OMB rolls out proposed A-130 changes

Shutterstock image: government access keyboard.

Federal technology managers' go-to rulebook for computer and information security is woefully behind the times. The A-130 circular from the Office of Management and Budget got its most recent overhaul in November 2000, back in the days of dial-up Internet connections.

A long-awaited updated, ordered by Congress, is almost in its final form. The Office of Management and Budget released the revised A-130 on Oct. 21, with a 30-day comment period for the public to weigh in.

"Modernizing this policy will enable OMB to provide timely and relevant guidance to agencies and will ensure that the Federal IT ecosystem operates more securely and more efficiently while saving tax dollars and serving the needs of the American people," wrote U.S. Chief Acquisition Officer Anne Rung, U.S. CIO Tony Scott, and Administrator of the Office of Information and Regulatory Affairs Howard Shelanski in a blog post.

The new A-130 centralizes a wide range of policy updates that have come down on acquisitions, cybersecurity, information governance, records management, open data and privacy -- either administratively or in recent legislation. It incorporates the new CIO authorities in the Federal IT Acquisition Reform Act, for example, and replaces the exhibit 53 format which CIOs used to document IT projects with an IT Portfolio that includes estimates of technology in agency budget requests.

The new policy replaces a federated procurement approach, which supported the "timely acquisition" of IT, with more-directed guidance to award contracts within 180 days after a solicitation goes out, and a declaration that IT should be delivered within 18 months.

The revised A-130 also delineates the responsibilities of OMB, the Department of Homeland Security and National Institute of Standards and Technology when it comes to securing federal systems, and requires continuous diagnostics and mitigation to be part of the government's defensive arsenal. 

It also puts CIOs on notice that the buck stops with them when it comes to obsolete technology. Under the new policy, CIOs must be "made aware of information systems and components that cannot be appropriately protected or secured and that such systems are given a high priority for upgrade, replacement, or retirement."

The new document also covers the new focus on data, mandating that government data that is public facing be accessible, discoverable and of usable quality. And agencies are instructed to designate a "senior agency official for privacy" to make sure that the laws and policies governing personally identifiable information stored on federal systems are maintained.

The government is accepting public comments via GitHub, and allows for suggested edits to be made in the form of pull requests. The federal IT community has already weighed in; OMB received about 500 comments during an inter-agency review period during April and May of 2015.

About the Author

Adam Mazmanian is executive editor of FCW.

Before joining the editing team, Mazmanian was an FCW staff writer covering Congress, government-wide technology policy, health IT and the Department of Veterans Affairs. Prior to joining FCW, Mr. Mazmanian was technology correspondent for National Journal and served in a variety of editorial at B2B news service SmartBrief. Mazmanian started his career as an arts reporter and critic, and has contributed reviews and articles to the Washington Post, the Washington City Paper, Newsday, Architect magazine, and other publications. He was an editorial assistant and staff writer at the now-defunct New York Press and arts editor at the online network in the 1990s, and was a weekly contributor of music and film reviews to the Washington Times from 2007 to 2014.

Click here for previous articles by Mazmanian. Connect with him on Twitter at @thisismaz.

The Fed 100

Save the date for 28th annual Federal 100 Awards Gala.


  • computer network

    How Einstein changes the way government does business

    The Department of Commerce is revising its confidentiality agreement for statistical data survey respondents to reflect the fact that the Department of Homeland Security could see some of that data if it is captured by the Einstein system.

  • Defense Secretary Jim Mattis. Army photo by Monica King. Jan. 26, 2017.

    Mattis mulls consolidation in IT, cyber

    In a Feb. 17 memo, Defense Secretary Jim Mattis told senior leadership to establish teams to look for duplication across the armed services in business operations, including in IT and cybersecurity.

  • Image from

    DHS vague on rules for election aid, say states

    State election officials had more questions than answers after a Department of Homeland Security presentation on the designation of election systems as critical U.S. infrastructure.

  • Org Chart Stock Art - Shutterstock

    How the hiring freeze targets millennials

    The government desperately needs younger talent to replace an aging workforce, and experts say that a freeze on hiring doesn't help.

  • Shutterstock image: healthcare digital interface.

    VA moves ahead with homegrown scheduling IT

    The Department of Veterans Affairs will test an internally developed scheduling module at primary care sites nationwide to see if it's ready to service the entire agency.

  • Shutterstock images (honglouwawa & 0beron): Bitcoin image overlay replaced with a dollar sign on a hardware circuit.

    MGT Act poised for a comeback

    After missing in the last Congress, drafters of a bill to encourage cloud adoption are looking for a new plan.

Reader comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group