The National Technical Information Service (NTIS) is part of the U.S. Department of Commerce. NTIS helps Federal agencies make better decisions about data, with data. They provide the support and structure to help their partners store, analyze, sort, and aggregate data in new ways securely.

Federal Information Processing Standards publication by the National Institute of Standards and Technology (NIST) that contains standards for the categorization of federal information systems.

This Circular defines management’s responsibilities for enterprise risk management (ERM) and internal control. The Circular provides updated implementation guidance to Federal managers to improve accountability and effectiveness of Federal programs as well as mission support operations through implementation of ERM practices and by establishing, maintaining, and assessing internal control effectiveness. Dated July 15, 2016.

Pursuant to OMB Circular No. A-123, agencies are required to manage risk in relation to achievement of reporting objectives. Prior to this update, Appendix A was prescriptive and rigorous in what agencies were required to implement in order to provide reasonable assurances over internal controls over financial reporting (ICOFR). This update balances that rigor with giving agencies the flexibility to determine which control activities are necessary to achieve reasonable assurances over internal controls and processes that support overall data quality contained in agency reports. Updated June 6, 2018.

The goal of this revised version of OMB Circular A-123 's Appendix C is to transform the improper payment compliance framework to create a more unified, comprehensive, and less burdensome set of requirements. Updated June 26, 2018.

Emphasizes the need to keep confidential the Executive Branch's internal deliberations regarding the various issues and options that were considered in the process leading to the President's budget decisions. Dated April 25, 2001.

Provides Reporting Instructions for the Government Information Security Reform Act and Updated Guidance on Security Plans of Action and Milestones. Dated July 2, 2002.

Provides a checklist from the National Institute of Standards and Technology (NIST) for protection of remote information. The intent of implementing the checklist is to compensate for the lack of physical security controls when information is removed from, or accessed from outside the agency location. Dated June 23, 2006.

Provides instructions in the wake of disclosure by WikiLeaks that resulted in significant damage to our national security. Dated November 28, 2010.

Provides a list of existing requirements and questions department or agency assessment teams should utilize, as an initial step, to assess the current state of information systems security. Dated January 3, 2011.

This memorandum provides agencies with guidance for managing information security risk on a continuous basis and builds upon efforts towards achieving the cybersecurity Cross-Agency Priority goal. Dated November 18, 2013.

This memorandum provides agencies with fiscal year (FY) 2019 reporting guidance and deadlines in accordance with the Federal Information Security Modernization Act of 2014 (FISMA). This memorandum also consolidates several government-wide reporting requirements into a single document to eliminate duplicative or burdensome processes. Dated October 25, 2018.

This memorandum provides recommendations for planning and responding to data breaches which could result in identify theft. Dated September 20, 2006.