OMB Circular A-130

From Wikipedia, the free encyclopedia

OMB Circular A-130, or Management of Federal Information Resources, is one of many circulars produced by the United States Federal Government to establish policy for executive branch departments and agencies. OMB Circular A-130 makes it mandatory for agencies and departments to implement the requirements of the Computer Security Act of 1987 and the Federal Information Security Management Act of 2002(FISMA). This circular is supposed to be reviewed every three years from the original date of issuance, November 28, 2000.

Contents 1 Specific Guidance 2 Federal DAA Involvement 3 Authorities 4 External Links

[edit] Specific Guidance

A-130 includes specific guidelines that require

• all federal information systems to have security plans
• systems to have formal emergency response capabilities
• a single individual to have responsibility for operational security
• Federal Management and Fiscal Integrity Act reports to Congess be made in regards to the security of the system
• security awareness training be available to all government users, administrators of the system
• regular review and improvement upon contingency plans for the system to be done

[edit] Federal DAA Involvement

The Federal Designated Approving Authority has specific requirements and responsibilities provided by this circular. It is required that this individual should be a management official, knowledgable in the information and processes supported by the system. The individual should also know the management, personell, operational, and technical controls used in the protection of this system.

The Federal DAA is also responsible for the security of this system as well as the use of the security products and techniques used therein.

[edit] Authorities

A-130 establishes guidelines that are persuant to

• the Paperwork Reduction Act (PRA) of 1980 (amended by the Paperwork Reduction Act of 1995[44 U.S.C. Chapter 35])
• the Clinger-Cohen Act (Pub L. 104-106, Division E)
• the Privacy Act of 1974, as amended [5 U.S.C. 552a]
• the Chief Financial Officers Act of 1990 (31 U.S.C. 3512 et seq.)
• the Federal Property and Administrative Services Act of 1949, as amended [40 U.S.C. 487]
• the Computer Security Act of 1987 (Pub. L. 100-235)
• the Budget and Accounting Act, as amended [31 U.S.C. Chapter 11]
• the Government Performance and Results Act of 1993(GPRA)
• the Office of Federal Procurement Policy Act (41 U.S.C. Chapter 7)
• the Government Paperwork Elimination Act of 1998 (Pub. L. 105-277, Title XVII)
• Executive Order 12046 of March 27, 1978
• Executive Order 12472 of April 3, 1984
• Executive Order 13011 of July 17, 1996

Any information that the information system uses that is classified automatically requires the system to have National security emergency preparedness guidelines that conform to Executive Order 12472.

[edit] External Links

• List of OMB Circulars at the Office of Management and Budget
• HTML Version of Circular A-130
• PDF Version of Circular A-130