The current policy on the books dates back to 2000.
The two top members of a key Senate committee are calling on the White House to speed up a planned update to federal cybersecurity policy.
The current policy on the books, known as Circular A-130, dates back to 2000 and is hindering agencies’ efforts to transition to more real-time continuous automated monitoring of federal networks for cybersecurity threats -- and wasting time and money.
That’s according to Sens. Ron Johnson, R-Wis., and Tom Carper, D-Del., who wrote to Office of Management and Budget Director Shaun Donovan on April 26 about the delayed policy.
“Circular A-130 remains an obstacle to the full adoption of this modern, automated approach to cybersecurity across government,” the duo wrote in the letter.
The current policy requires agencies to audit security controls of major systems and applications at least once every three years, which generates reams of paperwork and little assurance that agencies are staying ahead of the hackers, the lawmakers said.
In fact, OMB has taken steps recently to update the policy. White House policymakers released a draft rewrite of the policy in October and asked for public comment. The draft included a wholesale overhaul of federal cyber guidance, including calling for replacing the static, once-every-three-years audits with more “event-driven” security reviews.
But the White House has already fallen behind and isn’t keeping lawmakers in the loop, Johnson and Carper said.
» Get the best federal technology news and ideas delivered right to your inbox. Sign up here.
Congress mandated the Circular A-130 rewrite in 2014 when it overhauled federal cybersecurity legislation. Lawmakers wanted the update completed by last December. OMB has not yet issued a final A-130 revamp.
“We appreciate OMB’s work to update Circular A-130, but also emphasize the importance of completing this revision in a timely manner,” Carper and Johnson wrote, prodding OMB to provide Congress with a date when final revisions to the policy would be complete.
OMB “received extensive interest during the open comment period, and is working vigorously to ensure that public feedback informs any ultimate policy,” an OMB official told Nextgov.
NEXT STORY The FBI’s Most-Wanted Cybercrooks