In a letter published Wednesday, the lawmakers asked OMB Director Shaun Donovan to inform the Senate Homeland Security and Governmental Affairs Committee about the date the agency plans to release the updated version of the Circular A-130, Management of Federal Information Resources.
Johnson and Carper told Donovan that OMB should update appendix III of the guidance in compliance with the Federal Information Security Modernization Act of 2014 as well as help facilitate the continuous monitoring of cybersecurity measures.
Under the appendix, federal agencies are required to subject security controls for major applications and support systems to audits at least every three years.
âWhile some documentation of security controls is essential, these three-year assessments are not cost-effective or consistent with best-practices or other federal policies,â the lawmakers said.
Carper and Johnson requested OMB to submit its response to the Senate committee within 30 days.