Collapse to view only § 11301. Responsibility of Director
- § 11301. Responsibility of Director
- § 11302. Capital planning and investment control
- § 11303. Performance-based and results-based management
§ 11301. Responsibility of Director
In fulfilling the responsibility to administer the functions assigned under chapter 35 of title 44, the Director of the Office of Management and Budget shall comply with this chapter with respect to the specific matters covered by this chapter.
(Pub. L. 107–217, Aug. 21, 2002, 116 Stat. 1237.)
§ 11302. Capital planning and investment control
(a)Federal Information Technology.—The Director of the Office of Management and Budget shall perform the responsibilities set forth in this section in fulfilling the responsibilities under section 3504(h) of title 44.
(b)Use of Information Technology in Federal Programs.—The Director shall promote and improve the acquisition, use, security, and disposal of information technology by the Federal Government to improve the productivity, efficiency, and effectiveness of federal programs, including through dissemination of public information and the reduction of information collection burdens on the public.
(c)Use of Budget Process.—
(1)Definitions.—In this subsection:
(A) The term “covered agency” means an agency listed in section 901(b)(1) or 901(b)(2) of title 31.
(B) The term “major information technology investment” means an investment within a covered agency information technology investment portfolio that is designated by the covered agency as major, in accordance with capital planning guidance issued by the Director.
(C) The term “national security system” has the meaning provided in section 3542 of title 44.1
1 See References in Text note below.
(2)Analyzing, tracking, and evaluating capital investments.—As part of the budget process, the Director shall develop a process for analyzing, tracking, and evaluating the risks, including information security risks, and results of all major capital investments made by an executive agency for information systems. The process shall cover the life of each system and shall include explicit criteria for analyzing the projected and actual costs, benefits, and risks, including information security risks, associated with the investments.
(3)Public availability.—
(A)In general.—The Director shall make available to the public a list of each major information technology investment, without regard to whether the investments are for new information technology acquisitions or for operations and maintenance of existing information technology, including data on cost, schedule, and performance.
(B)Agency information.—
(i) The Director shall issue guidance to each covered agency for reporting of data required by subparagraph (A) that provides a standardized data template that can be incorporated into existing, required data reporting formats and processes. Such guidance shall integrate the reporting process into current budget reporting that each covered agency provides to the Office of Management and Budget, to minimize additional workload. Such guidance shall also clearly specify that the investment evaluation required under subparagraph (C) adequately reflect the investment’s cost and schedule performance and employ incremental development approaches in appropriate cases.
(ii) The Chief Information Officer of each covered agency shall provide the Director with the information described in subparagraph (A) on at least a semi-annual basis for each major information technology investment, using existing data systems and processes.
(C)Investment evaluation.—For each major information technology investment listed under subparagraph (A), the Chief Information Officer of the covered agency, in consultation with other appropriate agency officials, shall categorize the investment according to risk, in accordance with guidance issued by the Director.
(D)Continuous improvement.—If either the Director or the Chief Information Officer of a covered agency determines that the information made available from the agency’s existing data systems and processes as required by subparagraph (B) is not timely and reliable, the Chief Information Officer, in consultation with the Director and the head of the agency, shall establish a program for the improvement of such data systems and processes.
(E)Waiver or limitation authority.—The applicability of subparagraph (A) may be waived or the extent of the information may be limited by the Director, if the Director determines that such a waiver or limitation is in the national security interests of the United States.
(F)Additional limitation.—The requirements of subparagraph (A) shall not apply to national security systems or to telecommunications or information technology that is fully funded by amounts made available—
(i) under the National Intelligence Program, defined by section 3(6) of the National Security Act of 1947 (50 U.S.C. 3003(6));
(ii) under the Military Intelligence Program or any successor program or programs; or
(iii) jointly under the National Intelligence Program and the Military Intelligence Program (or any successor program or programs).
(4)Risk management.—For each major information technology investment listed under paragraph (3)(A) that receives a high risk rating, as described in paragraph (3)(C), for 4 consecutive quarters—
(A) the Chief Information Officer of the covered agency and the program manager of the investment within the covered agency, in consultation with the Administrator of the Office of Electronic Government, shall conduct a review of the investment that shall identify—
(i) the root causes of the high level of risk of the investment;
(ii) the extent to which these causes can be addressed; and
(iii) the probability of future success;
(B) the Administrator of the Office of Electronic Government shall communicate the results of the review under subparagraph (A) to—
(i) the Committee on Homeland Security and Governmental Affairs and the Committee on Appropriations of the Senate;
(ii) the Committee on Oversight and Government Reform and the Committee on Appropriations of the House of Representatives; and
(iii) the committees of the Senate and the House of Representatives with primary jurisdiction over the agency;
(C) in the case of a major information technology investment of the Department of Defense, the assessment required by subparagraph (A) may be accomplished in accordance with section 2445c
(D) for a covered agency other than the Department of Defense, if on the date that is one year after the date of completion of the review required under subsection (A), the investment is rated as high risk under paragraph (3)(C), the Director shall deny any request for additional development, modernization, or enhancement funding for the investment until the date on which the Chief Information Officer of the covered agency determines that the root causes of the high level of risk of the investment have been addressed, and there is sufficient capability to deliver the remaining planned increments within the planned cost and schedule.
(5)Report to congress.—At the same time that the President submits the budget for a fiscal year to Congress under section 1105(a) of title 31, the Director shall submit to Congress a report on the net program performance benefits achieved as a result of major capital investments made by executive agencies for information systems and how the benefits relate to the accomplishment of the goals of the executive agencies.
(d)Information Technology Standards.—The Director shall oversee the development and implementation of standards and guidelines pertaining to federal computer systems by the Secretary of Commerce through the National Institute of Standards and Technology under section 11331 of this title 1 and section 20 of the National Institute of Standards and Technology Act (15 U.S.C. 278g–3).
(e)Designation of Executive Agents for Acquisitions.—The Director shall designate the head of one or more executive agencies, as the Director considers appropriate, as executive agent for Government-wide acquisitions of information technology.
(f)Use of Best Practices in Acquisitions.—The Director shall encourage the heads of the executive agencies to develop and use the best practices in the acquisition of information technology.
(g)Assessment of Other Models for Managing Information Technology.—On a continuing basis, the Director shall assess the experiences of executive agencies, state and local governments, international organizations, and the private sector in managing information technology.
(h)Comparison of Agency Uses of Information Technology.—The Director shall compare the performances of the executive agencies in using information technology and shall disseminate the comparisons to the heads of the executive agencies.
(i)Monitoring Training.—The Director shall monitor the development and implementation of training in information resources management for executive agency personnel.
(j)Informing Congress.—The Director shall keep Congress fully informed on the extent to which the executive agencies are improving the performance of agency programs and the accomplishment of the agency missions through the use of the best practices in information resources management.
(k)Coordination of Policy Development and Review.—The Director shall coordinate with the Office of Federal Procurement Policy the development and review by the Administrator of the Office of Information and Regulatory Affairs of policy associated with federal acquisition of information technology.
(Pub. L. 107–217, Aug. 21, 2002, 116 Stat. 1237; Pub. L. 108–458, title VIII, § 8401(1), (2), Dec. 17, 2004, 118 Stat. 3869; Pub. L. 113–291, div. A, title VIII, § 832, Dec. 19, 2014, 128 Stat. 3440; Pub. L. 115–88, § 2, Nov. 21, 2017, 131 Stat. 1278; Pub. L. 115–91, div. A, title VIII, § 819(a), Dec. 12, 2017, 131 Stat. 1464.)
§ 11303. Performance-based and results-based management
(a)In General.—The Director of the Office of Management and Budget shall encourage the use of performance-based and results-based management in fulfilling the responsibilities assigned under section 3504(h) of title 44.
(b)Evaluation of Agency Programs and Investments.—
(1)Requirement.—The Director shall evaluate the information resources management practices of the executive agencies with respect to the performance and results of the investments made by the executive agencies in information technology.
(2)Direction for executive agency action.—The Director shall issue to the head of each executive agency clear and concise direction that the head of each agency shall—
(A) establish effective and efficient capital planning processes for selecting, managing, and evaluating the results of all of its major investments in information systems;
(B) determine, before making an investment in a new information system—
(i) whether the function to be supported by the system should be performed by the private sector and, if so, whether any component of the executive agency performing that function should be converted from a governmental organization to a private sector organization; or
(ii) whether the function should be performed by the executive agency and, if so, whether the function should be performed by a private sector source under contract or by executive agency personnel;
(C) analyze the missions of the executive agency and, based on the analysis, revise the executive agency’s mission-related processes and administrative processes, as appropriate, before making significant investments in information technology to be used in support of those missions; and
(D) ensure that the information security policies, procedures, and practices are adequate.
(3)Guidance for multiagency investments.—The direction issued under paragraph (2) shall include guidance for undertaking efficiently and effectively interagency and Federal Government-wide investments in information technology to improve the accomplishment of missions that are common to the executive agencies.
(4)Periodic reviews.—The Director shall implement through the budget process periodic reviews of selected information resources management activities of the executive agencies to ascertain the efficiency and effectiveness of information technology in improving the performance of the executive agency and the accomplishment of the missions of the executive agency.
(5)Enforcement of accountability.—
(A)In general.—The Director may take any action that the Director considers appropriate, including an action involving the budgetary process or appropriations management process, to enforce accountability of the head of an executive agency for information resources management and for the investments made by the executive agency in information technology.
(B)Specific actions.—Actions taken by the Director may include—
(i) recommending a reduction or an increase in the amount for information resources that the head of the executive agency proposes for the budget submitted to Congress under section 1105(a) of title 31;
(ii) reducing or otherwise adjusting apportionments and reapportionments of appropriations for information resources;
(iii) using other administrative controls over appropriations to restrict the availability of amounts for information resources; and
(iv) designating for the executive agency an executive agent to contract with private sector sources for the performance of information resources management or the acquisition of information technology.
(Pub. L. 107–217, Aug. 21, 2002, 116 Stat. 1238.)