The circular hadn’t been updated since 2000, an era ruled by desktop computers. The document now consolidates policy updates for federal agencies in important categories like cybersecurity, information governance, privacy, records management, open data and acquisitions.
The lengthy time between updates alone made headlines when the White House unveiled a rewrite last year after the Office of Personnel Management hack forced government to take a more proactive approach to cybersecurity. The real significance of A-130’s update is in the policy itself, according to Trevor Rudolph, chief of OMB’s Cyber and National Security Unit.
» Get the best federal technology news and ideas delivered right to your inbox. Sign up here.
A-130 broadly emphasizes three key elements: real-time knowledge of the environment, proactive risk management and shared responsibility. Speaking Thursday at an event hosted by Nextgov, Rudolph used slides to contrast old A-130 policy language with the new.
A few examples:
From a cybersecurity standpoint, the new policy ushers out box-checking exercises and outdated protocols in favor of a more nuanced policy guide designed to evolve with the times.
Rudolph said the A-130 update has added importance because it addresses the three main “structural challenges to sustained progress” for the Cybersecurity National Action Plan released earlier this year. Those challenges include legacy IT, fragmented governance of IT across the federal landscape and cyber workforce vacancies.
New guidance within A-130 helps agencies tag-team those challenges, although Rudolph said OMB will continue to promote additional policies that address them, too.
Recently, OMB released the Federal Cybersecurity Workforce Strategy to address hiring 3,500 additional “critical cybersecurity and IT positions” by January 2017 and has promoted the IT Modernization Fund, which would create …