OMB Circular A-130
Encyclopedia
OMB Circular A-130, titled Management of Federal Information Resources, is one of many Government circular
s produced by the United States Federal Government to establish policy for executive branch departments and agencies.
Circular A-130 was first issued in December of 1985 to meet information resource management requirements that were included in the Paperwork Reduction Act
(PRA) of 1980. Specifically, the PRA assigned responsibility to the OMB Director to develop and maintain a comprehensive set of information resources management policies for use across the Federal government, and to promote the application of information technology to improve the use and dissemination of information in the operation of Federal programs. The initial release of the Circular provided a policy framework for information resources management (IRM) across the Federal government.
Since the time of the Circular's first release in 1985, Congress has enacted several additional laws and OMB issued several guidance documents that related to information technology management in federal agencies. To account for these new laws and guidance, OMB has revised the Circular three times, in 1994, 1996, and 2000.. A complete rewrite of the Circular to both update and to correct for known deficiencies has been considered since at least 2005, but as of February 2010, this rewrite has not yet occurred.
As expressed in the US Federal CIO Council's Architecture Alignment and Assessment Guide (2000), Circular A-130 can be thought of as a "one-stop shopping document for OMB policy and guidance on information technology management".
has specific requirements and responsibilities provided by this circular. It is required that this individual should be a management official, knowledgeable in the information and processes supported by the system. The individual should also know the management, personnel, operational, and technical controls used in the protection of this system.
The Federal DAA is also responsible for the security of this system as well as the use of the security products and techniques used therein.
Laws:
Executive Orders:
Other OMB circulars:
Prior OMB guidance documents:
(All below have been rescinded after incorporation of guidance content into A-130):
Any information that the information system uses that is classified automatically requires the system to have National security emergency preparedness guidelines that conform to Executive Order 12472.
Government circular
A Government circular is a written statement of government policy. It will often provide information, guidance, rules, and/or background information on legislative or procedural matters.-References:*...
s produced by the United States Federal Government to establish policy for executive branch departments and agencies.
Circular A-130 was first issued in December of 1985 to meet information resource management requirements that were included in the Paperwork Reduction Act
Paperwork Reduction Act
The Paperwork Reduction Act of 1980, Pub. L. No. 96-511, 94 Stat. 2812 , codified in part at Subchapter I of Chapter 35 of Title 44 of the United States Code, through , is a United States federal law enacted in 1980 that gave authority over the collection of certain information to the Office of...
(PRA) of 1980. Specifically, the PRA assigned responsibility to the OMB Director to develop and maintain a comprehensive set of information resources management policies for use across the Federal government, and to promote the application of information technology to improve the use and dissemination of information in the operation of Federal programs. The initial release of the Circular provided a policy framework for information resources management (IRM) across the Federal government.
Since the time of the Circular's first release in 1985, Congress has enacted several additional laws and OMB issued several guidance documents that related to information technology management in federal agencies. To account for these new laws and guidance, OMB has revised the Circular three times, in 1994, 1996, and 2000.. A complete rewrite of the Circular to both update and to correct for known deficiencies has been considered since at least 2005, but as of February 2010, this rewrite has not yet occurred.
As expressed in the US Federal CIO Council's Architecture Alignment and Assessment Guide (2000), Circular A-130 can be thought of as a "one-stop shopping document for OMB policy and guidance on information technology management".
Specific Guidance
A-130 includes specific guidelines that require- all federal information systems to have security plans
- systems to have formal emergency response capabilities
- a single individual to have responsibility for operational security
- Federal Management and Fiscal Integrity Act reports to Congress be made in regards to the security of the system
- security awareness training be available to all government users, administrators of the system
- regular review and improvement upon contingency plans for the system to be done
Federal DAA Involvement
The Federal Designated Approving AuthorityDesignated Approving Authority
The Designated Approving Authority, in the United States Department of Defense, is the official with the authority to formally assume responsibility for operating a system at an acceptable level of risk.-Definition:...
has specific requirements and responsibilities provided by this circular. It is required that this individual should be a management official, knowledgeable in the information and processes supported by the system. The individual should also know the management, personnel, operational, and technical controls used in the protection of this system.
The Federal DAA is also responsible for the security of this system as well as the use of the security products and techniques used therein.
Authorities
A-130 establishes official OMB policy and guidance on information technology management for federal executive agencies based on the following laws, Executive Orders, and prior OMB guidance documents:Laws:
- the Paperwork Reduction ActPaperwork Reduction ActThe Paperwork Reduction Act of 1980, Pub. L. No. 96-511, 94 Stat. 2812 , codified in part at Subchapter I of Chapter 35 of Title 44 of the United States Code, through , is a United States federal law enacted in 1980 that gave authority over the collection of certain information to the Office of...
(PRA) of 1980 (amended by the Paperwork Reduction Act of 1995[44 U.S.C. Chapter 35]) - the Clinger-Cohen ActClinger-Cohen ActThe Clinger–Cohen Act , formerly the Information Technology Management Reform Act of 1996 , is a 1996 United States federal law, designed to improve the way the federal government acquires, uses and disposes information technology ....
(Pub L. 104-106, Division E) - the Privacy Act of 1974Privacy Act of 1974The Privacy Act of 1974, 5 U.S.C. § 552a, Public Law No. 93-579, establishes a Code of Fair Information Practice that governs the collection, maintenance, use, and dissemination of personally identifiable information about individuals that is maintained in systems of records by federal agencies...
, as amended [5 U.S.C. 552a] - the Chief Financial Officers Act of 1990Chief Financial Officers Act of 1990The Chief Financial Officer and Federal Financial Reform Act of 1990, or CFO Act, signed into law by President George H.W. Bush on November 15, 1990, is a United States federal law intended to improve the government's financial management, outlining standards of financial performance and disclosure...
(31 U.S.C. 3512 et seq.) - the Federal Property and Administrative Services Act of 1949Federal Property and Administrative Services Act of 1949The Federal Property and Administrative Services Act of 1949 is a United States federal law that established the General Services Administration . The act also provides for various Federal Standards to be published by the GSA...
, as amended [40 U.S.C. 487] - the Computer Security Act of 1987 (Pub. L. 100-235)
- the Budget and Accounting ActBudget and Accounting ActThe Budget and Accounting Act of 1921 was landmark legislation that established the framework for the modern federal budget. The act was approved by President Warren G. Harding to provide a national budget system and an independent audit of government accounts...
, as amended [31 U.S.C. Chapter 11] - the Government Performance and Results ActGovernment Performance and Results ActThe Government Performance and Results Act is a United States law enacted in 1993. It is one of a series of laws designed to improve government project management. The GPRA requires agencies to engage in project management tasks such as setting goals, measuring results, and reporting their...
of 1993(GPRA) - the Office of Federal Procurement Policy Act (41 U.S.C. Chapter 7)
- the Government Paperwork Elimination ActGovernment Paperwork Elimination ActThe Government Paperwork Elimination Act requires that, when practicable, Federal agencies use electronic forms, electronic filing, and electronic signatures to conduct official business with the public by 2003. In doing this, agencies will create records with business, legal and, in some cases,...
of 1998 (Pub. L. 105-277, Title XVII)
Executive Orders:
- Executive Order 12046 of March 27, 1978 ("Relating to the transfer of telecommunications functions")
- Executive Order 12472 of April 3, 1984 ("Assignment of national security and emergency preparedness telecommunications functions")
- Executive Order 13011 of July 17, 1996 ("Federal Information Technology")
Other OMB circulars:
- OMB Circular A-11 (Preparation, Submission, and Execution of the Budget)
Prior OMB guidance documents:
(All below have been rescinded after incorporation of guidance content into A-130):
- M-96-20 Implementation of the Information Technology Reform Act of 1996
- M-97-02 Funding Information Systems Technology
- M-97-09 InterAgency Support for Information Technology
- M-97-15 Local Telecommunications Services Policy
- M-97-16 Information Technology Architectures
Any information that the information system uses that is classified automatically requires the system to have National security emergency preparedness guidelines that conform to Executive Order 12472.