OMB Circular A-130

Introduction

Information and information technology resources are widely recognized as one of the engines that drives the U.S. economy—giving industry a competitive advantage in the global marketplace, enabling the Federal government to provide quality services to citizens, and facilitating greater productivity as a nation. The deeply embedded nature of information technology in all Federal agency missions and business processes reflects the rapid transformation to a fully “digital” world. This transformation has provided significant opportunities for agencies through modern computing architectures, cloud technologies, and agile development techniques, to acquire and rapidly deploy highly efficient and cost-effective applications, services, and solutions. Today, agencies depend heavily on information technology to successfully carry out their missions and business functions, thus the information technology infrastructure, including the information systems and system components, must be dependable and survivable. Information systems must have the necessary levels of trustworthiness and resilience to be able to process, store, and transmit Federal information in a timely, efficient, and secure manner and to be able to operate under adverse conditions, when necessary, to provide essential services.

To provide the necessary levels of trustworthiness and resilience while maximizing advanced computing technologies, Federal information systems must be built to anticipate the modern threat space—that is, the systems should employ technologies that can significantly increase the “built-in” protection capability of those systems and make them inherently less vulnerable. This requires building trustworthiness and resilience in all layers of the information technology “stack” including the hardware, firmware, operating systems, middleware, and software applications. Increasing trustworthiness and resilience is a significant undertaking that requires a substantial investment in architectural design and development. The ultimate objective is to acquire and deploy more penetration-resistant, trustworthy, and resilient applications, systems, and services that are fully capable of supporting the Federal government’s missions and business operations with a level of assurance that is commensurate with its risk tolerance.

-->