Discuss | Edit | View PDF

Circular A-130

Archive Site

Welcome! This site is archival. It was used to collect feedback from the public on proposed revisions to OMB Circular A-130. The comment period closed in November 2015. The revised OMB Circular A-130 was announced on July 27, 2016.
Read more here.

Government-wide Responsibilities

a. Department of Commerce

The Secretary of Commerce shall:

  1. Develop and issue Federal Information Processing Standards (FIPS) and guidelines necessary to ensure the efficient and effective acquisition, management, security, and use of information technology, while taking into consideration the recommendations of the agencies and the CIO Council;16
  2. Provide OMB and the agencies with scientific and technical advisory services relating to the development and use of information technology;17
  3. Conduct studies and evaluations concerning telecommunications technology, and the improvement, expansion, testing, operation, and use of Federal telecommunications systems, and advise the Director of OMB and appropriate agencies of the recommendations that result from such studies;18
  4. Develop, in consultation with the Secretary of State and the Director of OMB, plans, policies, and programs relating to international telecommunications issues affecting Federal information activities;19
  5. Identify needs for standardization of telecommunications and information processing technology, and develop standards, in consultation with the Secretary of Defense and the Administrator of General Services, to ensure efficient application of such technology;20 and
  6. Ensure the Federal Government is represented in the development of national and international (in consultation with the Secretary of State) information technology standards, and advise the Director of OMB on such activities.21
b. Department of Homeland Security

The Secretary of Homeland Security shall:22

  1. Monitor and assist agencies with the implementation of information security policies and practices for information systems;
  2. Assist OMB in carrying out its information security oversight and policy responsibilities;
  3. Develop and oversee the implementation of binding operational directives that reinforce the policies, principles, standards, and guidelines developed by OMB, that focus on:

    a. Requirements for the mitigation of exigent risks to information systems;

    b. Requirements for reporting incidents to the Federal information security incident center; and

    c. Other operational requirements, as deemed necessary by OMB;

  4. Coordinate the development of binding operational directives and the oversight of the implementation of such directives with OMB and NIST to ensure consistency with OMB policies and NIST standards and guidelines;

  5. Consult with the Director of NIST regarding any binding operational directives that implement or affect the standards and guidelines developed by NIST;

  6. Convene meetings with senior agency officials to help ensure effective implementation of information security policies and procedures;

  7. Coordinate government-wide efforts on information security policies and practices, including consultation with the CIO Council and NIST;

  8. Manage government-wide information security programs and provide and operate Federal information security shared services, as directed by OMB;

  9. Provide operational and technical assistance to agencies in implementing policies, principles, standards, and guidelines on information security. This includes:

    a. Operating the Federal information security incident center;

    b. Deploying technology to assist agencies to continuously diagnose and mitigate cyber threats and vulnerabilities, with or without reimbursement and at the request of the agency;

    c. Compiling and analyzing data on agency information security; and

    d. Developing and conducting targeted operational evaluations, including threat and vulnerability assessments, on information systems.

  10. Provide agencies with current, timely and actionable intelligence about cyber threats, vulnerabilities, and incidents for risk assessments;

  11. Consult with OMB to determine what other actions may be necessary to support implementation of effective government-wide information security programs;

  12. Provide the public with timely notice and opportunities for comment on proposed information security directives and procedures to the extent that such directives and procedures affect the public or communication with the public; and

  13. Solicit and consider the recommendations of the Information Security Privacy Advisory Board, established by the National Institute of Standards and Technology Act.

c. General Services Administration

The Administrator of General Services shall:

  1. Manage a single government-wide network contract (formally referred to as the FTS 2000 program) that leverages shared solutions for many agencies;23
  2. Manage the Acquisition Services Fund in accordance with the General Services Administration Modernization Act;
  3. Administer the E-Government fund to support projects approved by the Office of Management and Budget;24
  4. Assist OMB in setting strategic direction for electronic government and overseeing government-wide implementation, and recommend changes relating to government-wide strategies and priorities;25
  5. Promote innovative uses of information technology by agencies, particularly initiatives involving multiagency collaboration, through support of pilot projects, research, experimentation, and the use of innovative technologies;26
  6. Provide support and assistance to the CIO Council;27 and
  7. Implement accessibility standards under section 508 of the Rehabilitation Act of 1973, in coordination with the Department of Justice and U.S. Access Board.28
d. National Archives and Records Administration

The Archivist of the United States shall:

  1. Administer the Federal Records Act and National Archives and Records Administration regulations (36 CFR Subchapter B—Records Management);
  2. Develop requirements relating to electronic records management in consultation with OMB;
  3. Work with agencies to ensure the transfer of permanent Federal electronic records to the National Archives of the United States in digital or electronic form to the greatest extent possible;29 and
  4. Ensure agency compliance with records management requirements, provide records management training, and facilitate public access to high-value government records.30
e. Office of Personnel Management

The Office of Personnel Management shall:31

  1. Analyze on an ongoing basis, the workforce needs of the Federal Government related to information technology and information resources management, in conjunction with relevant agencies;
  2. Identify where current information technology and information resources management training does not satisfy the needs of the Federal Government related to information technology;
  3. Oversee the development of curricula, training methods, and training priorities that correspond to the projected personnel needs related to information technology and information resources management; and
  4. Assess the training of employees in information technology disciplines in order to ensure that information resources management needs are addressed.

Footnotes

  • 16 Pursuant to the Federal Information Security Modernization Act of 2014 (44 U.S.C. chapter 35) and the National Institute of Standards and Technologies Act (15 U.S.C. § 271 et seq.).
  • 17 Pursuant to the Federal Information Security Modernization Act of 2014 (44 U.S.C. chapter 35) and the National Institute of Standards and Technologies Act (15 U.S.C. § 271 et seq.).
  • 18 Pursuant to the National Telecommunications and Information Administration (NTIA) Organization Act, as amended (47 U.S.C. 901 et seq.); cited in 47 U.S.C. 902 (b)(2)(F).
  • 19 Pursuant to the NTIA Organization Act, as amended (47 U.S.C. 901 et seq.); cited in 47 U.S.C. 902 (b)(2)(G).
  • 20 Pursuant to the National Technology Transfer and Advancement Act (NTTAA) (15 U.S.C. §3701 et seq.), the National Institute of Standards and Technology Organic Act (15 USC § 273, 275a, and 278b), and OMB A-119, Federal Participation in the Development and Use of Voluntary Consensus Standards and in Conformity Assessment Activities.
  • 21 Pursuant to the America Competes Act (33 U.S.C. 893), National Technology Transfer and Advancement Act (NTTAA) (15 U.S.C. §3701 et seq.), and OMB A-119, Federal Participation in the Development and Use of Voluntary Consensus Standards and in Conformity Assessment Activities.
  • 22 Pursuant to the Federal Information Security Modernization Act of 2014 (44 U.S.C. chapter 35).
  • 23 Pursuant to the Clinger-Cohen Act (also known as the "Information Technology Management Reform Act of 1996") (40 U.S.C. § 11101-11704).
  • 24 Pursuant to the E-Government Act of 2002 (44 U.S.C. § 3604).
  • 25 Pursuant to the E-Government Act of 2002 (44 U.S.C. chapters 35 and 36).
  • 26 Pursuant to the E-Government Act of 2002 (44 U.S.C. chapters 35 and 36).
  • 27 Pursuant to the E-Government Act of 2002 (44 U.S.C. chapters 35 and 36).
  • 28 Pursuant to the E-Government Act of 2002 (44 U.S.C. chapters 35 and 36).
  • 29 Pursuant to the Federal Records Act of 1950, as amended, codified (44 U.S.C. chapters 21, 29, 31, 33).
  • 30 Pursuant to the Federal Records Act of 1950, as amended, codified (44 U.S.C. chapters 21, 29, 31, 33).
  • 31 Pursuant to the E-Government Act of 2002 (44 U.S.C. chapters 35 and 36).