... This phase may involve the disposition of information, hardware, and software. Activities may include moving, archiving, discarding, or destroying information and sanitizing the hardware ... A-130, Appendix III, “Security of Federal Automated Information Resources”; the Computer Security Act (CSA) of 1987; and the Government Information Security Reform Act of October 2000. 1.6 ... involvement of senior management. • Chief Information Officer (CIO). The CIO is responsible for the agency’s IT planning, budgeting, and performance including its information security components. Decisions...