Agencies of the Federal Government depend on the secure acquisition, processing, storage, transmission, and disposition of information to carry out their core missions and business functions. Federal agencies must implement information security programs and privacy programs with the flexibility to meet current and future information management needs and the sufficiency to comply with Federal requirements. Agency programs must have the capability to identify, respond to, and recover from current threats while protecting their information resources and the privacy of the individuals whose information they maintain. The programs must also have the capability to address new and emerging threats. To be effective, information security and privacy considerations must be part of the day-to-day operations of agencies.
Appendix I to O.M.B. Circular No. A-130 establishes:
- Minimum requirements for Federal information security programs
- Assigns Federal agency responsibilities for the security of information and information systems
- Links agency information security programs and agency management control systems established in accordance with OMB Circular No. A-123.
Appendix III to O.M.B. Circular No. A-130 establishes:
- A minimum set of controls to be included in Federal automated information security programs
- Assigns Federal agency responsibilities for the security of automated information
- Links agency automated information security programs and agency management control systems established in accordance with O.M.B. Circular No. A-123.
The Appendix revises procedures formerly contained in Appendix III to O.M.B. Circular No. A-130 (50 FR 52730; December 24, 1985), and incorporates requirements of the Computer Security Act of 1987 (P.L. 100-235) and responsibilities assigned in applicable national security directives.
RSA Archer provides authoritative source content for the following U.S. O.M.B. Circular No. A-130 Appendices:
This content is available in English only.
Control standard mappings are not available for this authoritative source.
The authoritative source content is available with the use of the RSA Archer Policy Program Management, RSA Archer Controls Monitoring Program Management, and/or RSA Archer Authorization and Assessment use cases. No additional license is required.
For More Information
To learn more about the U.S. O.M.B. Circular No. A-130 Authoritative Source Content:
- Review the RSA Archer Content Import Tip Sheet for instructions on how to import content
- Download the U.S. O.M.B. Circular No. A-130 Appendix I Authoritative Source Content Package
- Download the U.S. O.M.B Circular No. A-130 Appendix III Authoritative Source Content Package
For Additional Support
To learn more about this content, please contact your Account Rep for additional details. For technical support questions, please open a support case or contact RSA Archer at firstname.lastname@example.org for more information.