Omb m 01 05 pdf

To promote greater attention to security as a fundamental management priority, OMB continues to take steps to integrate security into the capital planning and budget process. This integration is already producing tangible benefits by promoting security that comports with the agency's enterprise architecture, supports business operations, and is funded within each information system over its life-cycle.

This identifier will provide the link to agency budget materials. Due to their special sensitivity and the unique way they are addressed in the Security Act, reporting weaknesses in national security systems as well as certain systems under the control of the Department of Defense and Intelligence Community is being addressed differently than for other systems. Although we certainly suggest that agencies document corrective plans of action for their own use, we are not prescribing a particular format.

Prior to reporting such corrective action plans to OMB, we request that you consult with us so that we can make appropriate arrangements as to level of detail and sensitivity of what you should report. We have made special arrangements with the Department of Defense and could adapt that procedure for the use of other agencies in reporting on national security systems.

What format should be used for the quarterly status updates? Sensitive descriptions of specific weaknesses are not necessary, but sufficient data is necessary to permit oversight and tracking. For example, to the maximum extent practicable agencies should use the types of descriptions commonly found in reports of the General Accounting Office and Inspectors General such as "inadequate password controls," "insufficient or inconsistent data integrity controls," "inadequate firewall configuration reviews," "background investigations not been performed prior to system access," "physical access controls are insufficient," etc.

Access to aggregated data will be available to the appropriate OMB employees. Each illustrates the appropriate level of detail required. Column 1 -- Type of weakness. Describe weaknesses identified by the annual program review, IG independent evaluation or any other work done by or on behalf of the agency. Sensitive descriptions of specific weaknesses are not necessary, but sufficient data must be provided to permit oversight and tracking.

Where more than one weakness has been identified, agencies should number each individual weakness as shown in the examples. Column 2 -- Identity of the office or organization that the agency head will hold responsible for resolving the weakness. We help agencies make their services more accessible, efficient, and effective with modern applications, platforms, processes, personnel, and software solutions.

Read more. TTS Solutions is a portfolio of products and services that help agencies improve delivery of information and services to the public.

For questions about this website, email digitalgov gsa. Additional information about the U. Updated December 18, The Circular provides updated implementation guidance to Federal managers to improve accountability and effectiveness of Federal programs as well as mission support operations through implementation of ERM practices and by establishing, maintaining, and assessing internal control effectiveness.

Dated July 15, A, agencies are required to manage risk in relation to achievement of reporting objectives. Prior to this update, Appendix A was prescriptive and rigorous in what agencies were required to implement in order to provide reasonable assurances over internal controls over financial reporting ICOFR.

This update balances that rigor with giving agencies the flexibility to determine which control activities are necessary to achieve reasonable assurances over internal controls and processes that support overall data quality contained in agency reports. Updated June 6, The goal of this revised version of OMB Circular A 's Appendix C is to transform the improper payment compliance framework to create a more unified, comprehensive, and less burdensome set of requirements.

Updated June 26, Office of Management and Budget circular that establishes general policy for the planning, budgeting, governance, acquisition, and management of Federal information, personnel, equipment, funds, IT resources and supporting infrastructure and services. Dated July 28, This Circular provides direction for federal agencies that produce, maintain or use spatial data either directly or indirectly in the fulfillment of their mission.

This revised circular supersedes Circular A, dated December 31, It provides the basis for a systematic and periodic collection and uniform submission of information on all federally financed domestic assistance programs to the Office of Management and Budget OMB by Federal agencies. It also establishes Federal policies related to the delivery of this information to the public, including through the use of electronic media.

The policies and responsibilities established by this Circular apply to all executive departments and agencies as defined by Section 1 of Title 5, United States Code. Issues guidance to remind agencies of several privacy-related legal requirements that apply to computer matching and to clarify how agencies should conduct computer matching activities.

Dated December 20, Emphasizes the need to keep confidential the Executive Branch's internal deliberations regarding the various issues and options that were considered in the process leading to the President's budget decisions. Dated April 25, Dated July 2, This legislation greatly expanded the Administration's efforts to identify and reduce erroneous payments in the government's programs and activities.

When implemented, this guidance promises to improve the integrity of the government's payments and the efficiency of its programs and activities. Dated May 21, Provides information to agencies on implementing the privacy provisions of the E-Government Act of Dated September 26, Allocates responsibilities for ensuring the appropriate uniformity, centralization, efficiency, effectiveness, timeliness, and reciprocity of determining eligibility for access to classified national security information.

Dated June 30, This memorandum identifies procedures to organize and categorize information and make it searchable across agencies to improve public access and dissemination, discusses using the Federal Enterprise Architecture Data Reference Model DRM , and reminds agencies of the breadth of their existing responsibilities primarily related to information access and dissemination, including under the Paperwork Reduction Act of and the E-Government Act of Dated December 16, This memorandum highlights actions required of agencies by the Executive Order and provides contact information if your agency has questions about the order.

Dated December 30, To assist agencies and ensure consistency across the government, OMB asks selected executive departments and agencies to designate a senior agency official who has agency-wide responsibility, accountability, and authority for geospatial information issues.

Dated March 3, Dated April 13, FOIA , access. The intent of implementing the checklist is to compensate for the lack of physical security controls when information is removed from, or accessed from outside the agency location. Dated June 23, Directs agencies to ensure that reported small business contracts and related contract actions were actually awarded to small businesses.

Each Department and agency is responsible for submitting accurate data to FPDS and verifying the accuracy of such data. Provides guidance on information collection for earmark reform. Dated January 25, This data model is intended to be used in conjunction with the Section of American Recovery and Reinvestment Act. Provided for quarter ending September 30, When fully utilized, ITDS will help us reduce redundant information collections, efficiently regulate the flow of commerce, and effectively enforce international trade laws.

Dated September 10, This memorandum transmits government-wide guidance for carrying out the reporting requirements included in Section of the American Recovery and Reinvestment Act of Recovery Act. Dated June 22, This Memorandum provides Federal agencies with a standard methodology that is necessary for effectively implementing reviews of the quality of data submitted by recipients; provides guidance to Federal agencies on the format and dates to provide OMB with the list of awards subject to recipient reporting; and provides guidance to Federal agencies on the format and dates to provide OMB with the associated list of specific recipients who failed to submit required reports.

Dated December 18, This Memorandum establishes new procedures and provides updated guidance and requirements for agency use of web measurement and customization technologies. Dated June 25, This Memorandum requires Federal agencies to take specific steps to protect individual privacy whenever they use third-party websites and applications to engage with the public.

This memorandum provides policy direction regarding development of agency IT investment baseline management policies and defines a common structure for IT investment baseline management policy with the goal of improving transparency, performance management, and effective investment oversight. Dated June 28, Section a, whether data are shared between Federal agencies or matched with State agency data. Inter-agency sharing of information about individuals can be an important tool in improving the efficiency of government programs.

By sharing data, agencies can often reduce errors, improve program efficiency, identify and prevent fraud, find intended beneficiaries, evaluate program performance, and reduce information collection burden on the public. As government increasingly moves to electronic collection and dissemination of data, under the Government Paperwork Elimination Act and other programs, opportunities to share data across agencies will likely increase.

Agencies should work together to determine what data sharing opportunities are desirable, feasible, and appropriate.

In general, data sharing should only be pursued if the benefits outweigh the costs. With increased focus on data sharing, agencies must pay close attention to handling responsibly their own data and the data they share with or receive from other agencies. When information about individuals is involved, agencies must pay especially close attention to privacy interests and must incorporate measures to safeguard those interests.

Prior to any data sharing, agencies must review and meet the Privacy Act requirements for computer matching, including developing a computer matching agreement and publishing notice of the proposed match in the Federal Register ; OMB Guidance on Computer Matching 54 Fed. The attached memorandum puts forth principles on protecting personal privacy when conducting inter-agency data sharing.

Agencies should obtain the written or electronic consent of individuals before sharing personal data protected by the Privacy Act, unless one of the exceptions under Section a b of the Privacy Act applies.

Data sharing programs should prohibit the redisclosure of the data, except as allowed under the Matching Act. Specifically, the Matching Act prohibits recipient agencies, whether Federal or State, from redisclosing records, except where required by law or where the redisclosure is essential to the conduct of the matching program.