The guidance sought public comment on an overarching federal policy from OMB as well as draft technical reference architecture and maturity model from Cybersecurity and Infrastructure Security Agency.