In a letter to the Office of Management and Budget (OMB), Senate Homeland Security Committee Chairman Ron Johnson (R-Wis.) and ranking member Sen. Tom Carper (D-Del.) asked the agency's director Shaun Donovan to complete changes to a privacy and cyber policy framework. The current framework, called Circular A-130, which has not been updated in 15 years, has slowed federal agencies from responding effectively to cyber threats, the lawmakers said.
The OMB began the process of updating the policy more than a year ago, but the lawmakers are not pleased with progress towards a new guidance, and asked OMB director Shaun Donovan for an update within 30 days.
“Continuous, automated monitoring of cybersecurity controls is a primary component of an organization's cybersecurity program. Indeed, OMB, the Department of Homeland Security (DHS), and the National Institute of Standards and Technology (NIST) have all indicated that continuous monitoring is a top priority,” the Senators wrote. “Circular A-130 remains an obstacle to the full adoption of this modern, automated approach to cybersecurity across government.”
In 2012, the Inspectors General and the Government Accountability Offices called on the agency to update Circular A-130, noting that “absent changes in policy, agency staff will continue to waste scarce resources on strategies that do little to mitigate risk.”