When agencies implement FISMA, they must use National Institute of Standards and Technology (NIST) standards and guidelines. The OMB Circular A-130 compliance policy (titled Managing Information as a Strategic Resource, is one of many government circulars that is produced by the United States Federal Government to establish policy for executive branch departments and agencies.
At its core, it sets policy and establishes guidelines for the management of Federal information resources. After the Office of Personnel Management (OPM) data breach and the subsequent cybersecurity revolution, OMB released a new revision of Circular A-130 in July of 2016. The 2016 revision addresses new statutory requirements (e.g., FISMA 2014) and the enhanced technological capabilities that now require equally advanced security protocols.
Why Circular A-130 Compliance Is Important
The OMB Circular A-130 compliance policy emphasizes migrating security checks from static, point-in-time authorization processes to a more dynamic, near-real-time ongoing process.
This new, continuous, and dynamic monitoring has a two-fold intent:
- Maintaining IT system security control operational authorization (i.e., authority to operate (ATO)) via continuous security and privacy monitoring, assessment, and system penetration tests; and
- Mitigating evolving cybersecurity threats and system vulnerabilities through the use of automated and manual processes.
As we can see, Circular A-130’s main intent is to help companies modernize their IT system security using more automated and efficient tools. These tools not only help to protect sensitive data more effectively but help cloud service providers and IT providers of all kinds within the federal government net to more seamlessly improve security and collaborate efficiently.
When implemented by agencies, the Circular will promote innovation, enable appropriate information sharing, and foster the wide-scale and rapid adoption of new technologies while strengthening protections for security and privacy.
How TCB Can Help Achieve OMB A-130 Compliance
While FISMA is a law that details how federal government agencies and contractors have to protect information resources, OMB A-130 says how they should go about it.
Achieving OMB A-130 compliance requires a focused approach that understands what these guidelines require and also the most efficient approach for tackling remediation. Our team specializes in helping organizations understand the roadmap to a modernized cybersecurity infrastructure that OMB A-130 provides.