The Office of Management and Budget is working on a long-awaited update to Circular A-130 — the federal government's central policy document for IT budgeting, acquisition and management — but at least two lawmakers want them to hurry up.
Sens. Tom Carper, D-Del., and Ron Johnson, R-Wis., penned a letter to OMB Director Shaun Donovan on April 26 asking why the revision wasn't competed by December 2015 — per the 2014 update to the Federal Information Security Modernization Act (FISMA) — and requesting regular briefings until it's done, with the first one next month.
Download: Carper, Johnson Letter to OMB Director Shaun Donovan
The senators noted OMB put out a draft revision for public comment in October but said they want to see the final document sooner than later.
"We appreciate OMB's work to update Circular A-130 but also emphasize the importance of completing this revision in a timely manner," the letter reads. "We request that you provide us with a date by which you plan to issue revisions to Circular A-130 and that OMB briefs our staffs on the status of the update within 30 days of this letter and quarterly thereafter until its completion."
Specifically, Carper and Johnson are interested in the cybersecurity implications of the revision.
Under the current policy, established 15 years ago, agencies are required to review security controls every three years. Modern best practices call for continuous monitoring of systems, using automation tools like those offered through the Continuous Diagnostics and Mitigation (CDM) program.
Without the update, "Circular A-130 remains an obstacle to the full adoption of this modern, automated approach to cybersecurity across government," the senators wrote.
An OMB official told Federal Times Wednesday the office "received extensive interest during the open comment period and is working vigorously to ensure that public feedback informs any ultimate policy."
Aaron Boyd is an awarding-winning journalist currently serving as editor of Federal Times — a Washington, D.C. institution covering federal workforce and contracting for more than 50 years — and Fifth Domain — a news and information hub focused on cybersecurity and cyberwar from a civilian, military and international perspective.
