(a) Federal Information Technology.—The Director of the Office of Management and Budget shall perform the responsibilities set forth in this section in fulfilling the responsibilities under section 3504(h) of title 44.
Ask a legal question, get an answer ASAP!
Click here to chat with a lawyer about your rights.
Terms Used In 40 USC 11302
- Fiscal year: The fiscal year is the accounting period for the government. For the federal government, this begins on October 1 and ends on September 30. The fiscal year is designated by the calendar year in which it ends; for example, fiscal year 2006 begins on October 1, 2005 and ends on September 30, 2006.
- Jurisdiction: (1) The legal authority of a court to hear and decide a case. Concurrent jurisdiction exists when two courts have simultaneous responsibility for the same case. (2) The geographic area over which the court has authority to decide cases.
- officer: includes any person authorized by law to perform the duties of the office. See 1 USC 1
- Oversight: Committee review of the activities of a Federal agency or program.
- State: means a State, the District of Columbia, the Commonwealth of Puerto Rico, or any other territory or possession of the United States. See 1 USC 7
(b) Use of Information Technology in Federal Programs.—The Director shall promote and improve the acquisition, use, security, and disposal of information technology by the Federal Government to improve the productivity, efficiency, and effectiveness of federal programs, including through dissemination of public information and the reduction of information collection burdens on the public.
(c) Use of Budget Process.—
(1) Definitions.—In this subsection:
(A) The term “covered agency” means an agency listed in section 901(b)(1) or 901(b)(2) of title 31.
(B) The term “major information technology investment” means an investment within a covered agency information technology investment portfolio that is designated by the covered agency as major, in accordance with capital planning guidance issued by the Director.
(C) The term “national security system” has the meaning provided in section 3542 of title 44.1
(2) Analyzing, tracking, and evaluating capital investments.—As part of the budget process, the Director shall develop a process for analyzing, tracking, and evaluating the risks, including information security risks, and results of all major capital investments made by an executive agency for information systems. The process shall cover the life of each system and shall include explicit criteria for analyzing the projected and actual costs, benefits, and risks, including information security risks, associated with the investments.
(3) Public availability.—
(A) In general.—The Director shall make available to the public a list of each major information technology investment, without regard to whether the investments are for new information technology acquisitions or for operations and maintenance of existing information technology, including data on cost, schedule, and performance.
(B) Agency information.—
(i) The Director shall issue guidance to each covered agency for reporting of data required by subparagraph (A) that provides a standardized data template that can be incorporated into existing, required data reporting formats and processes. Such guidance shall integrate the reporting process into current budget reporting that each covered agency provides to the Office of Management and Budget, to minimize additional workload. Such guidance shall also clearly specify that the investment evaluation required under subparagraph (C) adequately reflect the investment’s cost and schedule performance and employ incremental development approaches in appropriate cases.
(ii) The Chief Information Officer of each covered agency shall provide the Director with the information described in subparagraph (A) on at least a semi-annual basis for each major information technology investment, using existing data systems and processes.
(C) Investment evaluation.—For each major information technology investment listed under subparagraph (A), the Chief Information Officer of the covered agency, in consultation with other appropriate agency officials, shall categorize the investment according to risk, in accordance with guidance issued by the Director.
(D) Continuous improvement.—If either the Director or the Chief Information Officer of a covered agency determines that the information made available from the agency’s existing data systems and processes as required by subparagraph (B) is not timely and reliable, the Chief Information Officer, in consultation with the Director and the head of the agency, shall establish a program for the improvement of such data systems and processes.
(E) Waiver or limitation authority.—The applicability of subparagraph (A) may be waived or the extent of the information may be limited by the Director, if the Director determines that such a waiver or limitation is in the national security interests of the United States.
(F) Additional limitation.—The requirements of subparagraph (A) shall not apply to national security systems or to telecommunications or information technology that is fully funded by amounts made available—
(i) under the National Intelligence Program, defined by section 3(6) of the National Security Act of 1947 (50 U.S.C. 3003(6));
(ii) under the Military Intelligence Program or any successor program or programs; or
(iii) jointly under the National Intelligence Program and the Military Intelligence Program (or any successor program or programs).
(4) Risk management.—For each major information technology investment listed under paragraph (3)(A) that receives a high risk rating, as described in paragraph (3)(C), for 4 consecutive quarters—
(A) the Chief Information Officer of the covered agency and the program manager of the investment within the covered agency, in consultation with the Administrator of the Office of Electronic Government, shall conduct a review of the investment that shall identify—
(i) the root causes of the high level of risk of the investment;
(ii) the extent to which these causes can be addressed; and
(iii) the probability of future success;
(B) the Administrator of the Office of Electronic Government shall communicate the results of the review under subparagraph (A) to—
(i) the Committee on Homeland Security and Governmental Affairs and the Committee on Appropriations of the Senate;
(ii) the Committee on Oversight and Government Reform and the Committee on Appropriations of the House of Representatives; and
(iii) the committees of the Senate and the House of Representatives with primary jurisdiction over the agency;
(C) in the case of a major information technology investment of the Department of Defense, the assessment required by subparagraph (A) may be accomplished in accordance with section 2445c 1 of title 10, provided that the results of the review are provided to the Administrator of the Office of Electronic Government upon request and to the committees identified in subsection (B); and
(D) for a covered agency other than the Department of Defense, if on the date that is one year after the date of completion of the review required under subsection (A), the investment is rated as high risk under paragraph (3)(C), the Director shall deny any request for additional development, modernization, or enhancement funding for the investment until the date on which the Chief Information Officer of the covered agency determines that the root causes of the high level of risk of the investment have been addressed, and there is sufficient capability to deliver the remaining planned increments within the planned cost and schedule.
(5) Report to congress.—At the same time that the President submits the budget for a fiscal year to Congress under section 1105(a) of title 31, the Director shall submit to Congress a report on the net program performance benefits achieved as a result of major capital investments made by executive agencies for information systems and how the benefits relate to the accomplishment of the goals of the executive agencies.
(d) Information Technology Standards.—The Director shall oversee the development and implementation of standards and guidelines pertaining to federal computer systems by the Secretary of Commerce through the National Institute of Standards and Technology under section 11331 of this title 1 and section 20 of the National Institute of Standards and Technology Act (15 U.S.C. 278g-3).
(e) Designation of Executive Agents for Acquisitions.—The Director shall designate the head of one or more executive agencies, as the Director considers appropriate, as executive agent for Government-wide acquisitions of information technology.
(f) Use of Best Practices in Acquisitions.—The Director shall encourage the heads of the executive agencies to develop and use the best practices in the acquisition of information technology.
(g) Assessment of Other Models for Managing Information Technology.—On a continuing basis, the Director shall assess the experiences of executive agencies, state and local governments, international organizations, and the private sector in managing information technology.
(h) Comparison of Agency Uses of Information Technology.—The Director shall compare the performances of the executive agencies in using information technology and shall disseminate the comparisons to the heads of the executive agencies.
(i) Monitoring Training.—The Director shall monitor the development and implementation of training in information resources management for executive agency personnel.
(j) Informing Congress.—The Director shall keep Congress fully informed on the extent to which the executive agencies are improving the performance of agency programs and the accomplishment of the agency missions through the use of the best practices in information resources management.
(k) Coordination of Policy Development and Review.—The Director shall coordinate with the Office of Federal Procurement Policy the development and review by the Administrator of the Office of Information and Regulatory Affairs of policy associated with federal acquisition of information technology.