U.S. Sens. Tom Carper (D-DE) and Ron Johnson (R-WI) sent a letter to Shaun Donovan, director of the Office of Management and Budget (OMB), on Wednesday requesting an update on efforts to complete and issue revisions to Circular A-130.
Circular A-130 establishes OMB’s official policy on guidance on information technology management and cyber security for federal agencies. It was first issued in the 1980s and has not been revised in more than 15 years despite the constantly changing world of cybersecurity.
Congress passed the Federal Information Security Modernization Act of 2014 to enhance federal network security and more quickly transition agencies to continuous and automated cybersecurity monitoring. The act required the OMB to update Appendix III of Circular A-130 by December 2015 to “eliminate inefficient or wasteful reporting.” Additionally, it requires the office to provide quarterly briefings to Congress on the status of the amendment.
“According to the most recent FISMA annual report, OMB is currently in the process of significantly revising Circular A-130 and has asked for public comment on the proposed revisions,” the letter said. “We appreciate OMB’s work to update Circular A-130, but also emphasize the importance of completing this revision in a timely manner. We request that you provide us with a date by which you plan to issue revisions to Circular A-130, and that OMB briefs our staffs on the status of the update within 30 days of this letter and quarterly thereafter until its completion.”