User:L0c40796/MiaaSR

Executive Summary
The Circular No. A-130 sent to the Heads of Executive Department and Agencies with the subject: Managing Information as a Strategic Resource. The United States government classifies 16- operational sectors as vital to security, national economic security, national public health, and safety. Presidential Policy Directive 21 (PPD-21) Critical Infrastructure Security and Resilience advances a national policy to strengthen and maintain secure functioning and resilient critical infrastructure. During President Barack Obama's terms, the Office of the President understood the transformation technology continues to undergo. While the transformation in technology devices, so did the information stored on devices and increase the volume of information a user can store and share on the devices. This circular aims to manage Information as a resource circular to the US's social, political, and economic well-being.

Scope of the Problem
The United States government, like most private corporations, has benefited from a substantial amount of growth through advances in technology. Technology has grown, and as a result, access to content is faster and develops more comprehensive storage solutions with less physical space. The amount of Information saved to storage devices has increased over 1millions times, growing from the most extensive available drive in 1990 of 256-Gigabytes to what has become an industry-standard 4-Terabytes available for storage. With more space available, the government agencies now save more Information in digital format and not printing records to be secured in unknown locations protected by access controls the physical boundary of the building or bunker. Information stored digitally is readily available for access and sharing with other agencies or American citizens who have been approved to receive government records. Information stored via technology connected to the Internet and remotely accessible could be vulnerable to unauthorized access. The information maintained by the government includes Secret and Top-Secret communications, Intellectual Property, and other forms of highly sensitive information. This Circular is designed to communicate to all agencies the importance of Information. Along with other resources, Information should be treated as a strategic resource. An accompanying policy to support these needs to be in place with additional policies from the Office of Management and Budget (OMB).

Need for Change
A US Citizen can access Information from the US government has on themselves or loves one's in certain situations and any information that has been cleared for public access. To access these records, they make the Information available on the internet, which can expose these records to unauthorized resources. Treating information as a strategic asset will require an additional level of protection for all Information on government systems, whether hosted by the government or an approved vendor. The data would then need more than a username and password to access the Information. A secure token or response code sent to a verified mobile device code must also be presented within a limited time frame needs also to be required for access. We need this change in accessing strategic Information to prevent unauthorized access from enemies foreign and domestic, Nations States, and Bad Actors, from accessing Information. Besides protecting how Information is accessed remotely, this policy requires enforcement of this policy when the data in motion and storage location for data at rest.

Policy Recommendations
Federal Information serves as a national resource valuable to those in and out of the government, making this Information a strategic asset. This Circular applies to the management activities regarding the information resources and the management of these resources. All Federal Information on printed paper or stored on electronic medium fails under the requirement for protection as a strategic asset, except with national security systems where the agencies will need to follow approved statutes, executive orders, directives, and agency enacted policies.

Providing support for the Freedom of Information Act (FOIA) requires the government to maintain open records, so enacting this policy should not hinder the public's access. They follow proper protocols to get the information they are requesting. The information available via websites will require valid registration to access detailed records and allowing agencies to provide appropriate reporting on the level of access and volumetric details identifying who has downloaded what records and from where. The protection of individual privacy is of utmost importance in the recommended use of this policy through deployment and use.

This Circular includes details for risk management, including the minimum requirements to address risk when implementing the policy. Agency can assess their current information security policy, program, and risk management system to determine if appropriate to include this policy. If unable to address risks, then changes need to occur to any system that fails assessments before applying this circular. Agency staff should work with their Chief Information Officers (CIO) to develop and document their risk management plan and consult the National Institute of Standards and Technology (NIST) Special Publications (SPs) (e.g., 500, 800, and 1800 series guidelines) as outlined in this circular.This section contains the most detailed explanation of the concrete steps to be taken to address the policy issue.

Policy Alternatives
This policy of the United States strengthens the security and resilience of protecting Information against threats to get access to protected Information. The absence of this circular developing into a policy will require current policies that are in place to include Information in the protection associated with the policy. In other OMB policies that identify the protection of specific Information as a federal resource, their management can consist of confidentiality, privacy, and dissemination of Federal Information. A requirement with this Circular is that other OMB policies that protect Information are also in place. The Information Quality Act: OMB's Guidance and initial Implementation is an alternative that protected Information as a stand-alone policy, but this policy becomes stronger when combined with this circular. The goal is to not depend on alternatives to this circular and associated policy but to take the steps and implement this policy with other policies agencies must implement.

Recommendations
All Government agencies that collect, store, and share Federal Information, which means all US agencies need to implement the policy from the Circular sent this circular to the heads of the Executive Department and Agencies for use. However, this Circular should pertain to national government agencies and be provided to State and local government for their adherence. It is not only Information at the Federal level that is perceived as a source of a strategic resource. All government agencies are under threat of attack from Hackers, Nations States, and Ransomware Gangs to hold systems hostage for payment or get Information about US citizens or Top-Secret projects agencies currently have in the works. In addition, this circular needs to be a part of the private sector. Private companies use NIST documents as a baseline to build their security programs and foundational standards, and this circular needs to be added to NIST special publications. All US, State, and local government agencies and companies, Public and Private companies, need to manage their Information as a Strategic Resource.