NIST Site Search
Search NIST.GOV
Custom Search
[Official NIST.GOV TIME]
Product Research

Advertise on this site
OMB Circular A-130
print the content item {PDF=create pdf file of the content item^plugin:content.16}
in Regulatory Compliance > A-130 Compliance

You can view the entire OMB Circular A-130 document on the Whitehouse.gov website.

You can also download the A-130 PDF file.

Here is the stated purpose of OMB Circular A-130:
"This Circular establishes policy for the management of Federal information resources. OMB includes procedural and analytic guidelines for implementing specific aspects of these policies as appendices."

Here's the killer line to look for:
"Apply OMB policies and, for non-national security applications, NIST guidance to achieve adequate security commensurate with the level of risk and magnitude of harm."

And here's the hammer:
"Oversight: The Director of OMB will use information technology planning reviews, fiscal budget reviews, information collection budget reviews, management reviews, and such other measures as the Director deems necessary to evaluate the adequacy and efficiency of each agency's information resources management and compliance with this Circular."

Under FISMA all NIST FIPS documents are now required. The 800 series documents are also going to be used by OMB as "best practices" when conducting their audits. Implementing these NIST standards is going to be quite a lot of work for most agencies.
Translate to: {GOOGLETRANS}
Google Ads




Headlines

»CVE-2012-3425 (debian_linux, libpng, opensuse, ubuntu_linux)
The png_push_read_zTXt function in pngpread.c in libpng 1.0.x before 1.0.58, 1.2.x before 1.2.48, 1. ...
»CVE-2012-6656 (debian_linux, glibc, ubuntu_linux)
iconvdata/ibm930.c in GNU C Library (aka glibc) before 2.16 allows context-dependent attackers to ca ...
»CVE-2013-4589 (fedora, graphicsmagick, suse_linux_enterprise_debuginfo, suse_linux_enterprise_software_development_kit, suse_studio_onsite)
The ExportAlphaQuantumType function in export.c in GraphicsMagick before 1.3.18 might allow remote a ...
»CVE-2013-5589 (cacti, debian_linux, opensuse)
SQL injection vulnerability in cacti/host.php in Cacti 0.8.8b and earlier allows remote attackers to ...
»CVE-2013-6410 (debian_linux, nbd, ubuntu_linux)
nbd-server in Network Block Device (nbd) before 3.5 does not properly check IP addresses, which migh ...
»CVE-2014-0019 (fedora, opensuse, socat)
Stack-based buffer overflow in socat 1.3.0.0 through 1.7.2.2 and 2.0.0-b1 through 2.0.0-b6 allows lo ...
»CVE-2014-0189 (enterprise_linux_desktop, enterprise_linux_server, enterprise_linux_workstation, virt-who)
virt-who uses world-readable permissions for /etc/sysconfig/virt-who, which allows local users to ob ...
»CVE-2014-0247 (enterprise_linux_desktop, enterprise_linux_server, enterprise_linux_workstation, fedora, libreoffice, opensuse, ubuntu_linux)
LibreOffice 4.2.4 executes unspecified VBA macros automatically, which has unspecified impact and at ...
»CVE-2014-1553 (evergreen, firefox, firefox_esr, opensuse, thunderbird)
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 32.0, Firefox E ...
»CVE-2014-1563 (evergreen, firefox, firefox_esr, opensuse, thunderbird)
Use-after-free vulnerability in the mozilla::DOMSVGLength::GetTearOff function in Mozilla Firefox be ...
»CVE-2014-1564 (evergreen, firefox, firefox_esr, opensuse, thunderbird)
Mozilla Firefox before 32.0, Firefox ESR 31.x before 31.1, and Thunderbird 31.x before 31.1 do not p ...
»CVE-2014-1829 (debian_linux, mageia, requests, ubuntu_linux)
Requests (aka python-requests) before 2.3.0 allows remote servers to obtain a netrc password by read ...
»CVE-2014-2327 (cacti, debian_linux, opensuse)
Cross-site request forgery (CSRF) vulnerability in Cacti 0.8.7g, 0.8.8b, and earlier allows remote a ...
»CVE-2014-2328 (cacti, debian_linux, fedora, opensuse)
lib/graph_export.php in Cacti 0.8.7g, 0.8.8b, and earlier allows remote authenticated users to execu ...
»CVE-2014-2893 (clang, opensuse)
The GetHTMLRunDir function in the scan-build utility in Clang 3.5 and earlier allows local users to ...


Date published: 2016-08-31T04:50:03Z
Details

»FTC Releases Alert on Securing Personal Information When Using Rental Vehicles
Original release date: August 30, 2016 The Federal Trade Commission (FTC) has released recomm ...
»Adobe Releases Security Updates for ColdFusion
Original release date: August 30, 2016 Adobe has released security updates to address a vulne ...
»Apple Releases Security Update
Original release date: August 25, 2016 Apple has released a security update to address multip ...
»VMWare Releases Security Updates
Original release date: August 24, 2016 VMWare has released security updates to address vulner ...
»FTC Releases Alert on Louisiana Flood Disaster Scams
Original release date: August 23, 2016 The Federal Trade Commission (FTC) has released an ale ...
»Fortinet Releases Security Advisory
Original release date: August 22, 2016 Fortinet has released a security advisory to highlight ...
»Cisco Releases Security Updates
Original release date: August 20, 2016 Cisco has released security updates to address vulnera ...
»Cisco Releases Security Update
Original release date: August 12, 2016 Cisco has released a security update to address a vuln ...
»Microsoft Releases August 2016 Security Bulletin
Original release date: August 09, 2016 Microsoft has released nine updates to address vulnera ...
»VMware Releases Security Update
Original release date: August 05, 2016 VMware has released a security update to address vulne ...


Date published: not known
Details

»VB2016 preview: Wild Android Collusions
Full technical details of the first in-the-wild Android app 'collus ...
»Small Talks return to the Virus Bulletin Conference
Following their success last year, this year a series of "Smal ...
»Research shows web security products perform well against exploit kits
Research by Virus Bulletin, in which five web security products wer ...
»Throwback Thursday: Olympic Games
In 1994, along with the Olympic Games came an Olympic virus, from a ...
»VB2016 call for last-minute papers opened, discounts announced
Announcing the VB2016 call for last-minute papers and a number of d ...
»Guest Blog: Malicious Scripts Gaining Prevalence in Brazil
In the run up to VB2016, we invited the conference sponsors to writ ...
»Romanian university website compromised to serve Neutrino exploit kit
The website of the Carol Davila University of Medicine and Pharmacy ...
»It's 2016. Can we stop using MD5 in malware analyses?
While there are no actually risks involved in using MD5s in malware ...
»Throwback Thursday: Holding the Bady
In 2001, ‘Code Red’ caused White House administrators to change the ...


Date published: not known
Details
Main Menu
· Home
Current Security News
 
US-CERT Current Activity

» FTC Releases Alert on Securing Personal Information When Using Rental Vehicles
[30 Aug 2016 08:33pm]

» Adobe Releases Security Updates for ColdFusion
[30 Aug 2016 11:00am]

» Apple Releases Security Update
[25 Aug 2016 01:53pm]

» VMWare Releases Security Updates
[24 Aug 2016 03:33pm]

» FTC Releases Alert on Louisiana Flood Disaster Scams
[23 Aug 2016 05:48pm]

» Fortinet Releases Security Advisory
[22 Aug 2016 02:36pm]

» Cisco Releases Security Updates
[20 Aug 2016 12:56am]

» Cisco Releases Security Update
[12 Aug 2016 01:31pm]

» Microsoft Releases August 2016 Security Bulletin
[09 Aug 2016 12:55pm]

» VMware Releases Security Update
[05 Aug 2016 01:38pm]

***
US-CERT Alerts

» TA16-187A: Symantec and Norton Security Products Contain Critical Vulnerabilities
[05 Jul 2016 08:50am]

» TA16-144A: WPAD Name Collision Vulnerability
[23 May 2016 05:38am]

» TA16-132A: Exploitation of SAP Business Applications
[11 May 2016 05:31am]

» TA16-105A: Apple Ends Support for QuickTime for Windows; New Vulnerabilities Announced
[14 Apr 2016 01:48pm]

» TA16-091A: Ransomware and Recent Variants
[31 Mar 2016 04:00pm]

» TA15-337A: Dorkbot
[03 Dec 2015 04:40pm]

» TA15-314A: Compromised Web Servers and Web Shells - Threat Awareness and Guidance
[10 Nov 2015 06:12pm]

» TA15-286A: Dridex P2P Malware
[13 Oct 2015 05:23am]

» TA15-240A: Controlling Outbound DNS Access
[28 Aug 2015 11:31am]

» TA15-213A: Recent Email Phishing Campaigns – Mitigation and Response Recommendations
[01 Aug 2015 04:01pm]

***
Computerworld Security

» Review: SentinelOne blocks and dissects threats
[31 Aug 2016 07:21am]

» IDG Contributor Network: Ransomware: Pay now or lose everything
[31 Aug 2016 06:58am]

» Okta's API access product targets the trend toward services
[31 Aug 2016 04:54am]

» Dropbox changed passwords after 68M account records were compromised
[31 Aug 2016 04:38am]

» BitTorrent client is found distributing Mac-based malware
[30 Aug 2016 01:34pm]

» Okta partners with Google to secure cloud identities
[30 Aug 2016 01:21pm]

» Attackers use rogue proxies to hijack HTTPS traffic
[30 Aug 2016 09:42am]

» New ransomware threat deletes files from Linux web servers
[30 Aug 2016 07:51am]

» Privacy groups complain to FTC about WhatsApp policy changes
[30 Aug 2016 05:04am]

» Hackers had a chance to hamper voting by deleting records
[30 Aug 2016 04:45am]

» 45% off Dictionary Hidden Book Safe With Lock - Deal Alert
[29 Aug 2016 03:05pm]

» Two state election systems attacked, FBI suspects ‘foreign hackers’
[29 Aug 2016 11:45am]

» FBI: Hackers are targeting state election systems
[29 Aug 2016 11:36am]

» Sophisticated malware possibly tied to recent ATM heists in Thailand
[29 Aug 2016 09:25am]

» Review: Top tools for preventing data leaks
[29 Aug 2016 05:51am]

***
Microsoft Security Advisories

» 3179528 - Update for Kernel Mode Blacklist - Version: 1.0
[09 Aug 2016 11:00am]

» 2880823 - Deprecation of SHA-1 Hashing Algorithm for Microsoft Root Certificate Program - Version: 2.0
[18 May 2016 11:00am]

» 3155527 - Update to Cipher Suites for FalseStart - Version: 1.0
[10 May 2016 11:00am]

» 3152550 - Update to Improve Wireless Mouse Input Filtering - Version: 1.1
[22 Apr 2016 11:00am]

» 3137909 - Vulnerabilities in ASP.NET Templates Could Allow Tampering - Version: 1.1
[10 Feb 2016 11:00am]

» 2871997 - Update to Improve Credentials Protection and Management - Version: 5.0
[09 Feb 2016 11:00am]

» 3123479 - Deprecation of SHA-1 Hashing Algorithm for Microsoft Root Certificate Program - Version: 1.0
[12 Jan 2016 11:00am]

» 3109853 - Update to Improve TLS Session Resumption Interoperability - Version: 1.0
[12 Jan 2016 11:00am]

» 3118753 - Updates for ActiveX Kill Bits 3118753 - Version: 1.0
[12 Jan 2016 11:00am]

» 2755801 - Update for Vulnerabilities in Adobe Flash Player in Internet Explorer and Microsoft Edge - Version: 53.0
[05 Jan 2016 11:00am]

» 3123040 - Inadvertently Disclosed Digital Certificate Could Allow Spoofing - Version: 1.0
[08 Dec 2015 11:00am]

» 3057154 - Update to Harden Use of DES Encryption - Version: 1.1
[08 Dec 2015 11:00am]

» 3119884 - Inadvertently Disclosed Digital Certificates Could Allow Spoofing - Version: 1.0
[30 Nov 2015 11:00am]

» 3108638 - Update for Windows Hyper-V to Address CPU Weakness - Version: 1.0
[10 Nov 2015 11:00am]

» 3097966 - Inadvertently Disclosed Digital Certificates Could Allow Spoofing - Version: 2.0
[13 Oct 2015 11:00am]

***
WIRED

» Forget Software—Now Hackers Are Exploiting Physics
[31 Aug 2016 05:00am]

» Hack Brief: As FBI Warns Election Sites Got Hacked, All Eyes Are on Russia
[29 Aug 2016 09:49am]

» Security News This Week: Hillary Clinton Didn’t Delete Her Emails, She Super Deleted Them
[26 Aug 2016 07:30pm]

» Where Are Trump’s and Clinton’s Biggest Donations Coming From? We Made a Map
[26 Aug 2016 05:00am]

» A Hacking Group Is Selling iPhone Spyware to Governments
[25 Aug 2016 11:46am]

» WhatsApp’s Privacy Cred Just Took a Big Hit
[25 Aug 2016 10:16am]

» Of Course Everyone’s Already Using the Leaked NSA Exploits
[24 Aug 2016 11:19am]

» Security News This Week: Eddie Bauer Stores, Hotels and Hospitals Hacked
[20 Aug 2016 05:00am]

» WIRED’s Latest HTTPS Update: We’re Almost There, Folks
[19 Aug 2016 06:27pm]

» Hackers Trick Facial-Recognition Logins With Photos From Facebook (What Else?)
[19 Aug 2016 06:00am]

***
Network World Security

» Defense Department needs to embrace open source or military will lose tech superiority
[31 Aug 2016 08:44am]

» Adobe patches critical vulnerability in ColdFusion application server
[31 Aug 2016 07:53am]

» Review: SentinelOne blocks and dissects threats
[31 Aug 2016 05:40am]

» Lessons from high-profile IT failures
[31 Aug 2016 05:39am]

» Review: SentinelOne blocks and dissects threats
[31 Aug 2016 05:40am]

» Review: Top tools for preventing data leaks
[29 Aug 2016 04:00am]

» Top tools for preventing data leaks
[29 Aug 2016 04:00am]

» Review: Promisec goes the extra step to secure PCs
[13 Jul 2016 06:21am]

» 4 tools for managing firewall rules
[07 Jul 2016 11:03am]

» 10 advanced endpoint protection tools
[05 Jul 2016 04:00am]

» How to buy endpoint security products
[05 Jul 2016 04:00am]

» 7 trends in advanced endpoint protection
[05 Jul 2016 04:00am]

» 10 cutting-edge tools that take endpoint security to a new level
[05 Jul 2016 04:00am]

» Adobe patches critical vulnerability in ColdFusion application server
[31 Aug 2016 07:53am]

» Review: SentinelOne blocks and dissects threats
[31 Aug 2016 05:40am]

***


More IT Security
News Feeds
More Sponsors

Advertise on this site
RSS Feeds
Our news can be syndicated by using these rss feeds.
rss1.0
rss2.0
rdf

NIST.org is in no way connected to the U.S. government site NIST.gov

This site is © John Herron, CISSP. All Rights Reserved.

Please visit daily to stay up to date on all your IT Security compliance issues.

http://www.nist.org -
Hosted by BlueHost. We've never had a better hosting company.
{THEMEDISCLAIMER}