-CITE-

40 USC CHAPTER 113 - RESPONSIBILITY FOR ACQUISITIONS OF

INFORMATION TECHNOLOGY 01/06/03

-EXPCITE-

TITLE 40 - PUBLIC BUILDINGS, PROPERTY, AND WORKS

SUBTITLE III - INFORMATION TECHNOLOGY MANAGEMENT

CHAPTER 113 - RESPONSIBILITY FOR ACQUISITIONS OF INFORMATION

TECHNOLOGY

-HEAD-

CHAPTER 113 - RESPONSIBILITY FOR ACQUISITIONS OF INFORMATION

TECHNOLOGY

-MISC1-

SUBCHAPTER I - DIRECTOR OF OFFICE OF MANAGEMENT AND BUDGET

Sec.

11301. Responsibility of Director.

11302. Capital planning and investment control.

11303. Performance-based and results-based management.

SUBCHAPTER II - EXECUTIVE AGENCIES

11311. Responsibilities.

11312. Capital planning and investment control.

11313. Performance and results-based management.

11314. Authority to acquire and manage information

technology.

11315. Agency Chief Information Officer.

11316. Accountability.

11317. Significant deviations.

11318. Interagency support.

SUBCHAPTER III - OTHER RESPONSIBILITIES

11331. Responsibilities for Federal information systems

standards.

[11332. Repealed.]

AMENDMENTS

2002 - Pub. L. 107-296, title X, Secs. 1002(b), 1005(a)(2), Nov.

25, 2002, 116 Stat. 2269, 2272, and Pub. L. 107-347, title III,

Secs. 302(b), 305(a), Dec. 17, 2002, 116 Stat. 2957, 2960, amended

table of sections identically, substituting "Responsibilities for

Federal information systems standards" for "Responsibilities

regarding efficiency, security, and privacy of federal computer

systems" in item 11331 and striking out item 11332 "Federal

computer system security training and plan".

-SECREF-

CHAPTER REFERRED TO IN OTHER SECTIONS

This chapter is referred to in section 11103 of this title.

-End-

-CITE-

40 USC SUBCHAPTER I - DIRECTOR OF OFFICE OF MANAGEMENT

AND BUDGET 01/06/03

-EXPCITE-

TITLE 40 - PUBLIC BUILDINGS, PROPERTY, AND WORKS

SUBTITLE III - INFORMATION TECHNOLOGY MANAGEMENT

CHAPTER 113 - RESPONSIBILITY FOR ACQUISITIONS OF INFORMATION

TECHNOLOGY

SUBCHAPTER I - DIRECTOR OF OFFICE OF MANAGEMENT AND BUDGET

-HEAD-

SUBCHAPTER I - DIRECTOR OF OFFICE OF MANAGEMENT AND BUDGET

-End-

-CITE-

40 USC Sec. 11301 01/06/03

-EXPCITE-

TITLE 40 - PUBLIC BUILDINGS, PROPERTY, AND WORKS

SUBTITLE III - INFORMATION TECHNOLOGY MANAGEMENT

CHAPTER 113 - RESPONSIBILITY FOR ACQUISITIONS OF INFORMATION

TECHNOLOGY

SUBCHAPTER I - DIRECTOR OF OFFICE OF MANAGEMENT AND BUDGET

-HEAD-

Sec. 11301. Responsibility of Director

-STATUTE-

In fulfilling the responsibility to administer the functions

assigned under chapter 35 of title 44, the Director of the Office

of Management and Budget shall comply with this chapter with

respect to the specific matters covered by this chapter.

-SOURCE-

(Pub. L. 107-217, Aug. 21, 2002, 116 Stat. 1237.)

-MISC1-

HISTORICAL AND REVISION NOTES

--------------------------------------------------------------------

Revised Source (U.S. Code) Source (Statutes at Large)

Section

--------------------------------------------------------------------

11301 40:1411. Pub. L. 104-106, div. E,

title LI, Sec. 5111, Feb.

10, 1996, 110 Stat. 680.

--------------------------------------------------------------------

-End-

-CITE-

40 USC Sec. 11302 01/06/03

-EXPCITE-

TITLE 40 - PUBLIC BUILDINGS, PROPERTY, AND WORKS

SUBTITLE III - INFORMATION TECHNOLOGY MANAGEMENT

CHAPTER 113 - RESPONSIBILITY FOR ACQUISITIONS OF INFORMATION

TECHNOLOGY

SUBCHAPTER I - DIRECTOR OF OFFICE OF MANAGEMENT AND BUDGET

-HEAD-

Sec. 11302. Capital planning and investment control

-STATUTE-

(a) Federal Information Technology. - The Director of the Office

of Management and Budget shall perform the responsibilities set

forth in this section in fulfilling the responsibilities under

section 3504(h) of title 44.

(b) Use of Information Technology in Federal Programs. - The

Director shall promote and improve the acquisition, use, and

disposal of information technology by the Federal Government to

improve the productivity, efficiency, and effectiveness of federal

programs, including through dissemination of public information and

the reduction of information collection burdens on the public.

(c) Use of Budget Process. -

(1) Analyzing, tracking, and evaluating capital investments. -

As part of the budget process, the Director shall develop a

process for analyzing, tracking, and evaluating the risks and

results of all major capital investments made by an executive

agency for information systems. The process shall cover the life

of each system and shall include explicit criteria for analyzing

the projected and actual costs, benefits, and risks associated

with the investments.

(2) Report to congress. - At the same time that the President

submits the budget for a fiscal year to Congress under section

1105(a) of title 31, the Director shall submit to Congress a

report on the net program performance benefits achieved as a

result of major capital investments made by executive agencies

for information systems and how the benefits relate to the

accomplishment of the goals of the executive agencies.

(d) Information Technology Standards. - The Director shall

oversee the development and implementation of standards and

guidelines pertaining to federal computer systems by the Secretary

of Commerce through the National Institute of Standards and

Technology under section 11331 of this title and section 20 of the

National Institute of Standards and Technology Act (15 U.S.C.

278g-3).

(e) Designation of Executive Agents for Acquisitions. - The

Director shall designate the head of one or more executive

agencies, as the Director considers appropriate, as executive agent

for Government-wide acquisitions of information technology.

(f) Use of Best Practices in Acquisitions. - The Director shall

encourage the heads of the executive agencies to develop and use

the best practices in the acquisition of information technology.

(g) Assessment of Other Models for Managing Information

Technology. - On a continuing basis, the Director shall assess the

experiences of executive agencies, state and local governments,

international organizations, and the private sector in managing

information technology.

(h) Comparison of Agency Uses of Information Technology. - The

Director shall compare the performances of the executive agencies

in using information technology and shall disseminate the

comparisons to the heads of the executive agencies.

(i) Monitoring Training. - The Director shall monitor the

development and implementation of training in information resources

management for executive agency personnel.

(j) Informing Congress. - The Director shall keep Congress fully

informed on the extent to which the executive agencies are

improving the performance of agency programs and the accomplishment

of the agency missions through the use of the best practices in

information resources management.

(k) Coordination of Policy Development and Review. - The Director

shall coordinate with the Office of Federal Procurement Policy the

development and review by the Administrator of the Office of

Information and Regulatory Affairs of policy associated with

federal acquisition of information technology.

-SOURCE-

(Pub. L. 107-217, Aug. 21, 2002, 116 Stat. 1237.)

-MISC1-

HISTORICAL AND REVISION NOTES

--------------------------------------------------------------------

Revised Source (U.S. Code) Source (Statutes at Large)

Section

--------------------------------------------------------------------

11302 40:1412. Pub. L. 104-106, div. E,

title LI, Sec. 5112, Feb.

10, 1996, 110 Stat. 680.

--------------------------------------------------------------------

APPROPRIATE USE OF REQUIREMENTS REGARDING EXPERIENCE AND EDUCATION

OF CONTRACTOR PERSONNEL IN THE PROCUREMENT OF INFORMATION

TECHNOLOGY SERVICES

Pub. L. 106-398, Sec. 1 [[div. A], title VIII, Sec. 813], Oct.

30, 2000, 114 Stat. 1654, 1654A-214, provided that:

"(a) Amendment of the Federal Acquisition Regulation. - Not later

than 180 days after the date of the enactment of this Act [Oct. 30,

2000], the Federal Acquisition Regulation issued in accordance with

sections 6 and 25 of the Office of Federal Procurement Policy Act

(41 U.S.C. 405 and 421) shall be amended to address the use, in the

procurement of information technology services, of requirements

regarding the experience and education of contractor personnel.

"(b) Content of Amendment. - The amendment issued pursuant to

subsection (a) shall, at a minimum, provide that solicitations for

the procurement of information technology services shall not set

forth any minimum experience or educational requirement for

proposed contractor personnel in order for a bidder to be eligible

for award of a contract unless -

"(1) the contracting officer first determines that the needs of

the executive agency cannot be met without any such requirement;

or

"(2) the needs of the executive agency require the use of a

type of contract other than a performance-based contract.

"(c) GAO Report. - Not later than one year after the date on

which the regulations required by subsection (a) are published in

the Federal Register, the Comptroller General shall submit to

Congress an evaluation of -

"(1) executive agency compliance with the regulations; and

"(2) conformance of the regulations with existing law, together

with any recommendations that the Comptroller General considers

appropriate.

"(d) Definitions. - In this section:

"(1) The term 'executive agency' has the meaning given that

term in section 4(1) of the Office of Federal Procurement Policy

Act (41 U.S.C. 403(1)).

"(2) The term 'information technology' has the meaning given

that term in section 5002(3) of the Clinger-Cohen Act of 1996 (40

U.S.C. 1401(3)) [now 40 U.S.C. 11101(6)].

"(3) The term 'performance-based', with respect to a contract,

means that the contract includes the use of performance work

statements that set forth contract requirements in clear,

specific, and objective terms with measurable outcomes."

-SECREF-

SECTION REFERRED TO IN OTHER SECTIONS

This section is referred to in section 11103 of this title.

-End-

-CITE-

40 USC Sec. 11303 01/06/03

-EXPCITE-

TITLE 40 - PUBLIC BUILDINGS, PROPERTY, AND WORKS

SUBTITLE III - INFORMATION TECHNOLOGY MANAGEMENT

CHAPTER 113 - RESPONSIBILITY FOR ACQUISITIONS OF INFORMATION

TECHNOLOGY

SUBCHAPTER I - DIRECTOR OF OFFICE OF MANAGEMENT AND BUDGET

-HEAD-

Sec. 11303. Performance-based and results-based management

-STATUTE-

(a) In General. - The Director of the Office of Management and

Budget shall encourage the use of performance-based and

results-based management in fulfilling the responsibilities

assigned under section 3504(h) of title 44.

(b) Evaluation of Agency Programs and Investments. -

(1) Requirement. - The Director shall evaluate the information

resources management practices of the executive agencies with

respect to the performance and results of the investments made by

the executive agencies in information technology.

(2) Direction for executive agency action. - The Director shall

issue to the head of each executive agency clear and concise

direction that the head of each agency shall -

(A) establish effective and efficient capital planning

processes for selecting, managing, and evaluating the results

of all of its major investments in information systems;

(B) determine, before making an investment in a new

information system -

(i) whether the function to be supported by the system

should be performed by the private sector and, if so, whether

any component of the executive agency performing that

function should be converted from a governmental organization

to a private sector organization; or

(ii) whether the function should be performed by the

executive agency and, if so, whether the function should be

performed by a private sector source under contract or by

executive agency personnel;

(C) analyze the missions of the executive agency and, based

on the analysis, revise the executive agency's mission-related

processes and administrative processes, as appropriate, before

making significant investments in information technology to be

used in support of those missions; and

(D) ensure that the information security policies,

procedures, and practices are adequate.

(3) Guidance for multiagency investments. - The direction

issued under paragraph (2) shall include guidance for undertaking

efficiently and effectively interagency and Federal

Government-wide investments in information technology to improve

the accomplishment of missions that are common to the executive

agencies.

(4) Periodic reviews. - The Director shall implement through

the budget process periodic reviews of selected information

resources management activities of the executive agencies to

ascertain the efficiency and effectiveness of information

technology in improving the performance of the executive agency

and the accomplishment of the missions of the executive agency.

(5) Enforcement of accountability. -

(A) In general. - The Director may take any action that the

Director considers appropriate, including an action involving

the budgetary process or appropriations management process, to

enforce accountability of the head of an executive agency for

information resources management and for the investments made

by the executive agency in information technology.

(B) Specific actions. - Actions taken by the Director may

include -

(i) recommending a reduction or an increase in the amount

for information resources that the head of the executive

agency proposes for the budget submitted to Congress under

section 1105(a) of title 31;

(ii) reducing or otherwise adjusting apportionments and

reapportionments of appropriations for information resources;

(iii) using other administrative controls over

appropriations to restrict the availability of amounts for

information resources; and

(iv) designating for the executive agency an executive

agent to contract with private sector sources for the

performance of information resources management or the

acquisition of information technology.

-SOURCE-

(Pub. L. 107-217, Aug. 21, 2002, 116 Stat. 1238.)

-MISC1-

HISTORICAL AND REVISION NOTES

--------------------------------------------------------------------

Revised Source (U.S. Code) Source (Statutes at Large)

Section

--------------------------------------------------------------------

11303 40:1413. Pub. L. 104-106, div. E,

title LI, Sec. 5113, Feb.

10, 1996, 110 Stat. 681.

--------------------------------------------------------------------

-SECREF-

SECTION REFERRED TO IN OTHER SECTIONS

This section is referred to in section 11103 of this title; title

44 sections 3533, 3543.

-End-

-CITE-

40 USC SUBCHAPTER II - EXECUTIVE AGENCIES 01/06/03

-EXPCITE-

TITLE 40 - PUBLIC BUILDINGS, PROPERTY, AND WORKS

SUBTITLE III - INFORMATION TECHNOLOGY MANAGEMENT

CHAPTER 113 - RESPONSIBILITY FOR ACQUISITIONS OF INFORMATION

TECHNOLOGY

SUBCHAPTER II - EXECUTIVE AGENCIES

-HEAD-

SUBCHAPTER II - EXECUTIVE AGENCIES

-End-

-CITE-

40 USC Sec. 11311 01/06/03

-EXPCITE-

TITLE 40 - PUBLIC BUILDINGS, PROPERTY, AND WORKS

SUBTITLE III - INFORMATION TECHNOLOGY MANAGEMENT

CHAPTER 113 - RESPONSIBILITY FOR ACQUISITIONS OF INFORMATION

TECHNOLOGY

SUBCHAPTER II - EXECUTIVE AGENCIES

-HEAD-

Sec. 11311. Responsibilities

-STATUTE-

In fulfilling the responsibilities assigned under chapter 35 of

title 44, the head of each executive agency shall comply with this

subchapter with respect to the specific matters covered by this

subchapter.

-SOURCE-

(Pub. L. 107-217, Aug. 21, 2002, 116 Stat. 1239.)

-MISC1-

HISTORICAL AND REVISION NOTES

--------------------------------------------------------------------

Revised Source (U.S. Code) Source (Statutes at Large)

Section

--------------------------------------------------------------------

11311 40:1421. Pub. L. 104-106, div. E,

title LI, Sec. 5121, Feb.

10, 1996, 110 Stat. 683.

--------------------------------------------------------------------

PROCUREMENT OF AUTOMATIC DATA PROCESSING EQUIPMENT FOR TAX SYSTEMS

MODERNIZATION PROGRAM; DELEGATION OF AUTHORITY

Pub. L. 104-52, title V, Sec. 526, Nov. 19, 1995, 109 Stat. 495,

provided that: "Notwithstanding any other provision of law, the

Administrator of General Services shall delegate the authority to

procure automatic data processing equipment for the Tax Systems

Modernization Program to the Secretary of the Treasury: Provided,

That the Director of the Office of Management and Budget shall have

the authority to revoke such delegation upon the written

recommendation of the Administrator that the Secretary's actions

under such delegation are inconsistent with the goals of economic

and efficient procurement and utilization of automatic data

processing equipment: Provided further, That for all other

purposes, a procurement conducted under such delegation shall be

treated as if made under a delegation by the Administrator pursuant

to [former] 40 U.S.C. 759."

-End-

-CITE-

40 USC Sec. 11312 01/06/03

-EXPCITE-

TITLE 40 - PUBLIC BUILDINGS, PROPERTY, AND WORKS

SUBTITLE III - INFORMATION TECHNOLOGY MANAGEMENT

CHAPTER 113 - RESPONSIBILITY FOR ACQUISITIONS OF INFORMATION

TECHNOLOGY

SUBCHAPTER II - EXECUTIVE AGENCIES

-HEAD-

Sec. 11312. Capital planning and investment control

-STATUTE-

(a) Design of Process. - In fulfilling the responsibilities

assigned under section 3506(h) of title 44, the head of each

executive agency shall design and implement in the executive agency

a process for maximizing the value, and assessing and managing the

risks, of the information technology acquisitions of the executive

agency.

(b) Content of Process. - The process of an executive agency

shall -

(1) provide for the selection of information technology

investments to be made by the executive agency, the management of

those investments, and the evaluation of the results of those

investments;

(2) be integrated with the processes for making budget,

financial, and program management decisions in the executive

agency;

(3) include minimum criteria to be applied in considering

whether to undertake a particular investment in information

systems, including criteria related to the quantitatively

expressed projected net, risk-adjusted return on investment and

specific quantitative and qualitative criteria for comparing and

prioritizing alternative information systems investment projects;

(4) identify information systems investments that would result

in shared benefits or costs for other federal agencies or state

or local governments;

(5) identify quantifiable measurements for determining the net

benefits and risks of a proposed investment; and

(6) provide the means for senior management personnel of the

executive agency to obtain timely information regarding the

progress of an investment in an information system, including a

system of milestones for measuring progress, on an independently

verifiable basis, in terms of cost, capability of the system to

meet specified requirements, timeliness, and quality.

-SOURCE-

(Pub. L. 107-217, Aug. 21, 2002, 116 Stat. 1239.)

-MISC1-

HISTORICAL AND REVISION NOTES

--------------------------------------------------------------------

Revised Source (U.S. Code) Source (Statutes at Large)

Section

--------------------------------------------------------------------

11312 40:1422. Pub. L. 104-106, div. E,

title LI, Sec. 5122, Feb.

10, 1996, 110 Stat. 683.

--------------------------------------------------------------------

-SECREF-

SECTION REFERRED TO IN OTHER SECTIONS

This section is referred to in section 11103 of this title; title

10 section 2225.

-End-

-CITE-

40 USC Sec. 11313 01/06/03

-EXPCITE-

TITLE 40 - PUBLIC BUILDINGS, PROPERTY, AND WORKS

SUBTITLE III - INFORMATION TECHNOLOGY MANAGEMENT

CHAPTER 113 - RESPONSIBILITY FOR ACQUISITIONS OF INFORMATION

TECHNOLOGY

SUBCHAPTER II - EXECUTIVE AGENCIES

-HEAD-

Sec. 11313. Performance and results-based management

-STATUTE-

In fulfilling the responsibilities under section 3506(h) of title

44, the head of an executive agency shall -

(1) establish goals for improving the efficiency and

effectiveness of agency operations and, as appropriate, the

delivery of services to the public through the effective use of

information technology;

(2) prepare an annual report, to be included in the executive

agency's budget submission to Congress, on the progress in

achieving the goals;

(3) ensure that performance measurements -

(A) are prescribed for information technology used by, or to

be acquired for, the executive agency; and

(B) measure how well the information technology supports

programs of the executive agency;

(4) where comparable processes and organizations in the public

or private sectors exist, quantitatively benchmark agency process

performance against those processes in terms of cost, speed,

productivity, and quality of outputs and outcomes;

(5) analyze the missions of the executive agency and, based on

the analysis, revise the executive agency's mission-related

processes and administrative processes as appropriate before

making significant investments in information technology to be

used in support of the performance of those missions; and

(6) ensure that the information security policies, procedures,

and practices of the executive agency are adequate.

-SOURCE-

(Pub. L. 107-217, Aug. 21, 2002, 116 Stat. 1240.)

-MISC1-

HISTORICAL AND REVISION NOTES

--------------------------------------------------------------------

Revised Source (U.S. Code) Source (Statutes at Large)

Section

--------------------------------------------------------------------

11313 40:1423. Pub. L. 104-106, div. E,

title LI, Sec. 5123, Feb.

10, 1996, 110 Stat. 683.

--------------------------------------------------------------------

-SECREF-

SECTION REFERRED TO IN OTHER SECTIONS

This section is referred to in section 11103 of this title; title

10 section 2225.

-End-

-CITE-

40 USC Sec. 11314 01/06/03

-EXPCITE-

TITLE 40 - PUBLIC BUILDINGS, PROPERTY, AND WORKS

SUBTITLE III - INFORMATION TECHNOLOGY MANAGEMENT

CHAPTER 113 - RESPONSIBILITY FOR ACQUISITIONS OF INFORMATION

TECHNOLOGY

SUBCHAPTER II - EXECUTIVE AGENCIES

-HEAD-

Sec. 11314. Authority to acquire and manage information technology

-STATUTE-

(a) In General. - The authority of the head of an executive

agency to acquire information technology includes -

(1) acquiring information technology as authorized by law;

(2) making a contract that provides for multiagency

acquisitions of information technology in accordance with

guidance issued by the Director of the Office of Management and

Budget; and

(3) if the Director finds that it would be advantageous for the

Federal Government to do so, making a multiagency contract for

procurement of commercial items of information technology that

requires each executive agency covered by the contract, when

procuring those items, to procure the items under that contract

or to justify an alternative procurement of the items.

(b) FTS 2000 Program. - The Administrator of General Services

shall continue to manage the FTS 2000 program, and to coordinate

the follow-on to that program, for and with the advice of the heads

of executive agencies.

-SOURCE-

(Pub. L. 107-217, Aug. 21, 2002, 116 Stat. 1241.)

-MISC1-

HISTORICAL AND REVISION NOTES

--------------------------------------------------------------------

Revised Source (U.S. Code) Source (Statutes at Large)

Section

--------------------------------------------------------------------

11314 40:1424. Pub. L. 104-106, div. E,

title LI, Sec. 5124, Feb.

10, 1996, 110 Stat. 684.

--------------------------------------------------------------------

In subsection (b), the words "Notwithstanding any other provision

of this or any other law" are omitted as unnecessary.

-End-

-CITE-

40 USC Sec. 11315 01/06/03

-EXPCITE-

TITLE 40 - PUBLIC BUILDINGS, PROPERTY, AND WORKS

SUBTITLE III - INFORMATION TECHNOLOGY MANAGEMENT

CHAPTER 113 - RESPONSIBILITY FOR ACQUISITIONS OF INFORMATION

TECHNOLOGY

SUBCHAPTER II - EXECUTIVE AGENCIES

-HEAD-

Sec. 11315. Agency Chief Information Officer

-STATUTE-

(a) Definition. - In this section, the term "information

technology architecture", with respect to an executive agency,

means an integrated framework for evolving or maintaining existing

information technology and acquiring new information technology to

achieve the agency's strategic goals and information resources

management goals.

(b) General Responsibilities. - The Chief Information Officer of

an executive agency is responsible for -

(1) providing advice and other assistance to the head of the

executive agency and other senior management personnel of the

executive agency to ensure that information technology is

acquired and information resources are managed for the executive

agency in a manner that implements the policies and procedures of

this subtitle, consistent with chapter 35 of title 44 and the

priorities established by the head of the executive agency;

(2) developing, maintaining, and facilitating the

implementation of a sound and integrated information technology

architecture for the executive agency; and

(3) promoting the effective and efficient design and operation

of all major information resources management processes for the

executive agency, including improvements to work processes of the

executive agency.

(c) Duties and Qualifications. - The Chief Information Officer of

an agency listed in section 901(b) of title 31 -

(1) has information resources management duties as that

official's primary duty;

(2) monitors the performance of information technology programs

of the agency, evaluates the performance of those programs on the

basis of the applicable performance measurements, and advises the

head of the agency regarding whether to continue, modify, or

terminate a program or project; and

(3) annually, as part of the strategic planning and performance

evaluation process required (subject to section 1117 of title 31)

under section 306 of title 5 and sections 1105(a)(28), 1115-1117,

and 9703 (as added by section 5(a) of the Government Performance

and Results Act of 1993 (Public Law 103-62, 107 Stat. 289)) of

title 31 -

(A) assesses the requirements established for agency

personnel regarding knowledge and skill in information

resources management and the adequacy of those requirements for

facilitating the achievement of the performance goals

established for information resources management;

(B) assesses the extent to which the positions and personnel

at the executive level of the agency and the positions and

personnel at management level of the agency below the executive

level meet those requirements;

(C) develops strategies and specific plans for hiring,

training, and professional development to rectify any

deficiency in meeting those requirements; and

(D) reports to the head of the agency on the progress made in

improving information resources management capability.

-SOURCE-

(Pub. L. 107-217, Aug. 21, 2002, 116 Stat. 1241.)

-MISC1-

HISTORICAL AND REVISION NOTES

--------------------------------------------------------------------

Revised Source (U.S. Code) Source (Statutes at Large)

Section

--------------------------------------------------------------------

11315 40:1425(b)-(d). Pub. L. 104-106, div. E,

title LI, Sec. 5125(b)-(d),

Feb. 10, 1996, 110 Stat. 685.

--------------------------------------------------------------------

In subsection (c)(3), before subclause (A), the reference to

31:1105(a)(29) is changed to 1105(a)(28) because of the

redesignation of 1105(a)(29) as 1105(a)(28) by section 4(1) of the

Act of October 11, 1996, (Public Law 104-287, 110 Stat. 3388). The

words "as added by section 5(a) of the Government Performance and

Results Act of 1993 (Public Law 103-62, 107 Stat. 289)" are added

for clarity because there is another 31:9703.

-SECREF-

SECTION REFERRED TO IN OTHER SECTIONS

This section is referred to in section 11103 of this title; title

10 section 2223.

-End-

-CITE-

40 USC Sec. 11316 01/06/03

-EXPCITE-

TITLE 40 - PUBLIC BUILDINGS, PROPERTY, AND WORKS

SUBTITLE III - INFORMATION TECHNOLOGY MANAGEMENT

CHAPTER 113 - RESPONSIBILITY FOR ACQUISITIONS OF INFORMATION

TECHNOLOGY

SUBCHAPTER II - EXECUTIVE AGENCIES

-HEAD-

Sec. 11316. Accountability

-STATUTE-

The head of each executive agency, in consultation with the Chief

Information Officer and the Chief Financial Officer of that

executive agency (or, in the case of an executive agency without a

chief financial officer, any comparable official), shall establish

policies and procedures to ensure that -

(1) the accounting, financial, asset management, and other

information systems of the executive agency are designed,

developed, maintained, and used effectively to provide financial

or program performance data for financial statements of the

executive agency;

(2) financial and related program performance data are provided

on a reliable, consistent, and timely basis to executive agency

financial management systems; and

(3) financial statements support -

(A) assessments and revisions of mission-related processes

and administrative processes of the executive agency; and

(B) measurement of the performance of investments made by the

agency in information systems.

-SOURCE-

(Pub. L. 107-217, Aug. 21, 2002, 116 Stat. 1242.)

-MISC1-

HISTORICAL AND REVISION NOTES

--------------------------------------------------------------------

Revised Source (U.S. Code) Source (Statutes at Large)

Section

--------------------------------------------------------------------

11316 40:1426. Pub. L. 104-106, div. E,

title LI, Sec. 5126, Feb.

10, 1996, 110 Stat. 686.

--------------------------------------------------------------------

-SECREF-

SECTION REFERRED TO IN OTHER SECTIONS

This section is referred to in section 11103 of this title.

-End-

-CITE-

40 USC Sec. 11317 01/06/03

-EXPCITE-

TITLE 40 - PUBLIC BUILDINGS, PROPERTY, AND WORKS

SUBTITLE III - INFORMATION TECHNOLOGY MANAGEMENT

CHAPTER 113 - RESPONSIBILITY FOR ACQUISITIONS OF INFORMATION

TECHNOLOGY

SUBCHAPTER II - EXECUTIVE AGENCIES

-HEAD-

Sec. 11317. Significant deviations

-STATUTE-

The head of each executive agency shall identify in the strategic

information resources management plan required under section

3506(b)(2) of title 44 any major information technology acquisition

program, or any phase or increment of that program, that has

significantly deviated from the cost, performance, or schedule

goals established for the program.

-SOURCE-

(Pub. L. 107-217, Aug. 21, 2002, 116 Stat. 1242.)

-MISC1-

HISTORICAL AND REVISION NOTES

--------------------------------------------------------------------

Revised Source (U.S. Code) Source (Statutes at Large)

Section

--------------------------------------------------------------------

11317 40:1427. Pub. L. 104-106, div. E,

title LI, Sec. 5127, Feb.

10, 1996, 110 Stat. 687.

--------------------------------------------------------------------

-End-

-CITE-

40 USC Sec. 11318 01/06/03

-EXPCITE-

TITLE 40 - PUBLIC BUILDINGS, PROPERTY, AND WORKS

SUBTITLE III - INFORMATION TECHNOLOGY MANAGEMENT

CHAPTER 113 - RESPONSIBILITY FOR ACQUISITIONS OF INFORMATION

TECHNOLOGY

SUBCHAPTER II - EXECUTIVE AGENCIES

-HEAD-

Sec. 11318. Interagency support

-STATUTE-

The head of an executive agency may use amounts available to the

agency for oversight, acquisition, and procurement of information

technology to support jointly with other executive agencies the

activities of interagency groups that are established to advise the

Director of the Office of Management and Budget in carrying out the

Director's responsibilities under this chapter. The use of those

amounts for that purpose is subject to requirements and limitations

on uses and amounts that the Director may prescribe. The Director

shall prescribe the requirements and limitations during the

Director's review of the executive agency's proposed budget

submitted to the Director by the head of the executive agency for

purposes of section 1105 of title 31.

-SOURCE-

(Pub. L. 107-217, Aug. 21, 2002, 116 Stat. 1242.)

-MISC1-

HISTORICAL AND REVISION NOTES

--------------------------------------------------------------------

Revised Source (U.S. Code) Source (Statutes at Large)

Section

--------------------------------------------------------------------

11318 40:1428. Pub. L. 104-106, div. E,

title LI, Sec. 5128, Feb.

10, 1996, 110 Stat. 687.

--------------------------------------------------------------------

-End-

-CITE-

40 USC SUBCHAPTER III - OTHER RESPONSIBILITIES 01/06/03

-EXPCITE-

TITLE 40 - PUBLIC BUILDINGS, PROPERTY, AND WORKS

SUBTITLE III - INFORMATION TECHNOLOGY MANAGEMENT

CHAPTER 113 - RESPONSIBILITY FOR ACQUISITIONS OF INFORMATION

TECHNOLOGY

SUBCHAPTER III - OTHER RESPONSIBILITIES

-HEAD-

SUBCHAPTER III - OTHER RESPONSIBILITIES

-End-

-CITE-

40 USC Sec. 11331 01/06/03

-EXPCITE-

TITLE 40 - PUBLIC BUILDINGS, PROPERTY, AND WORKS

SUBTITLE III - INFORMATION TECHNOLOGY MANAGEMENT

CHAPTER 113 - RESPONSIBILITY FOR ACQUISITIONS OF INFORMATION

TECHNOLOGY

SUBCHAPTER III - OTHER RESPONSIBILITIES

-HEAD-

Sec. 11331. Responsibilities for Federal information systems

standards

-STATUTE-

(a) Definition. - In this section, the term "information

security" has the meaning given that term in section 3532(b)(1) of

title 44.

(b) Requirement to Prescribe Standards. -

(1) In general. -

(A) Requirement. - Except as provided under paragraph (2),

the Director of the Office of Management and Budget shall, on

the basis of proposed standards developed by the National

Institute of Standards and Technology pursuant to paragraphs

(2) and (3) of section 20(a) of the National Institute of

Standards and Technology Act (15 U.S.C. 278g-3(a)) and in

consultation with the Secretary of Homeland Security,

promulgate information security standards pertaining to Federal

information systems.

(B) Required standards. - Standards promulgated under

subparagraph (A) shall include -

(i) standards that provide minimum information security

requirements as determined under section 20(b) of the

National Institute of Standards and Technology Act (15 U.S.C.

278g-3(b)); and

(ii) such standards that are otherwise necessary to improve

the efficiency of operation or security of Federal

information systems.

(C) Required standards binding. - Information security

standards described under subparagraph (B) shall be compulsory

and binding.

(2) Standards and guidelines for national security systems. -

Standards and guidelines for national security systems, as

defined under section 3532(3) of title 44, shall be developed,

promulgated, enforced, and overseen as otherwise authorized by

law and as directed by the President.

(c) Application of More Stringent Standards. - The head of an

agency may employ standards for the cost-effective information

security for all operations and assets within or under the

supervision of that agency that are more stringent than the

standards promulgated by the Director under this section, if such

standards -

(1) contain, at a minimum, the provisions of those applicable

standards made compulsory and binding by the Director; and

(2) are otherwise consistent with policies and guidelines

issued under section 3533 of title 44.

(d) Requirements Regarding Decisions by Director. -

(1) Deadline. - The decision regarding the promulgation of any

standard by the Director under subsection (b) shall occur not

later than 6 months after the submission of the proposed standard

to the Director by the National Institute of Standards and

Technology, as provided under section 20 of the National

Institute of Standards and Technology Act (15 U.S.C. 278g-3).

(2) Notice and comment. - A decision by the Director to

significantly modify, or not promulgate, a proposed standard

submitted to the Director by the National Institute of Standards

and Technology, as provided under section 20 of the National

Institute of Standards and Technology Act (15 U.S.C. 278g-3),

shall be made after the public is given an opportunity to comment

on the Director's proposed decision.

-SOURCE-

(Pub. L. 107-217, Aug. 21, 2002, 116 Stat. 1243; Pub. L. 107-296,

title X, Sec. 1002(a), Nov. 25, 2002, 116 Stat. 2268; Pub. L.

107-347, title III, Sec. 302(a), Dec. 17, 2002, 116 Stat. 2956.)

-MISC1-

HISTORICAL AND REVISION NOTES

--------------------------------------------------------------------

Revised Source (U.S. Code) Source (Statutes at Large)

Section

--------------------------------------------------------------------

11331 40:1441. Pub. L. 104-106, div. E,

title LI, Sec. 5131(a)-(d),

Feb. 10, 1996, 110 Stat. 687.

--------------------------------------------------------------------

AMENDMENTS

2002 - Pub. L. 107-296 amended text generally. Prior to

amendment, text, as amended generally by Pub. L. 107-347, read as

follows:

"(a) Standards and Guidelines. -

"(1) Authority to prescribe. - Except as provided under

paragraph (2), the Secretary of Commerce shall, on the basis of

standards and guidelines developed by the National Institute of

Standards and Technology pursuant to paragraphs (2) and (3) of

section 20(a) of the National Institute of Standards and

Technology Act (15 U.S.C. 278g-3(a)), prescribe standards and

guidelines pertaining to Federal information systems.

"(2) National security systems. - Standards and guidelines for

national security systems (as defined under this section) shall

be developed, prescribed, enforced, and overseen as otherwise

authorized by law and as directed by the President.

"(b) Mandatory Requirements. -

"(1) Authority to make mandatory. - Except as provided under

paragraph (2), the Secretary shall make standards prescribed

under subsection (a)(1) compulsory and binding to the extent

determined necessary by the Secretary to improve the efficiency

of operation or security of Federal information systems.

"(2) Required mandatory standards. - (A) Standards prescribed

under subsection (a)(1) shall include information security

standards that -

"(i) provide minimum information security requirements as

determined under section 20(b) of the National Institute of

Standards and Technology Act (15 U.S.C. 278g-3(b)); and

"(ii) are otherwise necessary to improve the security of

Federal information and information systems.

"(B) Information security standards described in subparagraph

(A) shall be compulsory and binding.

"(c) Authority to Disapprove or Modify. - The President may

disapprove or modify the standards and guidelines referred to in

subsection (a)(1) if the President determines such action to be in

the public interest. The President's authority to disapprove or

modify such standards and guidelines may not be delegated. Notice

of such disapproval or modification shall be published promptly in

the Federal Register. Upon receiving notice of such disapproval or

modification, the Secretary of Commerce shall immediately rescind

or modify such standards or guidelines as directed by the

President.

"(d) Exercise of Authority. - To ensure fiscal and policy

consistency, the Secretary shall exercise the authority conferred

by this section subject to direction by the President and in

coordination with the Director of the Office of Management and

Budget.

"(e) Application of More Stringent Standards. - The head of an

executive agency may employ standards for the cost-effective

information security for information systems within or under the

supervision of that agency that are more stringent than the

standards the Secretary prescribes under this section if the more

stringent standards -

"(1) contain at least the applicable standards made compulsory

and binding by the Secretary; and

"(2) are otherwise consistent with policies and guidelines

issued under section 3543 of title 44.

"(f) Decisions on Promulgation of Standards. - The decision by

the Secretary regarding the promulgation of any standard under this

section shall occur not later than 6 months after the submission of

the proposed standard to the Secretary by the National Institute of

Standards and Technology, as provided under section 20 of the

National Institute of Standards and Technology Act (15 U.S.C.

278g-3).

"(g) Definitions. - In this section:

"(1) Federal information system. - The term 'Federal

information system' means an information system used or operated

by an executive agency, by a contractor of an executive agency,

or by another organization on behalf of an executive agency.

"(2) Information security. - The term 'information security'

has the meaning given that term in section 3542(b)(1) of title

44.

"(3) National security system. - The term 'national security

system' has the meaning given that term in section 3542(b)(2) of

title 44."

Pub. L. 107-347 substituted "Responsibilities for Federal

information systems standards" for "Responsibilities regarding

efficiency, security, and privacy of federal computer systems" in

section catchline and amended text generally. Prior to amendment,

text read as follows:

"(a) Definitions. - In this section, the terms 'federal computer

system' and 'operator of a federal computer system' have the

meanings given those terms in section 20(d) of the National

Institute of Standards and Technology Act (15 U.S.C. 278g-3(d)).

"(b) Standards and Guidelines. -

"(1) Authority to prescribe and disapprove or modify. -

"(A) Authority to prescribe. - On the basis of standards and

guidelines developed by the National Institute of Standards and

Technology pursuant to paragraphs (2) and (3) of section 20(a)

of the Act (15 U.S.C. 278g-3(a)(2), (3)), the Secretary of

Commerce shall prescribe standards and guidelines pertaining to

federal computer systems. The Secretary shall make those

standards compulsory and binding to the extent the Secretary

determines necessary to improve the efficiency of operation or

security and privacy of federal computer systems.

"(B) Authority to disapprove or modify. - The President may

disapprove or modify those standards and guidelines if the

President determines that action to be in the public interest.

The President's authority to disapprove or modify those

standards and guidelines may not be delegated. Notice of

disapproval or modification shall be published promptly in the

Federal Register. On receiving notice of disapproval or

modification, the Secretary shall immediately rescind or modify

those standards or guidelines as directed by the President.

"(2) Exercise of authority. - To ensure fiscal and policy

consistency, the Secretary shall exercise the authority conferred

by this section subject to direction by the President and in

coordination with the Director of the Office of Management and

Budget.

"(c) Application of More Stringent Standards. - The head of a

federal agency may employ standards for the cost-effective security

and privacy of sensitive information in a federal computer system

in or under the supervision of that agency that are more stringent

than the standards the Secretary prescribes under this section if

the more stringent standards contain at least the applicable

standards the Secretary makes compulsory and binding.

"(d) Waiver of Standards. -

"(1) Authority of the secretary. - The Secretary may waive in

writing compulsory and binding standards under subsection (b) if

the Secretary determines that compliance would -

"(A) adversely affect the accomplishment of the mission of an

operator of a federal computer system; or

"(B) cause a major adverse financial impact on the operator

that is not offset by Federal Government-wide savings.

"(2) Delegation of waiver authority. - The Secretary may

delegate to the head of one or more federal agencies authority to

waive those standards to the extent the Secretary determines that

action to be necessary and desirable to allow for timely and

effective implementation of federal computer system standards.

The head of the agency may redelegate that authority only to a

chief information officer designated pursuant to section 3506 of

title 44.

"(3) Notice. - Notice of each waiver and delegation shall be

transmitted promptly to Congress and published promptly in the

Federal Register."

EFFECTIVE DATE OF 2002 AMENDMENTS

Amendment by Pub. L. 107-347 effective Dec. 17, 2002, see section

402(b) of Pub. L. 107-347, set out as an Effective Date note under

section 3541 of Title 44, Public Printing and Documents.

Amendment by Pub. L. 107-296 effective 60 days after Nov. 25,

2002, see section 4 of Pub. L. 107-296, set out as an Effective

Date note under section 101 of Title 6, Domestic Security.

-SECREF-

SECTION REFERRED TO IN OTHER SECTIONS

This section is referred to in section 11302 of this title; title

15 section 278g-3; title 44 sections 3504, 3518, 3533, 3534, 3538,

3543, 3544, 3549, 3602, 3603.

-End-

-CITE-

40 USC Sec. 11332 01/06/03

-EXPCITE-

TITLE 40 - PUBLIC BUILDINGS, PROPERTY, AND WORKS

SUBTITLE III - INFORMATION TECHNOLOGY MANAGEMENT

CHAPTER 113 - RESPONSIBILITY FOR ACQUISITIONS OF INFORMATION

TECHNOLOGY

SUBCHAPTER III - OTHER RESPONSIBILITIES

-HEAD-

[Sec. 11332. Repealed. Pub. L. 107-296, title X, Sec. 1005(a)(1),

Nov. 25, 2002, 116 Stat. 2272; Pub. L. 107-347, title III, Sec.

305(a), Dec. 17, 2002, 116 Stat. 2960]

-MISC1-

Section, Pub. L. 107-217, Aug. 21, 2002, 116 Stat. 1244, related

to Federal computer system security training and plan.

EFFECTIVE DATE OF REPEAL

Repeal effective Dec. 17, 2002, see section 402(b) of Pub. L.

107-347, set out as an Effective Date note under section 3541 of

Title 44, Public Printing and Documents.

Repeal by Pub. L. 107-296 effective 60 days after Nov. 25, 2002,

see section 4 of Pub. L. 107-296, set out as an Effective Date note

under section 101 of Title 6, Domestic Security.

-End-