NIST Site Search
Search NIST.GOV
Custom Search
[Official NIST.GOV TIME]
Product Research

Advertise on this site
OMB Circular A-130
print the content item {PDF=create pdf file of the content item^plugin:content.16}
in Regulatory Compliance > A-130 Compliance

You can view the entire OMB Circular A-130 document on the Whitehouse.gov website.

You can also download the A-130 PDF file.

Here is the stated purpose of OMB Circular A-130:
"This Circular establishes policy for the management of Federal information resources. OMB includes procedural and analytic guidelines for implementing specific aspects of these policies as appendices."

Here's the killer line to look for:
"Apply OMB policies and, for non-national security applications, NIST guidance to achieve adequate security commensurate with the level of risk and magnitude of harm."

And here's the hammer:
"Oversight: The Director of OMB will use information technology planning reviews, fiscal budget reviews, information collection budget reviews, management reviews, and such other measures as the Director deems necessary to evaluate the adequacy and efficiency of each agency's information resources management and compliance with this Circular."

Under FISMA all NIST FIPS documents are now required. The 800 series documents are also going to be used by OMB as "best practices" when conducting their audits. Implementing these NIST standards is going to be quite a lot of work for most agencies.
Translate to: {GOOGLETRANS}
Google Ads




Headlines

»CVE-2014-3672 (libvirt, xen)
The qemu implementation in libvirt before 1.3.0 and Xen allows local guest OS users to cause a denia ...
»CVE-2015-7360 (fortisandbox_firmware)
Multiple cross-site scripting (XSS) vulnerabilities in the Web User Interface (WebUI) in Fortinet Fo ...
»CVE-2015-8853 (fedora, perl)
The (1) S_reghop3, (2) S_reghop4, and (3) S_reghopmaybe3 functions in regexec.c in Perl before 5.24.0 allow context-dependent attackers to cause a denial of service (infinite loop) via crafted utf-8 data, as demonstrated by "a\x80."
»CVE-2016-0264 (desktop_supplementary, enterprise_linux_desktop_supplementary, enterprise_linux_hpc_node_supplementary, enterprise_linux_server_supplementary, enterprise_linux_server_supplementary_eus, enterprise_linux_workstation_supplementary, java_sdk, linux_enterprise_server, linux_enterprise_software_development_kit, manager, manager_proxy, openstack, supplementary)
Buffer overflow in the Java Virtual Machine (JVM) in IBM SDK, Java Technology Edition 6 before SR16 ...
»CVE-2016-0718 (debian_linux, expat, ubuntu_linux)
Expat allows context-dependent attackers to cause a denial of service (crash) or possibly execute ar ...
»CVE-2016-1379
Cisco Adaptive Security Appliance (ASA) Software 9.0 through 9.5.1 mishandles IPsec error processing ...
»CVE-2016-1380 (web_security_appliance)
Cisco AsyncOS 8.0 before 8.0.6-119 on Web Security Appliance (WSA) devices allows remote attackers t ...
»CVE-2016-1381 (web_security_appliance)
Memory leak in Cisco AsyncOS 8.5 through 9.0 before 9.0.1-162 on Web Security Appliance (WSA) device ...
»CVE-2016-1382 (web_security_appliance_(wsa))
Cisco AsyncOS before 8.5.3-069 and 8.6 through 8.8 on Web Security Appliance (WSA) devices mishandle ...
»CVE-2016-1383 (web_security_appliance_(wsa))
Memory leak in Cisco AsyncOS through 8.8 on Web Security Appliance (WSA) devices allows remote attac ...
»CVE-2016-1385 (adaptive_security_appliance_firmware)
The XML parser in Cisco Adaptive Security Appliance (ASA) Software through 9.5.2 allows remote authe ...
»CVE-2016-1400 (telepresence_video_communication_server)
Cisco TelePresence Video Communications Server (VCS) X8.x before X8.7.2 allows remote attackers to c ...
»CVE-2016-1406 (evolved_programmable_network_manager, prime_infrastructure)
The API web interface in Cisco Prime Infrastructure before 3.1 and Cisco Evolved Programmable Networ ...
»CVE-2016-1407 (ios_xr)
Cisco IOS XR through 5.3.2 mishandles Local Packet Transport Services (LPTS) mishandles flow-base en ...
»CVE-2016-1410
Cisco WebEx Meeting Center Original Release Base allows remote attackers to obtain sensitive informa ...


Date published: 2016-05-29T04:50:00Z
Details

»Google Releases Security Update for Chrome
Original release date: May 26, 2016 Google has released Chrome version 51.0.2704.63 to addres ...
»Adobe Releases Security Update for Adobe Connect
Original release date: May 23, 2016 Adobe has released a security update to address a vulnera ...
»VMware Releases Security Updates
Original release date: May 18, 2016 VMware has released security updates to address vulnerabi ...
»Cisco Releases Security Updates
Original release date: May 18, 2016 Cisco has released security updates to address vulnerabil ...
»Symantec Releases Security Update
Original release date: May 16, 2016 Symantec has released Anti-Virus Engine 20151.1.1.4 to ad ...
»Apple Releases Multiple Security Updates
Original release date: May 16, 2016 Apple has released security updates for tvOS, iOS, watchO ...
»Adobe Releases Security Updates for Flash Player
Original release date: May 12, 2016 Adobe has released security updates to address vulnerabil ...
»Google Releases Security Update for Chrome
Original release date: May 11, 2016 Google has released Chrome version 50.0.2661.102 to addre ...
»Adobe Releases Security Updates
Original release date: May 10, 2016 | Last revised: May 11, 2016 Adobe has released security ...
»Microsoft Releases May 2016 Security Bulletin
Original release date: May 10, 2016 Microsoft has released 16 updates to address vulnerabilit ...


Date published: not known
Details

»Virus Bulletin's job site for recruiters and job seekers
Virus Bulletin has relaunched its security job vacancy service and ...
»Throwback Thursday: One_Half: The Lieutenant Commander?
In October 1994, a new multi-partite virus appeared, using some of ...
»Advertisements on Blogspot sites lead to support scam
Support scam pop-ups presented through malicious advertisements sho ...
»To make Tor work better on the web, we need to be honest about it
Many websites put barriers in front of visitors who use the Tor net ...
»Paper: How It Works: Steganography Hides Malware in Image Files
A new paper by CYREN researcher Lordian Mosuela takes a close look ...
»Paying a malware ransom is bad, but telling people to never do it is unhelpful advice
The current ransomware plague is one of the worst threats the Inter ...
»VB2015 paper: VolatilityBot: Malicious Code Extraction Made by and for Security Researchers
In his VB2015 paper, Martin Korman presented his 'VolatilyBot' tool ...
»VB2016 programme announced, registration opened
We have announced 37 papers (and four reserve papers) that will be ...
»New tool helps ransomware victims indentify the malware family
The people behind the MalwareHunterTeam have released a tool that h ...


Date published: not known
Details
Main Menu
· Home
Current Security News
 
US-CERT Current Activity

» Google Releases Security Update for Chrome
[26 May 2016 11:15am]

» Adobe Releases Security Update for Adobe Connect
[23 May 2016 01:44pm]

» VMware Releases Security Updates
[18 May 2016 03:20pm]

» Cisco Releases Security Updates
[18 May 2016 12:30pm]

» Symantec Releases Security Update
[16 May 2016 09:37pm]

» Apple Releases Multiple Security Updates
[16 May 2016 04:32pm]

» Adobe Releases Security Updates for Flash Player
[12 May 2016 11:39am]

» Google Releases Security Update for Chrome
[11 May 2016 03:59pm]

» Adobe Releases Security Updates
[10 May 2016 01:10pm]

» Microsoft Releases May 2016 Security Bulletin
[10 May 2016 01:07pm]

***
US-CERT Alerts

» TA16-144A: WPAD Name Collision Vulnerability
[23 May 2016 05:38am]

» TA16-132A: Exploitation of SAP Business Applications
[11 May 2016 05:31am]

» TA16-105A: Apple Ends Support for QuickTime for Windows; New Vulnerabilities Announced
[14 Apr 2016 01:48pm]

» TA16-091A: Ransomware and Recent Variants
[31 Mar 2016 04:00pm]

» TA15-337A: Dorkbot
[03 Dec 2015 04:40pm]

» TA15-314A: Compromised Web Servers and Web Shells - Threat Awareness and Guidance
[10 Nov 2015 06:12pm]

» TA15-286A: Dridex P2P Malware
[13 Oct 2015 05:23am]

» TA15-240A: Controlling Outbound DNS Access
[28 Aug 2015 11:31am]

» TA15-213A: Recent Email Phishing Campaigns – Mitigation and Response Recommendations
[01 Aug 2015 04:01pm]

» TA15-195A: Adobe Flash and Microsoft Windows Vulnerabilities
[14 Jul 2015 05:13pm]

***
Computerworld Security

» Malware links SWIFT breaches at banks to N. Korean hackers
[27 May 2016 11:01am]

» Senate proposal to require encryption workarounds may be dead
[27 May 2016 10:25am]

» New JavaScript spam wave distributes Locky ransomware
[27 May 2016 08:19am]

» What is MAREA? Oh, just an epic shift that changes everything [updated]
[27 May 2016 05:18am]

» Up to a dozen banks are reportedly investigating potential SWIFT breaches
[26 May 2016 02:14pm]

» Senators want warrant protections for U.S. email stored overseas
[26 May 2016 11:57am]

» Celebrity hacker Guccifer's confession gives us all a lesson in security
[26 May 2016 11:14am]

» IoT security is getting its own crash tests
[26 May 2016 05:09am]

» IDG Contributor Network: Are you buried under your security data?
[25 May 2016 01:00pm]

» Faception can allegedly tell if you're a terrorist just by analyzing your face
[25 May 2016 09:56am]

» Top-level domain expansion is a security risk for business computers
[25 May 2016 08:32am]

» Apple hires mobile encryption pioneer amid encryption debate
[25 May 2016 04:49am]

» Do we need vendor allies in the malware arms race?
[24 May 2016 12:35pm]

» State officials worry about their ability to fight cyberattacks
[24 May 2016 10:32am]

» New DMA Locker ransomware is ramping up for widespread attacks
[24 May 2016 09:22am]

***
Microsoft Security Advisories

» 2880823 - Deprecation of SHA-1 Hashing Algorithm for Microsoft Root Certificate Program - Version: 2.0
[18 May 2016 11:00am]

» 3155527 - Update to Cipher Suites for FalseStart - Version: 1.0
[10 May 2016 11:00am]

» 3152550 - Update to Improve Wireless Mouse Input Filtering - Version: 1.1
[22 Apr 2016 11:00am]

» 3137909 - Vulnerabilities in ASP.NET Templates Could Allow Tampering - Version: 1.1
[10 Feb 2016 11:00am]

» 2871997 - Update to Improve Credentials Protection and Management - Version: 5.0
[09 Feb 2016 11:00am]

» 3123479 - Deprecation of SHA-1 Hashing Algorithm for Microsoft Root Certificate Program - Version: 1.0
[12 Jan 2016 11:00am]

» 3109853 - Update to Improve TLS Session Resumption Interoperability - Version: 1.0
[12 Jan 2016 11:00am]

» 3118753 - Updates for ActiveX Kill Bits 3118753 - Version: 1.0
[12 Jan 2016 11:00am]

» 2755801 - Update for Vulnerabilities in Adobe Flash Player in Internet Explorer and Microsoft Edge - Version: 53.0
[05 Jan 2016 11:00am]

» 3123040 - Inadvertently Disclosed Digital Certificate Could Allow Spoofing - Version: 1.0
[08 Dec 2015 11:00am]

» 3057154 - Update to Harden Use of DES Encryption - Version: 1.1
[08 Dec 2015 11:00am]

» 3119884 - Inadvertently Disclosed Digital Certificates Could Allow Spoofing - Version: 1.0
[30 Nov 2015 11:00am]

» 3108638 - Update for Windows Hyper-V to Address CPU Weakness - Version: 1.0
[10 Nov 2015 11:00am]

» 3097966 - Inadvertently Disclosed Digital Certificates Could Allow Spoofing - Version: 2.0
[13 Oct 2015 11:00am]

» 2960358 - Update for Disabling RC4 in .NET TLS - Version: 2.0
[13 Oct 2015 11:00am]

***
WIRED

» Security News This Week: Apple Hires a Crypto Guru for Future Battles With the Feds
[28 May 2016 05:00am]

» This Map Tracks Where Governments Hack Activists and Reporters
[26 May 2016 05:00am]

» A Car’s Computer Can ‘Fingerprint’ You in Minutes Based on How You Drive
[25 May 2016 10:24am]

» Security News This Week: Russia’s FindFace Face-Recognition App Is a Privacy Nightmare
[21 May 2016 05:00am]

» Gay Dating Apps Promise Privacy, But Leak Your Exact Location
[20 May 2016 05:00am]

» Chelsea Manning’s Appeal Took Three Years to File. Here’s Why
[19 May 2016 05:49pm]

» New Surveillance System May Let Cops Use All of the Cameras
[19 May 2016 05:00am]

» With Allo and Duo, Google Finally Encrypts Conversations End-to-End
[18 May 2016 01:23pm]

» That Insane, $81M Bangladesh Bank Heist? Here’s What We Know
[17 May 2016 05:00am]

» Everything We Know About How the FBI Hacks People
[15 May 2016 05:00am]

***
Network World Security

» The shocking truth of how you'll be tracked online and why
[28 May 2016 10:21pm]

» Shared malware code links SWIFT-related breaches at banks and North Korean hackers
[27 May 2016 10:01am]

» Senate proposal to require encryption workarounds may be dead
[27 May 2016 08:37am]

» New JavaScript spam wave distributes Locky ransomware
[27 May 2016 07:46am]

» SIEM review: Splunk, ArcSight, LogRhythm and QRadar
[09 May 2016 02:00pm]

» What users love (and hate) about 4 leading firewall solutions
[25 Apr 2016 01:48pm]

» 10 no-cost home security mobile apps worth a download
[01 Apr 2016 06:39am]

» 7 VPN services for hotspot protection
[14 Mar 2016 04:00am]

» Review: Consider VPN services for hotspot protection
[14 Mar 2016 04:00am]

» Review: 5 application security testing tools compared
[01 Mar 2016 01:29pm]

» Skyport eases the pain of deploying and securing remote servers
[29 Feb 2016 04:00am]

» Review: 8 password managers for Windows, Mac OS X, iOS, and Android
[24 Feb 2016 05:58am]

» What users love (and hate) about 4 leading identity management tools
[22 Feb 2016 06:52am]

» Shared malware code links SWIFT-related breaches at banks and North Korean hackers
[27 May 2016 10:01am]

» Senate proposal to require encryption workarounds may be dead
[27 May 2016 08:37am]

***


More IT Security
News Feeds
More Sponsors

Advertise on this site
RSS Feeds
Our news can be syndicated by using these rss feeds.
rss1.0
rss2.0
rdf

NIST.org is in no way connected to the U.S. government site NIST.gov

This site is © John Herron, CISSP. All Rights Reserved.

Please visit daily to stay up to date on all your IT Security compliance issues.

http://www.nist.org -
Hosted by BlueHost. We've never had a better hosting company.
{THEMEDISCLAIMER}