Archive

DIVISION E--INFORMATION TECHNOLOGY MANAGEMENT REFORM

Sections 5001 - 5142

Sections 5201 - 5502
Sections 5601 - 5703

SEC. 5001. SHORT TITLE.

This division may be cited as the `Information Technology Management Reform Act of 1996'.

SEC. 5002. DEFINITIONS.

In this division:

(1) DIRECTOR- The term `Director' means the Director of the Office of Management and Budget.

(2) EXECUTIVE AGENCY- The term `executive agency' has the meaning given that term in section 4(1) of the Office of Federal Procurement Policy Act (41 U.S.C. 403(1)).

(3) INFORMATION TECHNOLOGY- (A) The term `information technology', with respect to an executive agency means any equipment or interconnected system or subsystem of equipment, that is used in the automatic acquisition, storage, manipulation, management, movement, control, display, switching, interchange, transmission, or reception of data or information by the executive agency. For purposes of the preceding sentence, equipment is used by an executive agency if the equipment is used by the executive agency directly or is used by a contractor under a contract with the executive agency which (i) requires the use of such equipment, or (ii) requires the use, to a significant extent, of such equipment in the performance of a service or the furnishing of a product.

(B) The term `information technology' includes computers, ancillary equipment, software, firmware and similar procedures, services (including support services), and related resources.

(C) Notwithstanding subparagraphs (A) and (B), the term `information technology' does not include any equipment that is acquired by a Federal contractor incidental to a Federal contract.

(4) INFORMATION RESOURCES- The term `information resources' has the meaning given such term in section 3502(6) of title 44, United States Code.

(5) INFORMATION RESOURCES MANAGEMENT- The term `information resources management' has the meaning given such term in section 3502(7) of title 44, United States Code.

(6) INFORMATION SYSTEM- The term `information system' has the meaning given such term in section 3502(8) of title 44, United States Code.

(7) COMMERCIAL ITEM- The term `commercial item' has the meaning given that term in section 4(12) of the Office of Federal Procurement Policy Act (41 U.S.C. 403(12)).

TITLE LI--RESPONSIBILITY FOR ACQUISITIONS OF INFORMATION TECHNOLOGY

Subtitle A--General Authority

SEC. 5101. REPEAL OF CENTRAL AUTHORITY OF THE ADMINISTRATOR OF GENERAL SERVICES.

Section 111 of the Federal Property and Administrative Services Act of 1949 (40 U.S.C. 759) is repealed.

Subtitle B--Director of the Office of Management and Budget

SEC. 5111. RESPONSIBILITY OF DIRECTOR.

In fulfilling the responsibility to administer the functions assigned under chapter 35 of title 44, United States Code, the Director shall comply with this title with respect to the specific matters covered by this title.

SEC. 5112. CAPITAL PLANNING AND INVESTMENT CONTROL.

(a) FEDERAL INFORMATION TECHNOLOGY- The Director shall perform the responsibilities set forth in this section in fulfilling the responsibilities under section 3504(h) of title 44, United States Code.

(b) USE OF INFORMATION TECHNOLOGY IN FEDERAL PROGRAMS- The Director shall promote and be responsible for improving the acquisition, use, and disposal of information technology by the Federal Government to improve the productivity, efficiency, and effectiveness of Federal programs, including through dissemination of public information and the reduction of information collection burdens on the public.

(c) USE OF BUDGET PROCESS- The Director shall develop, as part of the budget process, a process for analyzing, tracking, and evaluating the risks and results of all major capital investments made by an executive agency for information systems.

---

---

S.1124

National Defense Authorization Act for Fiscal Year 1996 (Enrolled Bill (Sent to President))

The process shall cover the life of each system and shall include explicit criteria for analyzing the projected and actual costs, benefits, and risks associated with the investments. At the same time that the President submits the budget for a fiscal year to Congress under section 1105(a) of title 31, United States Code, the Director shall submit to Congress a report on the net program performance benefits achieved as a result of major capital investments made by executive agencies in information systems and how the benefits relate to the accomplishment of the goals of the executive agencies.

(d) INFORMATION TECHNOLOGY STANDARDS- The Director shall oversee the development and implementation of standards and guidelines pertaining to Federal computer systems by the Secretary of Commerce through the National Institute of Standards and Technology under section 5131 and section 20 of the National Institute of Standards and Technology Act (15 U.S.C. 278g-3).

(e) DESIGNATION OF EXECUTIVE AGENTS FOR ACQUISITIONS- The Director shall designate (as the Director considers appropriate) one or more heads of executive agencies as executive agent for Government-wide acquisitions of information technology.

(f) USE OF BEST PRACTICES IN ACQUISITIONS- The Director shall encourage the heads of the executive agencies to develop and use the best practices in the acquisition of information technology.

(g) ASSESSMENT OF OTHER MODELS FOR MANAGING INFORMATION TECHNOLOGY- The Director shall assess, on a continuing basis, the experiences of executive agencies, State and local governments, international organizations, and the private sector in managing information technology.

(h) COMPARISON OF AGENCY USES OF INFORMATION TECHNOLOGY- The Director shall compare the performances of the executive agencies in using information technology and shall disseminate the comparisons to the heads of the executive agencies.

(i) TRAINING- The Director shall monitor the development and implementation of training in information resources management for executive agency personnel.

(j) INFORMING CONGRESS- The Director shall keep Congress fully informed on the extent to which the executive agencies are improving the performance of agency programs and the accomplishment of agency missions through the use of the best practices in information resources management.

(k) PROCUREMENT POLICY AND ACQUISITIONS OF INFORMATION TECHNOLOGY- The Director shall coordinate the development and review by the Administrator of the Office of Information and Regulatory Affairs of policy associated with Federal acquisition of information technology with the Office of Federal Procurement Policy.

SEC. 5113. PERFORMANCE-BASED AND RESULTS-BASED MANAGEMENT.

(a) IN GENERAL- The Director shall encourage the use of performance-based and results-based management in fulfilling the responsibilities assigned under section 3504(h), of title 44, United States Code.

(b) Evaluation of Agency Programs and Investments-

(1) REQUIREMENT- The Director shall evaluate the information resources management practices of the executive agencies with respect to the performance and results of the investments made by the executive agencies in information technology.

(2) DIRECTION FOR EXECUTIVE AGENCY ACTION- The Director shall issue to the head of each executive agency clear and concise direction that the head of such agency shall--

(A) establish effective and efficient capital planning processes for selecting, managing, and evaluating the results of all of its major investments in information systems;

(B) determine, before making an investment in a new information system--

(i) whether the function to be supported by the system should be performed by the private sector and, if so, whether any component of the executive agency performing that function should be converted from a governmental organization to a private sector organization; or

(ii) whether the function should be performed by the executive agency and, if so, whether the function should be performed by a private sector source under contract or by executive agency personnel;

(C) analyze the missions of the executive agency and, based on the analysis, revise the executive agency's mission-related processes and administrative processes, as appropriate, before making significant investments in information technology to be used in support of those missions; and

(D) ensure that the information security policies, procedures, and practices are adequate.

(3) GUIDANCE FOR MULTIAGENCY INVESTMENTS- The direction issued under paragraph (2) shall include guidance for undertaking efficiently and effectively interagency and Government-wide investments in information technology to improve the accomplishment of missions that are common to the executive agencies.

(4) PERIODIC REVIEWS- The Director shall implement through the budget process periodic reviews of selected information resources management activities of the executive agencies in order to ascertain the efficiency and effectiveness of information technology in improving the performance of the executive agency and the accomplishment of the missions of the executive agency.

(5) Enforcement of accountability-

(A) IN GENERAL- The Director may take any authorized action that the Director considers appropriate, including an action involving the budgetary process or appropriations management process, to enforce accountability of the head of an executive agency for information resources management and for the investments made by the executive agency in information technology.

(B) SPECIFIC ACTIONS- Actions taken by the Director in the case of an executive agency may include--

(i) recommending a reduction or an increase in any amount for information resources that the head of the executive agency proposes for the budget submitted to Congress under section 1105(a) of title 31, United States Code;

(ii) reducing or otherwise adjusting apportionments and reapportionments of appropriations for information resources;

(iii) using other authorized administrative controls over appropriations to restrict the availability of funds for information resources; and

(iv) designating for the executive agency an executive agent to contract with private sector sources for the performance of information resources management or the acquisition of information technology.

Subtitle C--Executive Agencies

SEC. 5121. RESPONSIBILITIES.

In fulfilling the responsibilities assigned under chapter 35 of title 44, United States Code, the head of each executive

agency shall comply with this subtitle with respect to the specific matters covered by this subtitle.

SEC. 5122. CAPITAL PLANNING AND INVESTMENT CONTROL.

(a) DESIGN OF PROCESS- In fulfilling the responsibilities assigned under section 3506(h) of title 44, United States Code, the head of each executive agency shall design and implement in the executive agency a process for maximizing the value and assessing and managing the risks of the information technology acquisitions of the executive agency.

(b) CONTENT OF PROCESS- The process of an executive agency shall--

(1) provide for the selection of information technology investments to be made by the executive agency, the management of such investments, and the evaluation of the results of such investments;

(2) be integrated with the processes for making budget, financial, and program management decisions within the executive agency;

S.1124

(3) include minimum criteria to be applied in considering whether to undertake a particular investment in information systems, including criteria related to the quantitatively expressed projected net, risk-adjusted return on investment and specific quantitative and qualitative criteria for comparing and prioritizing alternative information systems investment projects;

(4) provide for identifying information systems investments that would result in shared benefits or costs for other Federal agencies or State or local governments;

(5) provide for identifying for a proposed investment quantifiable measurements for determining the net benefits and risks of the investment; and

(6) provide the means for senior management personnel of the executive agency to obtain timely information regarding the progress of an investment in an information system, including a system of milestones for measuring progress, on an independently verifiable basis, in terms of cost, capability of the system to meet specified requirements, timeliness, and quality.

SEC. 5123. PERFORMANCE AND RESULTS-BASED MANAGEMENT.

In fulfilling the responsibilities under section 3506(h) of title 44, United States Code, the head of an executive agency shall--

(1) establish goals for improving the efficiency and effectiveness of agency operations and, as appropriate, the delivery of services to the public through the effective use of information technology;

(2) prepare an annual report, to be included in the executive agency's budget submission to Congress, on the progress in achieving the goals;

(3) ensure that performance measurements are prescribed for information technology used by or to be acquired for, the executive agency and that the performance measurements measure how well the information technology supports programs of the executive agency;

(4) where comparable processes and organizations in the public or private sectors exist, quantitatively benchmark agency process performance against such processes in terms of cost, speed, productivity, and quality of outputs and outcomes;

(5) analyze the missions of the executive agency and, based on the analysis, revise the executive agency's mission-related processes and administrative processes as appropriate before making significant investments in information technology that is to be used in support of the performance of those missions; and

(6) ensure that the information security policies, procedures, and practices of the executive agency are adequate.

SEC. 5124. ACQUISITIONS OF INFORMATION TECHNOLOGY.

(a) IN GENERAL- The authority of the head of an executive agency to conduct an acquisition of information technology includes the following authorities:

(1) To acquire information technology as authorized by law.

(2) To enter into a contract that provides for multiagency acquisitions of information technology in accordance with guidance issued by the Director.

(3) If the Director finds that it would be advantageous for the Federal Government to do so, to enter into a multiagency contract for procurement of commercial items of information technology that requires each executive agency covered by the contract, when procuring such items, either to procure the items under that contract or to justify an alternative procurement of the items.

(b) FTS 2000 PROGRAM- Notwithstanding any other provision of this or any other law, the Administrator of General Services shall continue to manage the FTS 2000 program, and to coordinate the follow-on to that program, on behalf of and with the advice of the heads of executive agencies.

SEC. 5125. AGENCY CHIEF INFORMATION OFFICER.

(a) DESIGNATION OF CHIEF INFORMATION OFFICERS- Section 3506 of title 44, United States Code, is amended--

(1) in subsection (a)--

(A) in paragraph (2)(A), by striking out `senior official' and inserting in lieu thereof `Chief Information Officer';

(B) in paragraph (2)(B)--

(i) by striking out `senior officials' in the first sentence and inserting in lieu thereof `Chief Information Officers';

(ii) by striking out `official' in the second sentence and inserting in lieu thereof `Chief Information Officer'; and

(iii) by striking out `officials' in the second sentence and inserting in lieu thereof `Chief Information Officers'; and

(C) in paragraphs (3) and (4), by striking out `senior official' each place it appears and inserting in lieu thereof `Chief Information Officer'; and

(2) in subsection (c)(1), by striking out `official' in the matter preceding subparagraph (A) and inserting in lieu thereof `Chief Information Officer'.

(b) GENERAL RESPONSIBILITIES- The Chief Information Officer of an executive agency shall be responsible for--

(1) providing advice and other assistance to the head of the executive agency and other senior management personnel of the executive agency to ensure that information technology is acquired and information resources are managed for the executive agency in a manner that implements the policies and procedures of this division, consistent with chapter 35 of title 44, United States Code, and the priorities established by the head of the executive agency;

(2) developing, maintaining, and facilitating the implementation of a sound and integrated information technology architecture for the executive agency; and

(3) promoting the effective and efficient design and operation of all major information resources management processes for the executive agency, including improvements to work processes of the executive agency.

(c) DUTIES AND QUALIFICATIONS- The Chief Information Officer of an agency that is listed in section 901(b) of title 31, United States Code, shall--

(1) have information resources management duties as that official's primary duty;

(2) monitor the performance of information technology programs of the agency, evaluate the performance of those programs on the basis of the applicable performance measurements, and advise the head of the agency regarding whether to continue, modify, or terminate a program or project; and

(3) annually, as part of the strategic planning and performance evaluation process required (subject to section 1117 of title 31, United States Code) under section 306 of title 5, United States Code, and sections 1105(a)(29), 1115, 1116, 1117, and 9703 of title 31, United States Code--

(A) assess the requirements established for agency personnel regarding knowledge and skill in information resources management and the adequacy of such requirements for facilitating the achievement of the performance goals established for information resources management;

(B) assess the extent to which the positions and personnel at the executive level of the agency and the positions and personnel at management level of the agency below the executive level meet those requirements;

(C) in order to rectify any deficiency in meeting those requirements, develop strategies and specific plans for hiring, training, and professional development; and

(D) report to the head of the agency on the progress made in improving information resources management capability.

>

(d) INFORMATION TECHNOLOGY ARCHITECTURE DEFINED- In this section, the term `information technology architecture', with respect to an executive agency, means an integrated framework for evolving or maintaining existing information technology and acquiring new information technology to achieve the agency's strategic goals and information resources management goals.

(e) EXECUTIVE LEVEL IV- Section 5315 of title 5, United States Code, is amended by adding at the end the following:

`Chief Information Officer, Department of Agriculture.

`Chief Information Officer, Department of Commerce.

`Chief Information Officer, Department of Defense (unless the official designated as the Chief Information Officer of the Department of Defense is an official listed under section 5312, 5313, or 5314 of this title).

`Chief Information Officer, Department of Education.

`Chief Information Officer, Department of Energy.

`Chief Information Officer, Department of Health and Human Services.

`Chief Information Officer, Department of Housing and Urban Development.

`Chief Information Officer, Department of Interior.

`Chief Information Officer, Department of Justice.

`Chief Information Officer, Department of Labor.

`Chief Information Officer, Department of State.

`Chief Information Officer, Department of Transportation.

`Chief Information Officer, Department of Treasury.

`Chief Information Officer, Department of Veterans Affairs.

`Chief Information Officer, Environmental Protection Agency.

`Chief Information Officer, National Aeronautics and Space Administration.

`Chief Information Officer, Agency for International Development.

`Chief Information Officer, Federal Emergency Management Agency.

`Chief Information Officer, General Services Administration.

`Chief Information Officer, National Science Foundation.

`Chief Information Officer, Nuclear Regulatory Agency.

`Chief Information Officer, Office of Personnel Management.

`Chief Information Officer, Small Business Administration.'.

SEC. 5126. ACCOUNTABILITY.

The head of each executive agency, in consultation with the Chief Information Officer and the Chief Financial Officer of that executive agency (or, in the case of an executive agency without a Chief Financial Officer, any comparable official), shall establish policies and procedures that--

(1) ensure that the accounting, financial, and asset management systems and other information systems of the executive agency are designed, developed, maintained, and used effectively to provide financial or program performance data for financial statements of the executive agency;

(2) ensure that financial and related program performance data are provided on a reliable, consistent, and timely basis to executive agency financial management systems; and

(3) ensure that financial statements support--

(A) assessments and revisions of mission-related processes and administrative processes of the executive agency; and

(B) performance measurement of the performance in the case of investments made by the agency in information systems.

SEC. 5127. SIGNIFICANT DEVIATIONS.

The head of an executive agency shall identify in the strategic information resources management plan required under section 3506(b)(2) of title 44, United States Code, any major information technology acquisition program, or any phase or increment of such a program, that has significantly deviated from the cost, performance, or schedule goals established for the program.

SEC. 5128. INTERAGENCY SUPPORT.

Funds available for an executive agency for oversight, acquisition, and procurement of information technology may be used by the head of the executive agency to support jointly with other executive agencies the activities of interagency groups that are established to advise the Director in carrying out the Director's responsibilities under this title. The use of such funds for that purpose shall be subject to such requirements and limitations on uses and amounts as the Director may prescribe. The Director shall prescribe any such requirements and limitations during the Director's review of the executive agency's proposed budget submitted to the Director by the head of the executive agency for purposes of section 1105 of title 31, United States Code.

Subtitle D--Other Responsibilities

SEC. 5131. RESPONSIBILITIES REGARDING EFFICIENCY, SECURITY, AND PRIVACY OF FEDERAL COMPUTER SYSTEMS.

(a) STANDARDS AND GUIDELINES-

(1) AUTHORITY- The Secretary of Commerce shall, on the basis of standards and guidelines developed by the National Institute of Standards and Technology pursuant to paragraphs (2) and (3) of section 20(a) of the National Institute of Standards and Technology Act (15 U.S.C. 278g-3(a)), promulgate standards and guidelines pertaining to Federal computer systems. The Secretary shall make such standards compulsory and binding to the extent to which the Secretary determines necessary to improve the efficiency of operation or security and privacy of Federal computer systems. The President may disapprove or modify such standards and guidelines if the President determines such action to be in the public interest. The President's authority to disapprove or modify such standards and guidelines may not be delegated. Notice of such disapproval or modification shall be published promptly in the Federal Register. Upon receiving notice of such disapproval or modification, the Secretary of Commerce shall immediately rescind or modify such standards or guidelines as directed by the President.

(2) EXERCISE OF AUTHORITY- The authority conferred upon the Secretary of Commerce by this section shall be exercised subject to direction by the President and in coordination with the Director to ensure fiscal and policy consistency.

(b) APPLICATION OF MORE STRINGENT STANDARDS- The head of a Federal agency may employ standards for the cost-effective security and privacy of sensitive information in a Federal computer system within or under the supervision of that agency that are more stringent than the standards promulgated by the Secretary of Commerce under this section, if such standards contain, at a minimum, the provisions of those applicable standards made compulsory and binding by the Secretary of Commerce.

(c) WAIVER OF STANDARDS- The standards determined under subsection (a) to be compulsory and binding may be waived by the Secretary of Commerce in writing upon a determination that compliance would adversely affect the accomplishment of the mission of an operator of a Federal computer system, or cause a major adverse financial impact on the operator which is not offset by Government-wide savings. The Secretary may delegate to the head of one or more Federal agencies authority to waive such standards to the extent to which the Secretary determines such action to be necessary and desirable to allow for timely and effective implementation of Federal computer system standards. The head of such agency may redelegate such authority only to a Chief Information Officer designated pursuant to section 3506 of title 44, United States Code. Notice of each such waiver and delegation shall be transmitted promptly to Congress and shall be published promptly in the Federal Register.

(d) DEFINITIONS- In this section, the terms `Federal computer system' and `operator of a Federal computer system' have the meanings given such terms in section 20(d) of the National Institute of Standards and Technology Act (15 U.S.C. 278g-3(d)).

(e) TECHNICAL AMENDMENTS- Chapter 35 of title 44, United States Code, is amended--

(1) in section 3504(g)--

(A) in paragraph (2), by striking out `the Computer Security Act of 1987 (40 U.S.C. 759 note)' and inserting in lieu thereof `sections 20 and 21 of the National Institute of Standards and Technology Act (15 U.S.C. 278g-3 and 278g-4), section 5131 of the Information Technology Management Reform Act of 1996, and sections 5 and 6 of the Computer Security Act of 1987 (40 U.S.C. 759 note)'; and

(B) in paragraph (3), by striking out `the Computer Security Act of 1987 (40 U.S.C. 759 note)' and inserting in lieu thereof `the standards and guidelines promulgated under section 5131 of the Information Technology Management Reform Act of 1996 and sections 5 and 6 of the Computer Security Act of 1987 (40 U.S.C. 759 note)'; and

(2) in section 3518(d), by striking out `Public Law 89-306 on the Administrator of the General Services Administration, the Secretary of Commerce, or' and inserting in lieu thereof `section 5131 of the Information Technology Management Reform Act of 1996 and the Computer Security Act of 1987 (40 U.S.C. 759 note) on the Secretary of Commerce or'.

SEC. 5132. SENSE OF CONGRESS.

It is the sense of Congress that, during the next five-year period beginning with 1996, executive agencies should achieve each year at least a 5 percent decrease in the cost (in constant fiscal year 1996 dollars) that is incurred by the agency for operating and maintaining information technology, and each year a 5 percent increase in the efficiency of the agency operations, by reason of improvements in information resources management by the agency.

Subtitle E--National Security Systems

SEC. 5141. APPLICABILITY TO NATIONAL SECURITY SYSTEMS.

(a) IN GENERAL- Except as provided in subsection (b), this title does not apply to national security systems.

(b) EXCEPTIONS-

(1) IN GENERAL- Sections 5123, 5125, and 5126 apply to national security systems.

(2) CAPITAL PLANNING AND INVESTMENT CONTROL- The heads of executive agencies shall apply sections 5112 and 5122 to national security systems to the extent practicable.

(3) PERFORMANCE AND RESULTS OF INFORMATION TECHNOLOGY INVESTMENTS- (A) Subject to subparagraph (B), the heads of executive agencies shall apply section 5113 to national security systems to the extent practicable.

(B) National security systems shall be subject to section 5113(b)(5) except for subparagraph (B)(iv) of that section.

SEC. 5142. NATIONAL SECURITY SYSTEM DEFINED.

(a) DEFINITION- In this subtitle, the term `national security system' means any telecommunications or information system operated by the United States Government, the function, operation, or use of which--

(1) involves intelligence activities;

(2) involves cryptologic activities related to national security;

(3) involves command and control of military forces;

(4) involves equipment that is an integral part of a weapon or weapons system; or

(5) subject to subsection (b), is critical to the direct fulfillment of military or intelligence missions.

(b) LIMITATION- Subsection (a)(5) does not include a system that is to be used for routine administrative and business applications (including payroll, finance, logistics, and personnel management applications).