Security Guidance

Laws and rules governing how agencies manage security, including software:

* The Privacy, Paperwork Reduction and Computer Security acts. Require

agencies to protect sensitive information, including personal data stored

on government systems.

* The Office of Management and Budget Circular A-130, Appendix II.

Requires agencies to establish key security controls for information systems,

including conducting background checks of key staff and contractors working

on systems.

* The National Institute of Standards and Technology Publications 800-12

and 800-18. Require agencies to document any changes to software and how

the changes affect the security of the system.

* The General Accounting Office's Federal Information Systems Control

Audit Manual. Suggests to agencies what criteria are needed to assess software

and what is needed to develop a policy to ensure an agency is following

applicable laws and OMB and NIST rules.

Source: GAO

Featured

  • Cybersecurity
    Deputy Secretary of Homeland Security Alejandro Mayorkas  (U.S. Coast Guard photo by Petty Officer 3rd Class Lora Ratliff)

    Mayorkas announces cyber 'sprints' on ransomware, ICS, workforce

    The Homeland Security secretary announced a series of focused efforts to address issues around ransomware, critical infrastructure and the agency's workforce that will all be launched in the coming weeks.

  • IT Modernization
    Blue Signage and logo of the U.S. Department of Veterans Affairs

    VA plans 'strategic review' of $16B software program

    New Veterans Affairs chief Denis McDonough announced a "strategic review" of the agency's Electronic Health Record Modernization program of up to 12 weeks.

Stay Connected