Is the revised A-130 already obsolete?

The federal government's IT policy rules are getting their first overhaul since 2000. Proposed revisions to the Office of Management and Budget's Circular A-130, the document governing the management and acquisition of federal information resources, take into account new law and the heightened level of cybersecurity risk facing government systems.

But the document is noticeably quiet on some more recent policy shifts that were designed to make federal IT deployment more agile and more open.

Noah Kunin, director of delivery architecture and infrastructure services at the General Services Administration's 18F, pointed out the disconnect in comments on GitHub, where the proposed revisions are posted.

"It's still very confusing what A-130 is trying to actually do," Kunin wrote. "The current draft of A-130 is still failing to strike the right balance between specificity and abstraction."

He said the revised document fails to absorb the recent innovations in IT policy that grew out of the failure of HealthCare.gov, which include the creation of 18F, the U.S. Digital Service and guidelines for successful IT acquisition, design and deployment.

"The vast majority of [the new A-130] reads like what we should have sent out with little fanfare in 2008, not 2015," Kunin wrote.

Specifically, the new A-130 does not make recommendations for the use of agile development methodologies, nor does it advocate the use of open-source software. And it doesn't incorporate the reforms backed by the Digital Services Playbook and TechFAR documents.

"By not placing the Playbook in what I call the 'official' federal compliance architecture, of which most documents trace back to A-130 (and/or a statute), the possibility for meaningful enforcement or acceleration of the Playbook's precepts are removed," Kunin wrote.

On cybersecurity, he added that the revised A-130 "effectively maintains the current policy framework without any notable policy change…the same framework that's allowed for the most catastrophic set of digital security failures ever seen by the U.S. government."

The security recommendations in the revised A-130, which include multifactor authentication and encryption of data in transit and at rest, are either watered down or saddled with requirements that are likely to make implementation difficult, Kunin said.

He plans to drill down into some specific issues in GitHub pull requests. However, time is short for a transformative rewrite of A-130. OMB has already received feedback from other agencies, and the window for public comments will close on Nov. 20.

About the Author

Adam Mazmanian is executive editor of FCW.

Before joining the editing team, Mazmanian was an FCW staff writer covering Congress, government-wide technology policy and the Department of Veterans Affairs. Prior to joining FCW, Mazmanian was technology correspondent for National Journal and served in a variety of editorial roles at B2B news service SmartBrief. Mazmanian has contributed reviews and articles to the Washington Post, the Washington City Paper, Newsday, New York Press, Architect Magazine and other publications.

Click here for previous articles by Mazmanian. Connect with him on Twitter at @thisismaz.


  • Contracting
    8 prototypes of the border walls as tweeted by CBP San Diego

    DHS contractors face protests – on the streets

    Tech companies are facing protests internally from workers and externally from activists about doing for government amid controversial policies like "zero tolerance" for illegal immigration.

  • Workforce
    By Mark Van Scyoc Royalty-free stock photo ID: 285175268

    At OPM, Weichert pushes direct hire, pay agent changes

    Margaret Weichert, now acting director of the Office of Personnel Management, is clearing agencies to make direct hires in IT, cyber and other tech fields and is changing pay for specialized occupations.

  • Cloud
    Shutterstock ID ID: 222190471 By wk1003mike

    IBM protests JEDI cloud deal

    As the deadline to submit bids on the Pentagon's $10 billion, 10-year warfighter cloud deal draws near, IBM announced a legal protest.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.