OMB finalizes central guidance for IT planning

Final revision of A-130

As federal agencies undergo the slow, bumpy transformation to electronic

government, the Office of Management and Budget has updated the central

guidance for how agencies should manage information technology resources.

OMB's Circular A-130 oversees all IT-related decisions within an agency,

especially when those decisions affect the agency's mission. The changes

bring the guidance in line with federal IT management legislation and guidance

issued by Congress and OMB in the four years since the Internet really took

off in government.

The biggest addition to the circular is the inclusion of the Clinger-Cohen

Act of 1996, which created chief information officer positions within each

agency.

A-130 "now reflects Clinger-Cohen and the role of the CIO...and it sets

out in loving detail the responsibilities that lie there," said Sally Katzen,

deputy director for management at OMB.

OMB also incorporated the Government Paperwork Elimination Act of 1998

and all of the agency's guidelines for carrying out GPEA. Agencies are just

now putting in place the processes and systems needed to comply with the

act, which requires agencies to provide a way for citizens to interact with

the government electronically whenever possible by 2003.

Overall, A-130 incorporates the piecemeal guidance OMB has issued over

the last four years. "We picked up virtually everything that was out there

in one fell swoop," Katzen said.

Having all the guidance in one place definitely will be a plus for agencies,

said Rich Kellett, director of the emerging IT policies division at the

General Services Administration's Office of Government-wide Policy.

"You can, in one place, get the best view of what is the best IT management

for federal government," he said. "It is a good place to go for the strategic

view mixed in with the tactical view."

The various pieces of guidance had a big focus on IT capital planning

and investment management. The revised circular also reflects that focus,

especially in formally suggesting the creation of an investment board at

each agency — made up of the CIO, chief financial officer and chief procurement

executive — and using that resource to fine-tune budgets and systems.

"It puts for the agencies all in one place, and in a more or less coherent

fashion, all of the processes, things they'll want to think about before

presenting to their investment board and then to OMB," Katzen said.

A-130 now emphasizes the tie between capital planning and the development

of an enterprise IT architecture, a plan for how technology is going to

help an agency accomplish its mission. Many of the comments OMB received

about the revisions concerned the concept of an enterprise architecture

and the new Federal Enterprise Architecture Framework maintained by the

CIO Council.

This emphasis will be very important for IT managers, especially as

they move forward with e-government efforts, said Joan Steyaert, deputy

associate administrator for IT policy at the Office of Governmentwide Policy.

OMB did not fully address two important concerns in the revised circular — security and privacy. Both issues have received intense attention from

Congress and the Clinton administration, and OMB has issued several pieces

of guidance on them in the last year.

Part of the revision process enables agencies to "test-drive" guidance

before it is added to a circular, Katzen said. One example is the privacy

guidance on "cookies," small pieces of software that a Web server places

on users' hard drives to identify them on return visits to the site. OMB

issued guidance on cookies in July, and there were several questions from

agencies and the CIO Council. In September, OMB clarified the policy to

allow session cookies, which are erased when users close the Web browser.

"It's sort of good to have things out there for a while," Katzen said.

So although security and privacy do remain part of A-130, the true revisions

in this area will be done in 2001, Katzen said, citing in particular the

new Government Information Security Act that Congress passed in October

as part of the fiscal 2001 Defense Authorization Act.