How often should an independent review of the security controls be
performed, according to OMB Circular A-130?
A.
Never
B.
Every five years
C.
Every three years
D.
Every year
Explanation:
The correct answer is “Every three years”. OMB Circular A-130 requires that a reviewof the security controls for each major government application be
performed at least every three years. For general support systems,
OMB Circular A-130 requires that the security controls be reviewed
either by an independent audit or self review. Audits can be selfadministered
or independent (either internal or external). The essential
difference between a self-audit and an independent audit is
objectivity; however, some systems may require a fully independent
review. Source: Office of Management and Budget Circular A-130,
revised November 30, 2000 .