Security Guidance

Laws and rules governing how agencies manage security, including software:

* The Privacy, Paperwork Reduction and Computer Security acts. Require

agencies to protect sensitive information, including personal data stored

on government systems.

* The Office of Management and Budget Circular A-130, Appendix II.

Requires agencies to establish key security controls for information systems,

including conducting background checks of key staff and contractors working

on systems.

* The National Institute of Standards and Technology Publications 800-12

and 800-18. Require agencies to document any changes to software and how

the changes affect the security of the system.

* The General Accounting Office's Federal Information Systems Control

Audit Manual. Suggests to agencies what criteria are needed to assess software

and what is needed to develop a policy to ensure an agency is following

applicable laws and OMB and NIST rules.

Source: GAO

Featured

  • People
    2021 Federal 100 Awards

    Announcing the 2021 Federal 100 Award winners

    Meet the women and men being honored for their exceptional contributions to federal IT.

  • Comment
    Diverse Workforce (Image: Shutterstock)

    Who cares if you wear a hoodie or a suit? It’s the mission that matters most

    Responding to Steve Kelman's recent blog post, Alan Thomas shares the inside story on 18F's evolution.

Stay Connected