OMB Stresses Security in Info Management Update


This is the first time since 2000 the "Circular A-130: Managing Information as a Strategic Resource" has been updated.

To better keep pace with a digital world and recent changes in law and technology, the Office of Management and Budget has revised the federal government’s document for how it manages federal information resources.

The updated version of "Circular A-130: Managing Information as a Strategic Resource" consolidates various policy updates for agencies in areas like cybersecurity, information governance, privacy, records management, open data and acquisitions, according to a July 28 blog post by OMB officials.

“The updated circular promotes innovation, enables information sharing and fosters the wide-scale and rapid adoption of new technologies while protecting and enhancing security and privacy,” wrote U.S. Chief Information Officer Tony Scott, Office of Information and Regulatory Affairs Administrator Howard Shelanski,  Chief Acquisition Officer Anne Rung and OMB Senior Adviser for Privacy Marc Groman.

» Get the best federal technology news and ideas delivered right to your inbox. Sign up here.

The document also creates the general policy for IT planning and budgeting through governance, acquisition and management of federal information, personnel, equipment, funds, IT resources, and supporting infrastructure and services. The revisions also include requirements from the Federal Information Technology Acquisition Reform Act to improve how information resources are procured and managed. 

In addition, A-130 hones in on three areas “to help spur innovation throughout the government”:

Real-time Knowledge of the Environment

The circular moves away from “checklist exercises” in favor for ongoing monitoring, assessment and evaluation of federal information resources. “In order to keep pace, we must move away from periodic, compliance-driven assessment exercises and, instead, continuously assess our systems and build-in security and privacy with every update and redesign,” the officials write.

Proactive Risk Management

As the federal government produces more and more data, that information deluge needs to be stored, managed and transferred in new ways. The circular stresses the “need for strong data governance that encourages agencies to proactively identify risks, determine practical and implementable solutions to address said risks, and implement and continually test the solutions,” the officials wrote. This repeated testing of agency solutions will help to proactively identify additional risks, starting the process anew.”

Shared Responsibility

This point highlights the increased connectivity citizens enjoy in today’s digital era, and how it falls on everyone to safeguard and protect privacy and information, “from managers to employees to citizens interacting with government services,” the officials write.

This is the first time since 2000 the circular has been updated.