{ "version" : "https://jsonfeed.org/version/1", "content" : "news", "type" : "single", "title" : "Managing Federal Information as a Strategic Resource |Digital.gov", "description": "Managing Federal Information as a Strategic Resource", "home_page_url" : "/preview/gsa/digitalgov.gov/bc-archive-content-3/","feed_url" : "/preview/gsa/digitalgov.gov/bc-archive-content-3/2016/07/27/managing-federal-information-as-a-strategic-resource/index.json","item" : [ {"title" :"Managing Federal Information as a Strategic Resource","summary" : "Summary: Today, OMB is releasing an update to Circular A-130, the Federal Government’s governing document for the management of Federal information resources. Today the Office of Management and Budget (OMB) is releasing an update to the Federal Government’s governing document for the management of Federal information resources: Circular A-130, Managing Information as a Strategic Resource.","date" : "2016-07-27T15:00:01-04:00","date_modified" : "2025-01-27T19:42:55-05:00","authors" : {"tony-scott" : "Tony Scott","howard-shelanski" : "Howard Shelanski","anne-rung" : "Anne Rung","marc-groman" : "Marc Groman"},"topics" : { "acquisition" : "Acquisition", "content-strategy" : "Content strategy", "open-data" : "Open data", "privacy" : "Privacy", "product-and-project-management" : "Product and project management", "security" : "Security" },"branch" : "bc-archive-content-3", "filename" :"2016-07-27-managing-federal-information-as-a-strategic-resource.md", "filepath" :"news/2016/07/2016-07-27-managing-federal-information-as-a-strategic-resource.md", "filepathURL" :"https://github.com/GSA/digitalgov.gov/blob/bc-archive-content-3/content/news/2016/07/2016-07-27-managing-federal-information-as-a-strategic-resource.md", "editpathURL" :"https://github.com/GSA/digitalgov.gov/edit/bc-archive-content-3/content/news/2016/07/2016-07-27-managing-federal-information-as-a-strategic-resource.md","slug" : "managing-federal-information-as-a-strategic-resource","url" : "/preview/gsa/digitalgov.gov/bc-archive-content-3/2016/07/27/managing-federal-information-as-a-strategic-resource/","content" :"\u003cblockquote\u003e\n\u003cp\u003e\u003cstrong\u003eSummary\u003c/strong\u003e: Today, OMB is releasing an update to Circular A-130, the Federal Government’s governing document for the management of Federal information resources.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003cp\u003eToday the Office of Management and Budget (OMB) is releasing an update to the Federal Government’s governing document for the management of Federal information resources: \u003ca href=\"https://s3.amazonaws.com/public-inspection.federalregister.gov/2016-17872.pdf\"\u003e\u003cem\u003eCircular A-130, Managing Information as a Strategic Resource\u003c/em\u003e\u003c/a\u003e. \u003cdiv class=\"image\"\u003e\n \u003cimg\n src=\"https://s3.amazonaws.com/digitalgov/_legacy-img/2016/07/600-x-425-USA-Digital-Map-charcoa1-iStock-Thinkstock-153126897.jpg\"\n alt=\"USA Digital Map\"/\u003e\u003c/div\u003e\n\n\u003c/p\u003e\n\u003cp\u003eThe way we manage information technology (IT), security, data governance, and privacy has rapidly evolved since A-130 was last updated in 2000. In today’s digital world, we are creating and collecting large volumes of data to carry out the Federal Government’s various missions to serve the American people. This data is duplicated, stored, processed, analyzed, and transferred with ease. As government continues to digitize, we must ensure we manage data to not only keep it secure, but also allow us to harness this information to provide the best possible service to our citizens.\u003c/p\u003e\n\u003cp\u003eToday’s update to Circular A-130 gathers in one resource a wide range of policy updates for Federal agencies regarding cybersecurity, information governance, privacy, records management, open data, and acquisitions. It also establishes general policy for IT planning and budgeting through governance, acquisition, and management of Federal information, personnel, equipment, funds, IT resources, and supporting infrastructure and services. In particular, A-130 focuses on three key elements to help spur innovation throughout the government:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eReal Time Knowledge of the Environment\u003c/strong\u003e. In today’s rapidly changing environment, threats and technology are evolving at previously unimagined speeds. In such a setting, the Government cannot afford to authorize a system and not look at it again for years at a time. In order to keep pace, we must move away from periodic, compliance-driven assessment exercises and, instead, continuously assess our systems and build-in security and privacy with every update and re-design. Throughout the Circular, we make clear the shift away from check-list exercises and toward the ongoing monitoring, assessment, and evaluation of Federal information resources.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eProactive Risk Management\u003c/strong\u003e. To keep pace with the needs of citizens, we must constantly innovate. As part of such efforts, however, the Federal Government must modernize the way it identifies, categorizes, and handles risk to ensure both privacy and security. Significant increases in the volume of data processed and utilized by Federal resources requires new ways of storing, transferring, and managing it Circular A-130 emphasizes the need for strong data governance that encourages agencies to proactively identify risks, determine practical and implementable solutions to address said risks, and implement and continually test the solutions. This repeated testing of agency solutions will help to proactively identify additional risks, starting the process anew.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eShared Responsibility\u003c/strong\u003e. Citizens are connecting with each other in ways never before imagined. From social media to email, the connectivity we have with one another can lead to tremendous advances. The updated A-130 helps to ensure everyone remains responsible and accountable for assuring privacy and security of information – from managers to employees to citizens interacting with government services.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThis update to Circular A-130 underpins many of the policies and technological advances the Federal Government has undergone thus far. And it reflects the extensive thoughts and \u003ca href=\"https://www.whitehouse.gov/blog/2015/10/20/modernizing-federal-information-policy\"\u003efeedback\u003c/a\u003e of the public and stakeholders across government and industry. Going forward, A-130 will continue to be the foundation for government’s ability to innovate, service its citizens, and further secure our nation’s valuable data and information.\u003c/p\u003e\n\u003cp\u003eFind out more about the revised and updated A-130 Circular via the fact sheet below.\u003cem\u003eTony Scott is the U.S. Chief Information Officer\u003c/em\u003e.\u003cem\u003eHoward Shelanski is the Administrator of the Office of Information and Regulatory Affairs\u003c/em\u003e.\u003cem\u003eAnne Rung is the U.S. Chief Acquisition Officer\u003c/em\u003e.\u003cem\u003eMarc Groman is the Senior Advisor for Privacy at the Office of Management and Budget\u003c/em\u003e. \u003cdiv class=\"image\"\u003e\n \u003cimg\n src=\"https://s3.amazonaws.com/digitalgov/_legacy-img/2015/07/600-x-314-USA-Flag-on-Button-of-Black-Keyboard-Tashatuvango-iStock-Thinkstock-459372745.jpg\"\n alt=\"American Flag on button of black keyboard\"/\u003e\u003c/div\u003e\n\n\u003c/p\u003e\n\u003cdiv\u003e\n \u003ch2 class=\"rtecenter\"\u003e\n FACT SHEET: A-130: \u003cem\u003eManaging Information as a Strategic Resource\u003c/em\u003e\n \u003c/h2\u003e\n\u003c/div\u003e\n\u003cp\u003eOMB Circular A-130 provides guidance to Federal agencies on general policy for the planning, budgeting, governance, acquisition, and management of Federal information, personnel, equipment, funds, information technology (IT) resources and supporting infrastructure and services. OMB has revised Circular A-130 to reflect changes in law and advances in technology, as well as to ensure consistency with Executive Orders, Presidential Directives, and other OMB policy.\u003c/p\u003e\n\u003cp\u003eThe revised Circular consolidates in one guidance document a wide range of policy updates in information governance, acquisitions, records management, open data, workforce, security, and privacy. In particular, the revisions highlight requirements from the Federal Information Technology Acquisition Reform Act to improve the acquisition and management of information resources. Also discussed are electronic signature requirements in accordance with the Government Paperwork Elimination Act and Electronic Signatures in Global and National Commerce Act.\u003c/p\u003e\n\u003cp\u003eThe revised Circular also emphasizes and clarifies the role of both privacy and security in the Federal information lifecycle. Importantly, the revised Circular represents a shift from viewing security and privacy requirements as compliance exercises to understanding security and privacy as crucial components of a comprehensive, strategic, and continuous risk-based program.\u003c/p\u003e\n\u003cp\u003eThe updated Circular promotes innovation, enables information sharing, and fosters the wide-scale and rapid adoption of new technologies while protecting and enhancing security and privacy. The Circular can be previewed \u003ca href=\"https://s3.amazonaws.com/public-inspection.federalregister.gov/2016-17872.pdf\"\u003eHERE\u003c/a\u003e and is effective July 28, 2016.\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eAppendix I: Responsibilities for Protecting and Managing Federal Information Resources\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003eThis Appendix establishes minimum requirements for Federal information security programs and assigns responsibilities for the security of information and information systems. It also establishes minimum requirements for Federal privacy programs, assigns responsibilities for privacy program management, and describes how agencies should take a coordinated approach to implementing information security and privacy controls.\u003c/p\u003e\n\u003cp\u003eAmong other things, these revisions require agencies to:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003ePerform ongoing reauthorization of systems (replacing the triennial reauthorization process) to better protect agency information systems;\u003c/li\u003e\n\u003cli\u003eContinuously monitor, log, and audit user activity to protect against insider threats;\u003c/li\u003e\n\u003cli\u003ePeriodically test response procedures and document lessons learned to improve incident response;\u003c/li\u003e\n\u003cli\u003eEncrypt moderate and high impact information at rest and in transit;\u003c/li\u003e\n\u003cli\u003eEnsure terms in contracts are sufficient to protect Federal information;\u003c/li\u003e\n\u003cli\u003eImplement measures to protect against supply chain threats;\u003c/li\u003e\n\u003cli\u003eProvide identity assurance for secure government services; and,\u003c/li\u003e\n\u003cli\u003eEnsure agency personnel are accountable for following security and privacy policies and procedures.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThe revised Appendix I also requires the National Institute of Standards and Technology (NIST) to develop guidance leveraging its \u003ca href=\"http://www.nist.gov/cyberframework/\"\u003eCybersecurity Framework\u003c/a\u003e and \u003ca href=\"http://csrc.nist.gov/publications/nistpubs/800-37-rev1/sp800-37-rev1-final.pdf\"\u003eRisk Management Framework\u003c/a\u003e to improve agency information security.\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eAppendix II: Responsibilities for Managing Personally Identifiable Information (PII)\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003eAppendix II outlines some of general responsibilities for Federal agencies managing personally identifiable information (PII) – including PII collected for statistical purposes under a pledge of confidentiality. While Appendix I focuses on both security and privacy, Appendix II is devoted to summarizing the responsibilities for Federal agencies managing information resources involving PII.\u003c/p\u003e\n\u003cp\u003eAmong other things, Appendix II summarizes requirements for Federal agencies in the following areas:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eEstablishing and maintaining a comprehensive, strategic, agency-wide privacy program;\u003c/li\u003e\n\u003cli\u003eDesignating Senior Agency Officials for Privacy;\u003c/li\u003e\n\u003cli\u003eManaging and training an effective privacy workforce;\u003c/li\u003e\n\u003cli\u003eConducting Privacy Impact Assessments(PIA);\u003c/li\u003e\n\u003cli\u003eApplying NIST’s Risk Management Framework to manage privacy risks in the information system development life cycle;\u003c/li\u003e\n\u003cli\u003eUsing the fair information practice principles when evaluating information systems, processes, programs, and activities that affect privacy;\u003c/li\u003e\n\u003cli\u003eMaintaining an inventory of PII and reducing PII usage to the minimum necessary for the proper performance of authorized agency functions; and,\u003c/li\u003e\n\u003cli\u003eLimiting the creation, collection, use, processing, storage, maintenance, dissemination, and disclosure of PII to that which is legally authorized, relevant, and reasonably deemed necessary for the proper performance of agency functions.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThe prior version of Appendix II (which was historically issued as Appendix I) described agency responsibilities for reporting and publication under the Privacy Act of 1974. This OMB guidance is being revised and will be issued as OMB Circular A-108, \u003cem\u003eFederal Agency Responsibilities for Review, Reporting, and Publication under the Privacy Act\u003c/em\u003e, to be released this year.\u003cem\u003eThis post was originally published on the White House’s \u003ca href=\"https://www.whitehouse.gov/omb/blog\"\u003eOffice of Management and Budget (OMB) Blog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n"} ] }