Revisions to OMB's Circular A-130
AIMD-95-151R: Published: Jun 1, 1995. Publicly Released: Jun 1, 1995.
- Full Report:
GAO commented on the proposed revision to Office of Management and Budget (OMB) Circular A-130 regarding the security of federal automated information systems. GAO noted that: (1) it endorses holding management and users accountable for the security of their information resources, particularly regarding rules of behavior, system-specific training for users, reporting material information security weaknesses, and mandating National Institute of Standards and Technology assistance before agencies adopt new technologies; and (2) OMB could improve its revision by providing a specific risk assessment requirement that describes the role of risk assessments in the context of an agency's overall security program, ensures the independence and structure of, and accountability for security reviews, and provides guidance on how agencies could ensure the security of shared information.