OMB A-130 requirements - Agencies must incorporate security into the architecture of their information and systems to ensure that security supports agency business operations and that plans to fund and manage security are built into life-cycle budgets for information systems. (a) To support more effective agency implementation of both agency computer security and critical infrastructure protection programs, agencies must implement the following: (i) Prioritize key systems (including those that are most critical to agency operations); (ii) Apply OMB policies and, for non-national security applications, NIST guidance to achieve adequate security commensurate with the level of risk and magnitude of harm; (b) Agencies must make security's role explicit in information technology investments and capital programming. Investments in the development of new > or the continued operation of existing information systems, both general support systems and major applications must: (i) Demonstrate that the security controls for components, applications, and systems are consistent with, and an integral part of, the EA of the agency