privacy and risk management activities into the system development life cycle.

The Federal Statistical System of the United States is the decentralized network of federal agencies which produce data and official statistics about the people, economy, natural resources, and infrastructure of the United States.

Federal Information Technology Acquisition Reform Act

The Federal Information Technology Acquisition Reform Act made changes to the ways the U.S. federal government buys and manages computer technology. It became law as a part of the National Defense Authorization Act for Fiscal Year 2015 (Title VIII, Subtitle D, H.R. 3979.

The Federal Risk and Authorization Management Program (FedRAMP) is a US government-wide program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services. In 2011, the Office of Management and Budget (OMB) released a memorandum establishing the Federal Risk and Authorization Program (FedRAMP) “to provide a cost-effective, risk-based approach for the adoption and use of cloud services to Executive departments and agencies”. The General Services Administration (GSA) established the FedRAMP Program Management Office (PMO) in June 2012. The FedRAMP PMO mission is to promote the adoption of secure cloud services across the Federal Government by providing a standardized approach to security and risk assessment. Per the OMB memorandum, any cloud services that hold federal data must be FedRAMP Authorized. FedRAMP prescribes the security requirements and process cloud service providers must follow in order for the government to use their service.

A machine-readable document is a document whose content can be readily processed by computers. Such documents are distinguished from machine-readable data by virtue of having sufficient structure to provide the necessary context to support the business processes for which they are created.

Executive Order 12,866 in the United States requires benefit-cost analysis for any new regulation that is "economically significant," which is defined as having "an annual effect on the economy of $100 million or more or adversely affect[ing] in a material way the economy, a sector of the economy, productivity, competition, [or] jobs," or creating an inconsistency with other law, or any of several other conditions. The Order established a "regulatory philosophy" and several "principles for regulation," among them requirements to explicitly identify the problem to be addressed, determine whether existing regulations created or contributed to the problem, assess alternatives to direct regulation, and design regulations in the most cost-effective manner. § 1(a) summarizes this regulatory philosophy as follows:

Suzette Kent American government official

Suzette Kuhlow Kent is an American government official who served as Federal Chief Information Officer of the United States from January 29, 2018 until July 2020. She was the fourth person to formally hold the job of Federal CIO, which was created by the E-Government Act of 2002. The Federal CIO's office is a part of the Office of Management and Budget (OMB).

References