Chairman Ron Johnson (R-Wis.) and ranking member Tom Carper (D-Del.) of the Senate Homeland Security and Governmental Affairs Committee on July 28 welcomed an update to federal cybersecurity guidance addressing issues they wrote about in an April letter to the White House Office of Management and Budget (OMB).
The senators earlier inquired into revisions to Circular A-130, establishing the office’s official policy and guidance on information technology (IT) management and cybersecurity for federal agencies. Originally issued in the 1980s, the circular had not been revised in over 15 years when the senators wrote a letter to the Director of OMB even though the Federal Information Security Modernization Act of 2014 (FISMA) required an update by December 2014 to remove wasteful or inefficient reporting and briefing requirements.
Appendix III of Circular A-130 previously required an agency to audit the security controls for general support systems and major applications at least once every three years and to also produce paperwork to report audits. The senators argued that while documentation is important, three-year assessments are not cost-effective or consistent with best-practices as understood FISMA.
On July 28 OMB published a notification to the Federal Register that it had revised Circular A-130. “When implemented by agencies, these revisions to the Circular will promote innovation, enable appropriate information sharing, and foster the wide-scale and rapid adoption of new technologies while strengthening protections for security and privacy,” OMB said in the notification.
“I am pleased that the administration has answered our call to update its information security policy guidance for federal agencies,” Johnson said in a statement.
Carper agreed and looked forward to a quick implementation of the change as well as further implementation of FISMA
“I am pleased that OMB has released updated guidance for federal agencies that better reflects the evolving threats we face today. It is now up to federal agencies to implement this guidance as quickly as possible and ensure their systems are up-to-date.”
“There is still much work to be done to fully implement FISMA and better secure our cyber networks. I look forward to continuing to work with Chairman Johnson, my colleagues in Congress and federal agencies in doing all we can to modernize our information technology systems and cybersecurity processes,” Johnson added.