Security Guidance

Laws and rules governing how agencies manage security, including software:

* The Privacy, Paperwork Reduction and Computer Security acts. Require

agencies to protect sensitive information, including personal data stored

on government systems.

* The Office of Management and Budget Circular A-130, Appendix II.

Requires agencies to establish key security controls for information systems,

including conducting background checks of key staff and contractors working

on systems.

* The National Institute of Standards and Technology Publications 800-12

and 800-18. Require agencies to document any changes to software and how

the changes affect the security of the system.

* The General Accounting Office's Federal Information Systems Control

Audit Manual. Suggests to agencies what criteria are needed to assess software

and what is needed to develop a policy to ensure an agency is following

applicable laws and OMB and NIST rules.

Source: GAO

Featured

  • Defense
    Ryan D. McCarthy being sworn in as Army Secretary Oct. 10, 2019. (Photo credit: Sgt. Dana Clarke/U.S. Army)

    Army wants to spend nearly $1B on cloud, data by 2025

    Army Secretary Ryan McCarthy said lack of funding or a potential delay in the JEDI cloud bid "strikes to the heart of our concern."

  • Congress
    Rep. Jim Langevin (D-R.I.) at the Hack the Capitol conference Sept. 20, 2018

    Jim Langevin's view from the Hill

    As chairman of of the Intelligence and Emerging Threats and Capabilities subcommittee of the House Armed Services Committe and a member of the House Homeland Security Committee, Rhode Island Democrat Jim Langevin is one of the most influential voices on cybersecurity in Congress.

Stay Connected

FCW INSIDER

Sign up for our newsletter.

I agree to this site's Privacy Policy.