Updated OMB Circular A-130 Recognizes Evolution of Technology in Government

Posted by Matt Schrader, Senior Manager, Government Relations & Public Policy

The Office of Management and Budget (OMB) recently released a long-awaited update to its federal information management policy framework known as Circular A-130, Managing Information as a Strategic Resource. While Circular A-130 may sound like a robot from Star Wars, the reality is that it has a significant impact on the way the federal government manages, protects and shares information. The revised policy is a one-stop-shopping document for a number of policy updates in federal information security, acquisition, records management, governance and privacy.

The update marks the first time since 2000 that OMB has revised its guiding IT and information management policy document for federal agencies. Many positive technology changes have taken place in the last decade and a half, including wide adoption of the internet, nearly ubiquitous use of mobile devices, advances in big data analytics, cloud computing, FISMA and FedRAMP. The last decade has also brought some not-so-positive changes like the increasing number of cyber-attacks targeting federal agencies sensitive data, documents and personally identifiable information (PII). As agencies undergo digital transformations to bring their systems into the next part of the 21st Century, this information management policy update is critical in terms of recognizing the evolution of technology since the last policy revision.

OMB should be commended for taking critical steps in two particular areas: 1) Demanding adoption of data-level protection and persistent encryption of federal information and 2) Encouraging the use of electronic signatures for all digital transactions.

OMB establishes a number of minimum safeguarding of federal information requirements inside Appendix I: “Responsibilities for Protecting and Managing Federal Information Resources” of the Circular that require agencies to:

• Implement data-level protection and access controls to ensure the security of and access to Federal Information;
• Continuously monitor, log, and audit the execution of information systems functions by privileged users to detects misuse and reduce risk from insider threats;
• Encrypt all FIPS 199 moderate-impact and high impact information at rest and in transit;
• Implement processes to support use of digital signatures for employees and contractors; and
• Implement a policy of separation of duties…..to reduce risk of malicious activity without collusion.

OMB is taking the right policy direction to update and patch all software, identify high value assets and encrypt information in a fashion that ensures this data is “persistently protected” and promotes a layered information security strategy. Data-Centric Security solutions such as digital rights management (DRM), attribute-based access controls (ABAC), document analytics and digital signatures can certainly help agencies meet these new safeguarding requirements.

To support the transition to electronic government, OMB also instructed agencies to improve their ability to conduct electronic transactions and record keeping via the use of electronic signatures. Electronic Signatures are highlighted as a way to take paper processes and automate them digitally to save time and money. Simple solutions like these make it easier for citizens to interact with government and obtain the services they need.

Bottom line, these simple but important changes to how the government manages and maintains IT resources will better protect citizen data and help usher in a new era of digital services for citizens. OMB deserves praise for tackling such thorny information management issues at a time when it was needed more than ever.