a130.cio.govCircular A-130 Managing Information as a Strategic Resource

Discuss | Edit | View PDF Circular A-130 Skip to Main Content Home Purpose Applicability Basic Considerations Policy Government-wide Responsibilities Effectiveness Oversight Authorities Definitions Inquiries Appendix I Appendix II Appendix III Discuss Edit this page View PDF Archive Site Welcome! This site is archival. It was used to collect feedback from the public on proposed revisions to OMB Circular A-130. The comment period closed in November 2015. The revised OMB Circular A-130 was announced on July 27, 2016. Read more here. Background The White House Office of Management and Budget (OMB) is proposing for the first time in fifteen years revisions to the Federal Government's governing document establishing policies for the management of Federal information resources: Circular No. A-130, Managing Information as a Strategic Resource . More specifically, Circular A-130 provides general policy for the planning, budgeting, governance, acquisition, and management of Federal information resources. It also includes appendices outlining agency responsibilities for managing information, supporting use of electronic transactions, and protecting Federal information resources. The proposed revisions to the Circular are the result of new statutory requirements and enhanced technological capabilities since the last update to the Circular in 2000. Modernizing this policy will enable OMB to provide timely and relevant guidance to agencies and will ensure that the Federal IT ecosystem operates more securely and more efficiently while saving tax dollars and serving the needs of the American people. The proposed Circular reflects a rapidly evolving digital economy, where more than ever, individuals, groups, and organizations rely on information technology to carry out a wide range of missions and business functions. Information technology changes rapidly and the Federal workforce managing IT must have the flexibility to address known and emerging threats while implementing continuous improvements. This update acknowledges the pace of change and the need to increase capabilities provided by 21st century technology while recognizing the need for strong governance and safeguarding of taxpayer funded assets and information. The public comment period has ended. Thank you for your comments. The proposed guidance is now open for public comment on this page. The public feedback period will be 30 days, closing on November 20, 2015. The public feedback period has been extended by 15 days. The new deadline for public feedback is December 5, 2015. Following the public feedback period, OMB will analyze all submitted feedback and revise the policy as necessary. Instructions for Public Comment You may provide feedback in three ways: Content suggestions and discussions are welcome via GitHub “issues.” Each issue is a conversation initiated by a member of the public. We encourage you to browse and join in on discussions in existing issues, or start a new conversation by opening a new issue . Direct changes and line edits to the content may be submitted through a "pull request" by clicking "Edit this page" . You do not need to install any software to suggest a change. You can use GitHub's in-browser editor to edit files and submit a pull request for your changes to be merged into the document. Directions on how to submit a pull request can be found here . Open pull requests for the proposed guidance can be found here . Send your content suggestions or proposed revisions to the OMB Office of the Federal Chief Information Officer via email to a130@omb.eop.gov . Please note that all comments received will be posted publicly on this page. Introduction Information and information technology resources are widely recognized as one of the engines that drives the U.S. economy—giving industry a competitive advantage in the global marketplace, enabling the Federal government to provide quality services to citizens, and facilitating greater productivity as a nation. The deeply embedded nature of information technology in all Federal agency missions and business processes reflects the rapid transformation to a fully "digital" world. This transformation has provided significant opportunities for agencies through modern computing architectures, cloud technologies, and agile development techniques, to acquire and rapidly deploy highly efficient and cost-effective applications, services, and solutions. Today, agencies depend heavily on information technology to successfully carry out their missions and business functions, thus the information technology environment, including the information systems, system components, and supporting business processes must be dependable and survivable. Information systems must have the necessary levels of trustworthiness and resilience to be able to process, store, manage access to, and transmit Federal information in a timely, efficient, and secure manner and to be able to operate under adverse conditions, when necessary, to provide essential services. To provide the necessary levels of trustworthiness and resilience while maximizing advanced computing technologies, Federal information systems must be built to anticipate the modern threat space—that is, the systems should employ technologies that can significantly increase the "built-in" protection capability of those systems and make them inherently less vulnerable. This requires building trustworthiness and resilience in all layers of the information technology "stack" including the networks, systems, applications, and data, as well as hardware, firmware, operating systems, middleware, and software that comprise them. Increasing trustworthiness and resilience is a significant undertaking that requires a substantial investment in architectural design and development. The ultimate objective is to acquire and deploy more trustworthy, and resilient applications, systems, and services that are fully capable of supporting the Federal government's missions and business operations commensurate with its risk tolerance. Summary of Changes In the main body of the Circular, OMB has replaced the Background section of the main body with an Introduction section (Section 1) that discusses the importance of ensuring trustworthiness and resilience of information systems. OMB also proposes additional language on the purpose of the Circular (Section 2) and amends the Authorities section (now Section 9) to more fully cover existing statutes. In the Applicability section (Section 3) of the main body, OMB has simplified the reference to national security systems by removing “Information classified for national security purposes should also be handled in accordance with the appropriate national security directives. National security emergency preparedness activities should be conducted in accordance with Executive Order No. 12472” and replacing it with “For national security systems, agencies should follow applicable statutes, Executive Orders, and directives.” Section 4, Basic Considerations and Section 5, Policy have been revised to incorporate both policy and statute changes since the Circular was last revised. Specific changes to the Policy section (Section 5) include the replacement of outdated requirements with new requirements covering planning and budgeting, governance, leadership and workforce, information technology management, privacy and information security, next generation Internet, records management, and information management and access. Section 6 of the Circular designates government-wide responsibilities for specific agencies. The section incorporates additional statutory requirements enacted since the last revision of the Circular in 2000. In the Definitions Section of the main body (Section 10), OMB has proposed several changes. OMB is proposing to delete the following definitions – “audiovisual production,” “full costs,” “Information Technology Resources Board,” “information processing services organization,” an...