Guidance

This guidance focuses especially on the Computer Matching and Privacy Protection Amendments of 1990, which alter the due process provisions of the Computer Matching and Privacy Protection Act of 1988. The guidance also addresses another issue suggested by agencies in reporting to OMB their activities in implementing the Computer Matching and Privacy Protection Act. Dated April 23, 1991.

An Act to enhance the management and promotion of electronic government services and processes by establishing a Federal Chief Information Officer within the Office of Management and Budget, and by establishing a broad framework of measures that require using Internet-based information technology to enhance citizen access to Government information and services, and for other purposes. Dated December 17, 2002.

The United States Department of Justice Guide to the Freedom of Information Act is a comprehensive legal treatise on the FOIA. The Guide includes detailed discussions of the FOIA’s procedural requirements, nine exemptions, and litigation considerations. Each section contains a detailed analysis of the key judicial opinions issued on the FOIA.

Federal Information Processing Standards publication by the National Institute of Standards and Technology (NIST) that contains standards for the categorization of federal information systems.

The Federal Data Strategy provides a common set of data principles and best practices in implementing data innovations that drive more value for the public. Annual Federal Data Strategy action plans identify and prioritize practice-related steps for a given year, along with targeted timeframes and responsible entities. The plan identifies initial actions for agencies that are essential for establishing processes, building capacity, and aligning existing efforts to better leverage data as a strategic asset.

These guidelines implement the provisions of the Computer Matching and Privacy Protection Act of 1988. This Act amends the Privacy Act of 1974 to establish procedural safeguards affecting agencies' use of Privacy Act records in performing certain types of computerized matching programs. Dated June 19, 1989.

This report outlines the Freedom of Information Act (FOIA) Advisory Committee's recommendations and best practices for the administration of FOIA. Dated April 17, 2018.

The text of H.R.4174 - Foundations for Evidence-Based Policymaking Act of 2018, known as the Evidence Act. Title II of the Evidence Act (OPEN Government Data Act) describes the requirements for CDOs, CDO Council, and this repository.

Office of the Attorney General memo that issues guidelines for the implementation of the Freedom of Information Act (FOIA). Dated March 19, 2009.

The Paperwork Reduction Act of 1995 (PRA) requires agencies to submit requests to collect information from the public to the Office of Management and Budget (OMB) for approval. This guidance is designed to assist agencies and their contractors in preparing Information Collection Requests (ICRs), which may be commonly known as PRA submissions or “OMB clearance packages,” for surveys used for general purpose statistics or as part of program evaluations or research studies. Updated October 2016.

Pursuant to its responsibilities under section 6 of the Privacy Act of 1974, OMB developed guidance on how the recordkeeping provisions of that Act affect agencies' programs (so-called "call detail programs") to collect and use information relating to their employees use of long distance telephone systems. Dated April 20, 1987.

Provides policy and procedural guidance to Federal agencies for ensuring and maximizing the quality, objectivity, utility, and integrity of information (including statistical information) disseminated by Federal agencies. Dated February 22, 2002.

The purpose of the CIPSEA implementation guidance is to inform agencies about the requirements for using CIPSEA and to clarify the circumstances under which CIPSEA can be used. Dated June 15, 2007.

This material is provided to address comments and questions of general interest raised in response to OMB's guidelines for implementing of section 3 of the Privacy Act of 1974. Dated November 21, 1975.

Provides a model Privacy Impact Assessment (PIA) for agencies to use when preparing an adapted PIA before engaging the public through third-party websites and applications. The introduction to the model PIA provides additional context for agencies completing an adapted PIA. Dated December 29, 2011.

This bulletin establishes revised delineations for the Nation's Metropolitan Statistical Areas, Micropolitan Statistical Areas, and Combined Statistical Areas. The bulletin also provides delineations of Metropolitan Divisions as well as delineations of New England City and Town Areas. Dated August 15, 2017.

This Office of Management and Budget (OMB) Circular describes agency responsibilities for implementing the review, reporting, and publication requirements of the Privacy Act of 1974 (“the Privacy Act”), and related OMB policies. Dated December 2016.

Office of Management and Budget circular that directs agencies to use standards developed or adopted by voluntary consensus standards bodies rather than government-unique standards, except where inconsistent with applicable law or otherwise impractical. Revised Jan. 27, 2016.

Provides guidance on preparing the FY 2021 Budget and instructions on budget execution. Updated December 18, 2019.

This Circular defines management’s responsibilities for enterprise risk management (ERM) and internal control. The Circular provides updated implementation guidance to Federal managers to improve accountability and effectiveness of Federal programs as well as mission support operations through implementation of ERM practices and by establishing, maintaining, and assessing internal control effectiveness. Dated July 15, 2016.

Pursuant to OMB Circular No. A-123, agencies are required to manage risk in relation to achievement of reporting objectives. Prior to this update, Appendix A was prescriptive and rigorous in what agencies were required to implement in order to provide reasonable assurances over internal controls over financial reporting (ICOFR). This update balances that rigor with giving agencies the flexibility to determine which control activities are necessary to achieve reasonable assurances over internal controls and processes that support overall data quality contained in agency reports. Updated June 6, 2018.

The goal of this revised version of OMB Circular A-123 's Appendix C is to transform the improper payment compliance framework to create a more unified, comprehensive, and less burdensome set of requirements. Updated June 26, 2018.

Office of Management and Budget circular that establishes general policy for the planning, budgeting, governance, acquisition, and management of Federal information, personnel, equipment, funds, IT resources and supporting infrastructure and services. Dated July 28, 2016.

This Circular provides direction for federal agencies that produce, maintain or use spatial data either directly or indirectly in the fulfillment of their mission. This Circular establishes a coordinated approach to electronically develop the National Spatial Data Infrastructure and establishes the Federal Geographic Data Committee (FGDC).

This revised circular supersedes Circular A-89, dated December 31, 1970. It provides the basis for a systematic and periodic collection and uniform submission of information on all federally financed domestic assistance programs to the Office of Management and Budget (OMB) by Federal agencies. It also establishes Federal policies related to the delivery of this information to the public, including through the use of electronic media. The policies and responsibilities established by this Circular apply to all executive departments and agencies as defined by Section 551(1) of Title 5, United States Code.

Issues guidance to remind agencies of several privacy-related legal requirements that apply to computer matching and to clarify how agencies should conduct computer matching activities. Dated December 20, 2000.

Emphasizes the need to keep confidential the Executive Branch's internal deliberations regarding the various issues and options that were considered in the process leading to the President's budget decisions. Dated April 25, 2001.

Provides Reporting Instructions for the Government Information Security Reform Act and Updated Guidance on Security Plans of Action and Milestones. Dated July 2, 2002.

Outlines how Federal agencies should implement the Improper Payments Information Act of 2002. This legislation greatly expanded the Administration's efforts to identify and reduce erroneous payments in the government's programs and activities. When implemented, this guidance promises to improve the integrity of the government's payments and the efficiency of its programs and activities. Dated May 21, 2003.

Provides information to agencies on implementing the privacy provisions of the E-Government Act of 2002. Dated September 26, 2003.

Allocates responsibilities for ensuring the appropriate uniformity, centralization, efficiency, effectiveness, timeliness, and reciprocity of determining eligibility for access to classified national security information. Dated June 30, 2005.

This memorandum identifies procedures to organize and categorize information and make it searchable across agencies to improve public access and dissemination, discusses using the Federal Enterprise Architecture Data Reference Model (DRM), and reminds agencies of the breadth of their existing responsibilities primarily related to information access and dissemination, including under the Paperwork Reduction Act of 1995 and the E-Government Act of 2002. Dated December 16, 2005.

On December 14, 2005, the President issued Executive Order 13392, “Improving Agency Disclosure of Information.” In the order, the President directed agencies to ensure citizen-centered and results-oriented Freedom of Information Act (FOIA) operations. This memorandum highlights actions required of agencies by the Executive Order and provides contact information if your agency has questions about the order. Dated December 30, 2005.

To assist agencies and ensure consistency across the government, OMB asks selected executive departments and agencies to designate a senior agency official who has agency-wide responsibility, accountability, and authority for geospatial information issues. Dated March 3, 2006.

Follow-up memo to M-06-04, “Implementation of the President’s Executive Order ‘Improving Agency Disclosure of Information’”. In that memorandum, the Deputy Director summarized the Order’s requirements and highlighted its upcoming deadlines for agency action. Dated April 13, 2006.

Provides a checklist from the National Institute of Standards and Technology (NIST) for protection of remote information. The intent of implementing the checklist is to compensate for the lack of physical security controls when information is removed from, or accessed from outside the agency location. Dated June 23, 2006.

Directs agencies to ensure that reported small business contracts and related contract actions were actually awarded to small businesses. Each Department and agency is responsible for submitting accurate data to FPDS and verifying the accuracy of such data. Dated September 26, 2006.

Provides guidance on information collection for earmark reform. Dated January 25, 2007.

This data model is intended to be used in conjunction with the Section 1512 of American Recovery and Reinvestment Act. Provided for quarter ending September 30, 2009.

Requires the use of the International Trade Data System (ITDS) when collecting information to clear or license the import and export of cargo. When fully utilized, ITDS will help us reduce redundant information collections, efficiently regulate the flow of commerce, and effectively enforce international trade laws. Dated September 10, 2007.

This memorandum transmits government-wide guidance for carrying out the reporting requirements included in Section 1512 of the American Recovery and Reinvestment Act of 2009 (Recovery Act). Dated June 22, 2009.

This Memorandum provides Federal agencies with a standard methodology that is necessary for effectively implementing reviews of the quality of data submitted by recipients; provides guidance to Federal agencies on the format and dates to provide OMB with the list of awards subject to recipient reporting; and provides guidance to Federal agencies on the format and dates to provide OMB with the associated list of specific recipients who failed to submit required reports. Dated December 18, 2009.

This Memorandum establishes new procedures and provides updated guidance and requirements for agency use of web measurement and customization technologies. The central goal is to respect and safeguard the privacy of the American public while also increasing the Federal Government’s ability to serve the public by improving and modernizing its activities online. Dated June 25, 2010.

This Memorandum requires Federal agencies to take specific steps to protect individual privacy whenever they use third-party websites and applications to engage with the public. Dated June 25, 2010.

This memorandum provides policy direction regarding development of agency IT investment baseline management policies and defines a common structure for IT investment baseline management policy with the goal of improving transparency, performance management, and effective investment oversight. Dated June 28, 2010.

Office of Management and Budget memo that encourages Federal agencies to engage in coordinated, collaborated data-sharing in a manner that complies with applicable privacy laws, regulations, and polices. Dated November 3, 2010.

Provides instructions in the wake of disclosure by WikiLeaks that resulted in significant damage to our national security. Dated November 28, 2010.

Provides a list of existing requirements and questions department or agency assessment teams should utilize, as an initial step, to assess the current state of information systems security. Dated January 3, 2011.

Office of Management and Budget memo that establishes a framework to help institutionalize the principles of effective information management at each stage of the information's life cycle to promote interoperability and openness. Dated May 9, 2013.

To help agencies move forward in harnessing evidence and evaluation, this memorandum (1) provides guidance for 2015 agency Budget submissions and (2) invites agencies to participate in a series of workshops and interagency collaborations to help agencies develop and strengthen proposals that catalyze innovation and learning. Dated July 26, 2013.

This memorandum provides agencies with guidance for managing information security risk on a continuous basis and builds upon efforts towards achieving the cybersecurity Cross-Agency Priority goal. Dated November 18, 2013.

The goal of this Memorandum is to help both program and statistical agencies and components (including evaluation and analysis units) use administrative data more fully in a manner that respects privacy and protects confidentiality. Specifically, this guidance will help program agencies manage their administrative data with statistical purposes in mind. Dated February 14, 2014.

To encourage the greater use of administrative data for statistical purposes, this Memorandum provides agencies with guidance for addressing the legal, policy, and operational issues that exist with respect to using administrative data for statistical purposes. Dated February 14, 2014.

This Memorandum provides guidance to Federal agencies on current reporting requirements pursuant to the Federal Funding Accountability and Transparency Act (FFATA) as well as new requirements that agencies must employ pursuant to the Digital Accountability and Transparency Act of 2014 (DATA Act). Dated May 8, 2015.

The purpose of this memorandum is to provide implementation guidance for the Federal Information Technology Acquisition Reform Act (FITARA) and related information technology (IT) management practices. Dated June 10, 2015.

This memorandum strongly encourages the Federal statistical agencies and units, and their parent Departments, to build interagency collaboration that will help the Federal statistical community more effectively meet the information needs of the 21st century. Dated July 8, 2015.

This memorandum addresses challenges in information technology (IT) category management, and specifically software licensing, in order to help agencies improve the acquisition and management of common IT goods and services. The focus of this memorandum is on office laptop and desktop computers. Dated October 16, 2015.

This memorandum addresses challenges in information technology (IT) category management, and specifically software licensing, in order to help agencies improve the acquisition and management of common IT goods and services. This memorandum follows recent OMB guidance regarding new requirements for purchasing desktops and laptops. Dated June 2, 2016.

This memorandum is the third in a series of policies directing covered agencies to improve their Information Technology (IT) commodity management practices. Dated August 4, 2016.

This Memorandum revises policies on the role and designation of a Senior Agency Official for Privacy. Dated September 15, 2016.

This Memorandum provides additional guidance to Federal agencies to support the technical operationalization of reporting to USASpending.gov in accordance with the Federal Funding Accountability and Transparency Act of20062 (FFATA), as amended by the Digital Accountability and Transparency Act of2014, and in furtherance of Federal spending transparency. Dated November 4, 2016.

Federal websites and digital services should always meet and maintain high standards of effectiveness and usability and provide quality information that is readily accessible to all. The requirements in this Memorandum support building effective and user-centric digital services. Dated November 8, 2016.

This Memorandum contains general guidance for the planning, identification, categorization, prioritization, reporting, assessment, and remediation of Federal High Value Assets (HVAs), as well as the handling of information related to HVAs by the Federal Government. Dated December 2016.

This Memorandum sets forth the policy for Federal agencies to prepare for and respond to a breach of personally identifiable information (PII). It includes a framework for assessing and mitigating the risk of harm to individuals potentially affected by a breach, as well as guidance on whether and how to provide notification and services to those individuals. Dated January 3, 2017.

This memorandum provides agencies with fiscal year (FY) 2019 reporting guidance and deadlines in accordance with the Federal Information Security Modernization Act of 2014 (FISMA). This memorandum also consolidates several government-wide reporting requirements into a single document to eliminate duplicative or burdensome processes. Dated October 25, 2018.

This memorandum provides guidance on the enhancement of the High Value Asset (HVA) program operated by the Department ofHomeland Security (DHS), in coordination with the Office ofManagement and Budget (OMB). Dated December 10, 2018.

One of the principal improvements in the FOIA Improvement Act of 2016 was the requirement to create a central, online request portal that allows a member of the public to submit a request for records under the FOIA to any Federal agency from a single website. This memorandum provides instructions for agencies' Chief FOIA Officers on actions that agencies must take to ensure interoperability with the National FOIA Portal. Dated February 12, 2019.

The purpose of this Memorandum is to reinforce, clarify, and interpret agency responsibilities with regard to responsibilities under the Information Quality Act (IQA). Dated April 24, 2019.

This memorandum sets forth the Federal Government's Identity, Credential, and Access Management (ICAM) policy. Dated May 21, 2019.

This memorandum establishes a Federal Data Strategy (Strategy) as a framework of operational principles and best practices that help agencies deliver on the promise of data in the 21st century. Through consistent data infrastructure and practices, the Strategy will enable Government to fully leverage data as a strategic asset by supporting strong data governance and providing the protection and security that the American people, businesses, and partners deserve. Dated June 4, 2019.

This Memorandum contains requirements for the consolidation and optimization of Federal data centers in accordance with FITARA. It establishes consolidation and optimization targets and metrics for Federal agencies, as well as requirements for reporting on their progress. Dated June 25, 2019.

Office of Management and Budget memo that outlines action steps to meeting the requirements of the Evidence Act. Dated July 10, 2019.

This Memorandum provides guidance to CFO Act agencies necessary to meet certain requirements of the Evidence Act, including program evaluation standards to guide agencies in developing and implementing evaluation activities, evaluation policies, and in hiring and retaining qualified staff. It also provides examples of leading practices for agencies to draw upon as they build evaluation capacity, develop policies and procedures, and carry out evaluations to support evidence-based policymaking. Dated March 10, 2020.

This document provides guidance on how the provisions of the Debt Collection Act of 1982 affect the Privacy Act of 1974. Dated April 11, 1983.

Establishes decision criteria with respect to the evaluation of major information system investments proposed for funding in the FY 1998 President's budget. Dated October 25, 1996.

This memorandum authorizes agencies to enter into multiagency contracts for information technology and sets forth good management practices to be followed by agencies that do so. Dated February 26, 1997.

This memorandum establishes a mechanism to support the work of interagency groups which advise the Director of OMB in carrying out the Clinger-Cohen Act (formerly the Information Technology Management Reform Act of 1996). Dated March 10, 1997.

On October 2, 1996, the President signed into law the "Electronic Freedom of Information Act Amendments of 1996" (Pub. L. 104-231). On April 7, 1997, I issued guidance (OMB Memorandum M97-10) on Section 11, which requires each agency to issue reference material or a guide for requesting records or information from the agency. The purpose of this memorandum is to rescind M-97-10 and reissue this guidance. Dated April 23, 1998.

This memorandum provides instructions to agencies on how to comply with the President's Memorandum of May 14, 1998 on "Privacy and Personal Information in Federal Records." In this Memorandum, the President directed Federal agencies to review their current information practices and ensure that they are being conducted in accordance with privacy law and policy. Dated January 7, 1999.

Every Federal web site must include a privacy policy statement, even if the site does not collect any information that results in creating a Privacy Act record. This attachment provides guidance and model language on privacy statements. Dated June 1, 1999.

Every two years the President is required to submit a report describing the exercise of individual rights of access and amendment under the Privacy Act and consolidating information regarding computer matching activities of federal agencies. OMB Circular A-130 directs agencies to submit information necessary to these reports by June 30 in even numbered years. This memorandum is a reminder and provides instructions as to how to report. Dated June 1998.

This memorandum provides additional guidance to Executive Departments and Agencies on responding to congressional inquiries which involve access to personal information subject to the Privacy Act of 1974. Dated October 3, 1975.

This memorandum calls attention to three areas and suggests specific remedial steps for agencies: (1) Agencies' disclosures of personal information from systems of records during the course of litigation; (2) the disclosure of personal information from Privacy Act files pursuant to Section (b)(2), which allows agencies to make non-consensual disclosures if the disclosure would be "required" under the Freedom of Information Act; (3) the relationship between the exemption provisions of the Privacy Act and those of the Freedom of Information Act. Dated May 24, 1985.

The Personal Responsibility and Work Opportunity Reconciliation Act (PRWORA) requires Federal agencies to transmit information about employees newly hired and quarterly earnings to a National Directory of New Hires. This memorandum provides a model notice to help agencies comply with the requirement to publish a notice in the Federal Register announcing that a new "routine use" will be added to the agency's Privacy Act system of records covering payroll information. Dated November 3, 1997.

Provides guidance on the biennial reporting requirements for Privacy Act Officers under the Privacy Act and the Computer Matching and Privacy Protection Act. Dated June 21, 2000.

This Circular defines responsibilities for Implementing the Privacy Act of 1974 to assure that personal information about individuals collected by Federal agencies is limited to that which is legally authorized and necessary and is maintained in a manner which precludes unwarranted intrusions upon individual privacy. Dated July 9, 1975.

This memorandum provides recommendations for planning and responding to data breaches which could result in identify theft. Dated September 20, 2006.

Provides a schedule of release dates for principal Federal economic indicators for 2019.

Announces OMB's final decision for the 2018 revision of Statistical Policy Directive No. 10, Standard Occupational Classification (SOC). Dated November 28, 2017.

Announces OMB's decision concerning the revision of Statistical Policy Directive No. 15, Race and Ethnic Standards for Federal Statistics and Administrative Reporting. Accepts the recommendations of the Interagency Committee for the Review of the Racial and Ethnic Standards with the following two modifications: (1) separating the Asian or Pacific Islander category into two categories—‘‘Asian’’ and ‘‘Native Hawaiian or Other Pacific Islander,’’ and (2) changing the term ‘‘Hispanic’’ to ‘‘Hispanic or Latino.’’ Dated October 30, 1997.

This Directive affirms the fundamental responsibilities of Federal statistical agencies and recognized statistical units in the design, collection, processing, editing, compilation, storage, analysis, release, and dissemination of statistical information. Dated December 2, 2014.

This Addendum provides Standards and Guidelines for Conducting Cognitive Interviews. Dated October 12, 2016.

As part of an ongoing effort to improve the quality, objectivity, utility, and integrity of information collected and disseminated by the Federal Government, OMB is issuing revised Standards and Guidelines for Statistical Surveys. Dated September 22, 2006.

The revised directive clarifies and strengthens OMB guidance to Federal agencies on the compilation and release of principal economic indicators. Dated September 25, 1985.

Issues a new Statistical Policy Directive for the release and dissemination of statistical products produced by Federal statistical agencies. Dated March 7, 2008.

The North American Industry Classification System (NAICS) is a system for classifying establishments (individual business locations) by type of economic activity. This announces OMB's adoption of NAICS revisions. Dated August 8, 2016.