The Office of Management and Budget’s (OMB) recent 85-page 2016 update to its Circular A-130, Managing Information as a Strategic Resource, defining federal policy and guidance for management of federal information resources. In response, the Smart Card Alliance issued a paper highlighting the major changes in the policies governing federal use of PIV credentials for access control, discusses the impact of these changes on the federal government and commercial industry and outlines issues to be considered in complying with A-130 for selected topic areas.
The Alliance’s paper summarizes and provides commentary on the major policy highlights, incorporating input and perspectives from its members to discuss the impacts and opportunities for securing government information systems.
“The Smart Card Alliance supports the updates to the OMB Circular A-130 and believes it provides more clarity for how federal agencies implement identity and information security systems more efficiently and effectively,” said Randy Vanderhoof, executive director of the Smart Card Alliance. “In just a few pages, this paper summarizes the major policy highlights from the 85-page OMB Circular A-130 that impact the implementation of access control systems. The commentary incorporates inputs and perspectives from Smart Card Alliance members representing a variety of different stakeholder groups to discuss the impacts and opportunities for securing government information systems.”
The Smart Card Alliance’s response paper, Smart Card Alliance Commentary: OMB Circular A-130 – Managing Information as a Strategic Resource, was developed by the Smart Card Alliance Access Control Council.
The Alliance said its “paper provides commentary on the impact of the update on the access control industry and on government agencies procuring and implementing access control systems. In the response, the Smart Card Alliance addresses how the updated guidance:"
- Provides a continued strong focus on the need for implementing updated federal information systemsthat address information security and privacy;
- Reinforces the requirements of HSPD-12 and FIPS 201 and the use of the PIV credential for federal employees and contractors;
- Defines the physical access control system (PACS) as an information system that is under the jurisdiction of the CIO and IT departments;
- Assigns responsibility to specific agency staff for modernization of IT resources; and
- Requires agencies to prioritize funding for modernization of IT resources
For more information on the Smart Card Alliance Access Control Council, visit http://www.smartcardalliance.org/alliance-industry-councils/.
The Smart Card Alliance is a not-for-profit, multi-industry association working to stimulate the understanding, adoption, use and widespread application of smart card technology.