The Office of Management and Budget (OMB) Circular A-130, "Management of Federal Information Resources," Appendix III, establishes policy for the management of Federal information resources. Procedural and analytic guidelines for implementing specific aspects of these policies are included as appendices.
NIACAP was written to be a guide to simplify the accreditation process. The NIACAP is a standard process that can be used to certify and accredit any of the systems that come under OMB A-130, Appendix III. Since systems have a lifecycle, it was written to be flexible enough to allow for system growth and development.
The completion of system security plans is a requirement of the OMB A-130, Appendix III; the "Security of Federal Automated Information Resources," updated in 1996; and the Public Law 100-235, "Computer Security Act of 1987." OMB Circular A-130, Appendix III, does not distinguish between sensitive and nonsensitive systems. Rather, consistent with the Computer Security Act of 1987, the Circular recognizes that federal automated information systems have varied sensitivity and criticality. All federal systems have some level of sensitivity and require protection as part of good management practice.
CygnaCom can assist with the following NIACAP activities and documentation preparation: