Revisions to OMB's Circular A-130

Gao ID: AIMD-95-151R June 1, 1995

GAO commented on the proposed revision to Office of Management and Budget (OMB) Circular A-130 regarding the security of federal automated information systems. GAO noted that: (1) it endorses holding management and users accountable for the security of their information resources, particularly regarding rules of behavior, system-specific training for users, reporting material information security weaknesses, and mandating National Institute of Standards and Technology assistance before agencies adopt new technologies; and (2) OMB could improve its revision by providing a specific risk assessment requirement that describes the role of risk assessments in the context of an agency's overall security program, ensures the independence and structure of, and accountability for security reviews, and provides guidance on how agencies could ensure the security of shared information.



The Justia Government Accountability Office site republishes public reports retrieved from the U.S. GAO These reports should not be considered official, and do not necessarily reflect the views of Justia.