Agencies of the Federal Government depend on the secure acquisition, processing, storage, transmission, and disposition of information to carry out their core missions and business functions. Federal agencies must implement information security programs and privacy programs with the flexibility to meet current and future information management needs and the sufficiency to comply with Federal requirements. Agency programs must have the capability to identify, respond to, and recover from current threats while protecting their information resources and the privacy of the individuals whose information they maintain. The programs must also have the capability to address new and emerging threats. To be effective, information security and privacy considerations must be part of the day-to-day operations of agencies.
Appendix III to OMB Circular No. A-130 establishes:
- A minimum set of controls to be included in Federal automated information security programs;
- Assigns Federal agency responsibilities for the security of automated information; and
- Links agency automated information security programs and agency management control systems established in accordance with OMB Circular No. A-123.
The Appendix revises procedures formerly contained in Appendix III to OMB Circular No. A-130 (50 FR 52730; December 24, 1985), and incorporates requirements of the Computer Security Act of 1987 (P.L. 100-235) and responsibilities assigned in applicable national security directives.
This content is available in English only.
Control standard mappings are not available for this authoritative source.
For Additional Support
To learn more about this content, please contact your Account Rep for additional details. To obtain this content or for technical support questions, please open a support case or contact RSA Archer at firstname.lastname@example.org for more information.