OMB issues A-130 update

The Office of Management and Budget has released the long-awaited update to Circular A-130, the overarching framework for federal information policy.

The circular, which covers a wide variety of topics, has not been updated since 2000.

According to a White House statement, "Today's update to Circular A-130 gathers in one resource a wide range of policy updates for federal agencies regarding cybersecurity, information governance, privacy, records management, open data, and acquisitions. It also establishes general policy for IT planning and budgeting through governance, acquisition and management of federal information, personnel, equipment, funds, IT resources and supporting infrastructure and services."

Officials said the document addresses concerns about how often systems are assessed and updated by focusing on real-time knowledge of the environment, proactive risk management and shared responsibility.

One of the obstacles to cybersecurity, for example, is the amount of time some federal systems take to be updated and/or replaced.

A-130 would "make clear the shift away from check-list exercises and toward the ongoing monitoring, assessment and evaluation of federal information resources," the White House announcement states.

To deal with growing concerns about the use of social media and personal email accounts on government systems, the updated circular will "ensure everyone remains responsible and accountable for assuring privacy and security of information -- from managers to employees to citizens interacting with government services."

Agencies will be required to monitor user activity to more aggressively protect against insider threats, encrypt information at rest and in transit, and provide identity assurance to enable the secure use of government services.

The updated circular goes into effect on July 28.