A-130 feedback urges more emphasis on commercial cloud in IT policy revisions

Shutterstock. Photo credit: Tupungato

The A-130 is the foundational document for all federal information policy.  So when the Office of Management and Budget put out a draft of the first A-130 revision in 15 years in October, the proposed changes were parsed carefully. Comments filed on GitHub by the Dec. 5 deadline show that cloud vendors and trade groups are worried that the document doesn't adequately promote the government's avowed "cloud first" policy, and that it requires redundant levels of approval for agencies seeking to move development, operations, and data to a virtual environment.

Dave Wennergren of the Professional Services Council hoped that a revised A-130 would "more explicitly promote the importance of commercial cloud solutions as a means of replacing aging infrastructure, reducing operating costs, providing greater access to modern applications and improving agency cybersecurity posture."

In particular, industry reps were disappointed that the cloud authorization process FedRAMP was not enshrined in the revised A-130.

"As A-130 itself is being modernized to support the development and use of cutting edge IT and leading information policy approaches associated with its effective management," Microsoft argued in its comments, "it would be a stark remission not to integrate the Administration's Cloud First policy commitments, achievements and goals embodied through FedRAMP."

The IT Alliance for the Public Sector, a division of the Information Technology Industry Council, complained that the revised A-130 "creates parallel, but uncoordinated, authorization authorities for privacy and security. Such a condition will negatively impact companies seeking and sustaining authorizations to operate cloud computing services."

Customer service platform Salesforce agreed, urging OMB to "revise the Draft Circular to reaffirm the applicability of FedRAMP for Cloud based systems."

More generally, the Mitre Corporation worried that the A-130 lacks a stick to make agencies follow its rules. "Agencies may be reticent to comply with the guidance given that enforcement mechanisms penalties for non-compliance are not identified," they noted. Mitre also wanted some new clarity, in light of the Federal IT Acquisition Reform Act, about making sure that newly empowered agency CIOs maintain some boundaries between their areas of control and highly bespoke agency component missions.

Mitre's commenters suggested specifying that "responsibility for mission systems that are not implemented using commercially available IT shall be delineated," to avoid muddling authorities.

In addition, a host of government transparency groups and information associations banded together to protest deletions from the previous A-130 with regard to information policy. Comments submitted by Patrice McDermott of OpenTheGovernment.org on behalf of her group, along with (among others) the American Library Association, the Government Accountability Project, and the Project on Government Oversight pushed for the restoration of statements like, "the free flow of information between the government and the public is essential to a democratic society" and "the public disclosure of government information is essential to the operation of a democracy."

OMB plans to review these and many other comments outside the public glare of GitHub, and make any changes before publishing the final, canonical A-130. 

About the Author

Adam Mazmanian is executive editor of FCW.

Before joining the editing team, Mazmanian was an FCW staff writer covering Congress, government-wide technology policy and the Department of Veterans Affairs. Prior to joining FCW, Mazmanian was technology correspondent for National Journal and served in a variety of editorial roles at B2B news service SmartBrief. Mazmanian has contributed reviews and articles to the Washington Post, the Washington City Paper, Newsday, New York Press, Architect Magazine and other publications.

Click here for previous articles by Mazmanian. Connect with him on Twitter at @thisismaz.


  • FCW Perspectives
    human machine interface

    Your agency isn’t ready for AI

    To truly take advantage, government must retool both its data and its infrastructure.

  • Cybersecurity
    secure network (bluebay/Shutterstock.com)

    Federal CISO floats potential for new supply chain regs

    The federal government's top IT security chief and canvassed industry for feedback on how to shape new rules of the road for federal acquisition and procurement.

  • People
    DHS Secretary Kirstjen Nielsen, shown here at her Nov. 8, 2017, confirmation hearing. DHS Photo by Jetta Disco

    DHS chief Nielsen resigns

    Kirstjen Nielsen, the first Homeland Security secretary with a background in cybersecurity, is being replaced on an acting basis by the Customs and Border Protection chief. Her last day is April 10.

Stay Connected


Sign up for our newsletter.

I agree to this site's Privacy Policy.