O.M.B. Appendix III to OMB Circular No. A-130 Authoritative Source Content

Document created by Susan Read-Miller Employee on Apr 30, 2018Last modified by Christine Tran on Aug 9, 2018
Version 6Show Document
  • View in full screen mode

Agencies of the Federal Government depend on the secure acquisition, processing, storage, transmission, and disposition of information to carry out their core missions and business functions. Federal agencies must implement information security programs and privacy programs with the flexibility to meet current and future information management needs and the sufficiency to comply with Federal requirements. Agency programs must have the capability to identify, respond to, and recover from current threats while protecting their information resources and the privacy of the individuals whose information they maintain. The programs must also have the capability to address new and emerging threats. To be effective, information security and privacy considerations must be part of the day-to-day operations of agencies.


Appendix III to OMB Circular No. A-130 establishes:

  • A minimum set of controls to be included in Federal automated information security programs;
  • Assigns Federal agency responsibilities for the security of automated information; and
  • Links agency automated information security programs and agency management control systems established in accordance with OMB Circular No. A-123.


The Appendix revises procedures formerly contained in Appendix III to OMB Circular No. A-130 (50 FR 52730; December 24, 1985), and incorporates requirements of the Computer Security Act of 1987 (P.L. 100-235) and responsibilities assigned in applicable national security directives.



This content is available in English only.



Control standard mappings are not available for this authoritative source.


Content Source

The source of this content comes from the OMB Appendix III to OMB Circular No. A-130.


Licensing Restrictions

The Appendix III to OMB Circular No. A-130 authoritative source content is available with the use of the RSA Archer Policy Program Management, RSA Archer Controls Monitoring Program Management, and/or RSA Archer Authorization and Assessment use cases. No additional license is required.


For More Information

To learn more about the O.M.B. Appendix III to OMB Circular No. A-130 Authoritative Source Content:


For Additional Support

To learn more about this content, please contact your Account Rep for additional details. For technical support questions, please open a support case or contact RSA Archer at archersupport@rsa.com for more information.