Legislación


US (United States) Code. Title 44. Chapter 35: Coordination of Federal Information Policy


-CITE-

44 USC CHAPTER 35 - COORDINATION OF FEDERAL INFORMATION

POLICY 01/06/03

-EXPCITE-

TITLE 44 - PUBLIC PRINTING AND DOCUMENTS

CHAPTER 35 - COORDINATION OF FEDERAL INFORMATION POLICY

-HEAD-

CHAPTER 35 - COORDINATION OF FEDERAL INFORMATION POLICY

-MISC1-

SUBCHAPTER I - FEDERAL INFORMATION POLICY

Sec.

3501. Purposes.

3502. Definitions.

3503. Office of Information and Regulatory Affairs.

3504. Authority and functions of Director.

3505. Assignment of tasks and deadlines.

3506. Federal agency responsibilities.

3507. Public information collection activities; submission

to Director; approval and delegation.

3508. Determination of necessity for information; hearing.

3509. Designation of central collection agency.

3510. Cooperation of agencies in making information

available.

3511. Establishment and operation of Government Information

Locator Service.

3512. Public protection.

3513. Director review of agency activities; reporting;

agency response.

3514. Responsiveness to Congress.

3515. Administrative powers.

3516. Rules and regulations.

3517. Consultation with other agencies and the public.

3518. Effect on existing laws and regulations.

3519. Access to information.

3520. Establishment of task force on information collection

and dissemination.

3521. Authorization of appropriations.

SUBCHAPTER II - INFORMATION SECURITY

3531. Purposes.

3532. Definitions.

3533. Authority and functions of the Director.

3534. Federal agency responsibilities.

3535. Annual independent evaluation.

3536. National security systems.

3537. Authorization of appropriations.

3538. Effect on existing law.

SUBCHAPTER III - INFORMATION SECURITY

3541. Purposes.

3542. Definitions.

3543. Authority and functions of the Director.

3544. Federal agency responsibilities.

3545. Annual independent evaluation.

3546. Federal information security incident center.

3547. National security systems.

3548. Authorization of appropriations.

3549. Effect on existing law.

AMENDMENTS

2002 - Pub. L. 107-347, title III, Sec. 301(b)(2), Dec. 17, 2002,

116 Stat. 2955, added heading for subchapter III and items 3541 to

3549.

Pub. L. 107-296, title X, Sec. 1001(b)(2), Nov. 25, 2002, 116

Stat. 2267, reenacted items 3531 to 3535 without change,

substituted "National security systems" for "Expiration" in item

3536, and added items 3537 and 3538.

Pub. L. 107-198, Sec. 3(b), June 28, 2002, 116 Stat. 732, added

item 3520 and renumbered former item 3520 as 3521.

2000 - Pub. L. 106-398, Sec. 1 [[div. A], title X, Sec.

1064(a)(1)], Oct. 30, 2000, 114 Stat. 1654, 1654A-275, inserted

subchapters I and II headings and added items 3531 to 3536.

1995 - Pub. L. 104-13, Sec. 2, May 22, 1995, 109 Stat. 163,

amended chapter heading and analysis generally.

1980 - Pub. L. 96-511, Sec. 2(a), Dec. 11, 1980, 94 Stat. 2812,

substituted in chapter heading "INFORMATION POLICY" for "REPORTING

SERVICES", and amended analysis generally.

-SECREF-

CHAPTER REFERRED TO IN OTHER SECTIONS

This chapter is referred to in section 3602 of this title; title

5 section 552; title 7 sections 7281, 7991; title 8 section 1753;

title 10 section 2223; title 16 sections 1379, 1855; title 19

section 1330; title 20 section 9573; title 22 section 3145; title

29 section 49l-2; title 31 section 3811; title 38 section 310;

title 40 sections 11301, 11311, 11315; title 41 section 421; title

42 sections 1396r-8, 6924, 6992i, 7661f; title 49 sections 5107,

5108, 60108.

-End-

-CITE-

44 USC SUBCHAPTER I - FEDERAL INFORMATION POLICY 01/06/03

-EXPCITE-

TITLE 44 - PUBLIC PRINTING AND DOCUMENTS

CHAPTER 35 - COORDINATION OF FEDERAL INFORMATION POLICY

SUBCHAPTER I - FEDERAL INFORMATION POLICY

-HEAD-

SUBCHAPTER I - FEDERAL INFORMATION POLICY

-MISC1-

AMENDMENTS

2000 - Pub. L. 106-398, Sec. 1 [[div. A], title X, Sec.

1064(a)(2)], Oct. 30, 2000, 114 Stat. 1654, 1654A-275, inserted

subchapter heading.

-SECREF-

SUBCHAPTER REFERRED TO IN OTHER SECTIONS

This subchapter is referred to in sections 3534, 3538, 3544, 3549

of this title; title 10 section 503.

-End-

-CITE-

44 USC Sec. 3501 01/06/03

-EXPCITE-

TITLE 44 - PUBLIC PRINTING AND DOCUMENTS

CHAPTER 35 - COORDINATION OF FEDERAL INFORMATION POLICY

SUBCHAPTER I - FEDERAL INFORMATION POLICY

-HEAD-

Sec. 3501. Purposes

-STATUTE-

The purposes of this subchapter are to -

(1) minimize the paperwork burden for individuals, small

businesses, educational and nonprofit institutions, Federal

contractors, State, local and tribal governments, and other

persons resulting from the collection of information by or for

the Federal Government;

(2) ensure the greatest possible public benefit from and

maximize the utility of information created, collected,

maintained, used, shared and disseminated by or for the Federal

Government;

(3) coordinate, integrate, and to the extent practicable and

appropriate, make uniform Federal information resources

management policies and practices as a means to improve the

productivity, efficiency, and effectiveness of Government

programs, including the reduction of information collection

burdens on the public and the improvement of service delivery to

the public;

(4) improve the quality and use of Federal information to

strengthen decisionmaking, accountability, and openness in

Government and society;

(5) minimize the cost to the Federal Government of the

creation, collection, maintenance, use, dissemination, and

disposition of information;

(6) strengthen the partnership between the Federal Government

and State, local, and tribal governments by minimizing the burden

and maximizing the utility of information created, collected,

maintained, used, disseminated, and retained by or for the

Federal Government;

(7) provide for the dissemination of public information on a

timely basis, on equitable terms, and in a manner that promotes

the utility of the information to the public and makes effective

use of information technology;

(8) ensure that the creation, collection, maintenance, use,

dissemination, and disposition of information by or for the

Federal Government is consistent with applicable laws, including

laws relating to -

(A) privacy and confidentiality, including section 552a of

title 5;

(B) security of information, including section 11332 of title

40 (!1); and

(C) access to information, including section 552 of title 5;

(9) ensure the integrity, quality, and utility of the Federal

statistical system;

(10) ensure that information technology is acquired, used, and

managed to improve performance of agency missions, including the

reduction of information collection burdens on the public; and

(11) improve the responsibility and accountability of the

Office of Management and Budget and all other Federal agencies to

Congress and to the public for implementing the information

collection review process, information resources management, and

related policies and guidelines established under this

subchapter.

-SOURCE-

(Added Pub. L. 104-13, Sec. 2, May 22, 1995, 109 Stat. 163; amended

Pub. L. 106-398, Sec. 1 [[div. A], title X, Sec. 1064(b)], Oct. 30,

2000, 114 Stat. 1654, 1654A-275; Pub. L. 107-217, Sec. 3(l)(3),

Aug. 21, 2002, 116 Stat. 1301.)

-REFTEXT-

REFERENCES IN TEXT

Section 11332 of title 40, referred to in par. (8)(B), was

repealed by Pub. L. 107-296, title X, Sec. 1005(a)(1), Nov. 25,

2002, 116 Stat. 2272, and Pub. L. 107-347, title III, Sec. 305(a),

Dec. 17, 2002, 116 Stat. 2960.

-MISC1-

PRIOR PROVISIONS

A prior section 3501, added Pub. L. 96-511, Sec. 2(a), Dec. 11,

1980, 94 Stat. 2812; amended Pub. L. 99-500, Sec. 101(m) [title

VIII, Sec. 811], Oct. 18, 1986, 100 Stat. 1783-308, 1783-335, and

Pub. L. 99-591, Sec. 101(m) [title VIII, Sec. 811], Oct. 30, 1986,

100 Stat. 3341-308, 3341-335, related to purposes of this chapter

prior to the general amendment of this chapter by Pub. L. 104-13.

Another prior section 3501, Pub. L. 90-620, Oct. 22, 1968, 82

Stat. 1302, related to information for Federal agencies, prior to

the general amendment of this chapter by Pub. L. 96-511.

AMENDMENTS

2002 - Par. (8)(B). Pub. L. 107-217 substituted "section 11332 of

title 40" for "the Computer Security Act of 1987 (Public Law

100-235)".

2000 - Pub. L. 106-398 substituted "subchapter" for "chapter" in

introductory provisions and in par. (11).

EFFECTIVE DATE OF 2000 AMENDMENT

Amendment by Pub. L. 106-398 effective 30 days after Oct. 30,

2000, see section 1 [[div. A], title X, Sec. 1065] of Pub. L.

106-398, set out as an Effective Date note under section 3531 of

this title.

EFFECTIVE DATE

Section 4 of Pub. L. 104-13 provided that:

"(a) In General. - Except as otherwise provided in this section,

this Act [enacting this chapter, amending section 91 of Title 13,

Census, and enacting provisions set out as a note under section 101

of this title] and the amendments made by this Act shall take

effect on October 1, 1995.

"(b) Authorization of Appropriations. - Section 3520 [now 3521]

of title 44, United States Code, as amended by this Act, shall take

effect on the date of enactment of this Act [May 22, 1995].

"(c) Delayed Application. - In the case of a collection of

information for which there is in effect on September 30, 1995, a

control number issued by the Office of Management and Budget under

chapter 35 of title 44, United States Code -

"(1) the amendments made by this Act [enacting this chapter and

amending section 91 of Title 13] shall apply to the collection of

information beginning on the earlier of -

"(A) the first renewal or modification of that collection of

information after September 30, 1995; or

"(B) the expiration of its control number after September 30,

1995.

"(2) prior to such renewal, modification, or expiration, the

collection of information shall be subject to chapter 35 of title

44, United States Code, as in effect on September 30, 1995."

SHORT TITLE

This chapter is popularly known as the "Paperwork Reduction Act".

FEDERAL MANAGEMENT AND PROMOTION OF ELECTRONIC GOVERNMENT SERVICES

Pub. L. 107-347, title II, Dec. 17, 2002, 116 Stat. 2910,

provided that:

"SEC. 201. DEFINITIONS.

"Except as otherwise provided, in this title the definitions

under sections 3502 and 3601 of title 44, United States Code, shall

apply.

"SEC. 202. FEDERAL AGENCY RESPONSIBILITIES.

"(a) In General. - The head of each agency shall be responsible

for -

"(1) complying with the requirements of this Act [see Tables

for classification] (including the amendments made by this Act),

the related information resource management policies and guidance

established by the Director of the Office of Management and

Budget, and the related information technology standards

promulgated by the Secretary of Commerce;

"(2) ensuring that the information resource management policies

and guidance established under this Act by the Director, and the

related information technology standards promulgated by the

Secretary of Commerce are communicated promptly and effectively

to all relevant officials within their agency; and

"(3) supporting the efforts of the Director and the

Administrator of the General Services Administration to develop,

maintain, and promote an integrated Internet-based system of

delivering Federal Government information and services to the

public under section 204.

"(b) Performance Integration. -

"(1) Agencies shall develop performance measures that

demonstrate how electronic government enables progress toward

agency objectives, strategic goals, and statutory mandates.

"(2) In measuring performance under this section, agencies

shall rely on existing data collections to the extent

practicable.

"(3) Areas of performance measurement that agencies should

consider include -

"(A) customer service;

"(B) agency productivity; and

"(C) adoption of innovative information technology, including

the appropriate use of commercial best practices.

"(4) Agencies shall link their performance goals, as

appropriate, to key groups, including citizens, businesses, and

other governments, and to internal Federal Government operations.

"(5) As appropriate, agencies shall work collectively in

linking their performance goals to groups identified under

paragraph (4) and shall use information technology in delivering

Government information and services to those groups.

"(c) Avoiding Diminished Access. - When promulgating policies and

implementing programs regarding the provision of Government

information and services over the Internet, agency heads shall

consider the impact on persons without access to the Internet, and

shall, to the extent practicable -

"(1) ensure that the availability of Government information and

services has not been diminished for individuals who lack access

to the Internet; and

"(2) pursue alternate modes of delivery that make Government

information and services more accessible to individuals who do

not own computers or lack access to the Internet.

"(d) Accessibility to People With Disabilities. - All actions

taken by Federal departments and agencies under this Act [see

Tables for classification] shall be in compliance with section 508

of the Rehabilitation Act of 1973 (29 U.S.C. 794d).

"(e) Sponsored Activities. - Agencies shall sponsor activities

that use information technology to engage the public in the

development and implementation of policies and programs.

"(f) Chief Information Officers. - The Chief Information Officer

of each of the agencies designated under chapter 36 of title 44,

United States Code (as added by this Act) shall be responsible for

-

"(1) participating in the functions of the Chief Information

Officers Council; and

"(2) monitoring the implementation, within their respective

agencies, of information technology standards promulgated by the

Secretary of Commerce, including common standards for

interconnectivity and interoperability, categorization of Federal

Government electronic information, and computer system efficiency

and security.

"(g) E-Government Status Report. -

"(1) In general. - Each agency shall compile and submit to the

Director an annual E-Government Status Report on -

"(A) the status of the implementation by the agency of

electronic government initiatives;

"(B) compliance by the agency with this Act [see Tables for

classification]; and

"(C) how electronic Government initiatives of the agency

improve performance in delivering programs to constituencies.

"(2) Submission. - Each agency shall submit an annual report

under this subsection -

"(A) to the Director at such time and in such manner as the

Director requires;

"(B) consistent with related reporting requirements; and

"(C) which addresses any section in this title relevant to

that agency.

"(h) Use of Technology. - Nothing in this Act [see Tables for

classification] supersedes the responsibility of an agency to use

or manage information technology to deliver Government information

and services that fulfill the statutory mission and programs of the

agency.

"(i) National Security Systems. -

"(1) Inapplicability. - Except as provided under paragraph (2),

this title does not apply to national security systems as defined

in section 11103 of title 40, United States Code.

"(2) Applicability. - This section, section 203, and section

214 do apply to national security systems to the extent

practicable and consistent with law.

"SEC. 203. COMPATIBILITY OF EXECUTIVE AGENCY METHODS FOR USE AND

ACCEPTANCE OF ELECTRONIC SIGNATURES.

"(a) Purpose. - The purpose of this section is to achieve

interoperable implementation of electronic signatures for

appropriately secure electronic transactions with Government.

"(b) Electronic Signatures. - In order to fulfill the objectives

of the Government Paperwork Elimination Act (Public Law 105-277;

112 Stat. 2681-749 through 2681-751) [44 U.S.C. 3504 note], each

Executive agency (as defined under section 105 of title 5, United

States Code) shall ensure that its methods for use and acceptance

of electronic signatures are compatible with the relevant policies

and procedures issued by the Director.

"(c) Authority for Electronic Signatures. - The Administrator of

General Services shall support the Director by establishing a

framework to allow efficient interoperability among Executive

agencies when using electronic signatures, including processing of

digital signatures.

"(d) Authorization of Appropriations. - There are authorized to

be appropriated to the General Services Administration, to ensure

the development and operation of a Federal bridge certification

authority for digital signature compatibility, and for other

activities consistent with this section, $8,000,000 or such sums as

are necessary in fiscal year 2003, and such sums as are necessary

for each fiscal year thereafter.

"SEC. 204. FEDERAL INTERNET PORTAL.

"(a) In General. -

"(1) Public access. - The Director shall work with the

Administrator of the General Services Administration and other

agencies to maintain and promote an integrated Internet-based

system of providing the public with access to Government

information and services.

"(2) Criteria. - To the extent practicable, the integrated

system shall be designed and operated according to the following

criteria:

"(A) The provision of Internet-based Government information

and services directed to key groups, including citizens,

business, and other governments, and integrated according to

function or topic rather than separated according to the

boundaries of agency jurisdiction.

"(B) An ongoing effort to ensure that Internet-based

Government services relevant to a given citizen activity are

available from a single point.

"(C) Access to Federal Government information and services

consolidated, as appropriate, with Internet-based information

and services provided by State, local, and tribal governments.

"(D) Access to Federal Government information held by 1 or

more agencies shall be made available in a manner that protects

privacy, consistent with law.

"(b) Authorization of Appropriations. - There are authorized to

be appropriated to the General Services Administration $15,000,000

for the maintenance, improvement, and promotion of the integrated

Internet-based system for fiscal year 2003, and such sums as are

necessary for fiscal years 2004 through 2007.

"SEC. 205. FEDERAL COURTS.

"(a) Individual Court Websites. - The Chief Justice of the United

States, the chief judge of each circuit and district and of the

Court of Federal Claims, and the chief bankruptcy judge of each

district shall cause to be established and maintained, for the

court of which the judge is chief justice or judge, a website that

contains the following information or links to websites with the

following information:

"(1) Location and contact information for the courthouse,

including the telephone numbers and contact names for the clerk's

office and justices' or judges' chambers.

"(2) Local rules and standing or general orders of the court.

"(3) Individual rules, if in existence, of each justice or

judge in that court.

"(4) Access to docket information for each case.

"(5) Access to the substance of all written opinions issued by

the court, regardless of whether such opinions are to be

published in the official court reporter, in a text searchable

format.

"(6) Access to documents filed with the courthouse in

electronic form, to the extent provided under subsection (c).

"(7) Any other information (including forms in a format that

can be downloaded) that the court determines useful to the

public.

"(b) Maintenance of Data Online. -

"(1) Update of information. - The information and rules on each

website shall be updated regularly and kept reasonably current.

"(2) Closed cases. - Electronic files and docket information

for cases closed for more than 1 year are not required to be made

available online, except all written opinions with a date of

issuance after the effective date of this section [see Effective

Date note set out under section 3601 of this title] shall remain

available online.

"(c) Electronic Filings. -

"(1) In general. - Except as provided under paragraph (2) or in

the rules prescribed under paragraph (3), each court shall make

any document that is filed electronically publicly available

online. A court may convert any document that is filed in paper

form to electronic form. To the extent such conversions are made,

all such electronic versions of the document shall be made

available online.

"(2) Exceptions. - Documents that are filed that are not

otherwise available to the public, such as documents filed under

seal, shall not be made available online.

"(3) Privacy and security concerns. - (A)(i) The Supreme Court

shall prescribe rules, in accordance with sections 2072 and 2075

of title 28, United States Code, to protect privacy and security

concerns relating to electronic filing of documents and the

public availability under this subsection of documents filed

electronically.

"(ii) Such rules shall provide to the extent practicable for

uniform treatment of privacy and security issues throughout the

Federal courts.

"(iii) Such rules shall take into consideration best practices

in Federal and State courts to protect private information or

otherwise maintain necessary information security.

"(iv) To the extent that such rules provide for the redaction

of certain categories of information in order to protect privacy

and security concerns, such rules shall provide that a party that

wishes to file an otherwise proper document containing such

information may file an unredacted document under seal, which

shall be retained by the court as part of the record, and which,

at the discretion of the court and subject to any applicable

rules issued in accordance with chapter 131 of title 28, United

States Code, shall be either in lieu of, or in addition, to, a

redacted copy in the public file.

"(B)(i) Subject to clause (ii), the Judicial Conference of the

United States may issue interim rules, and interpretive

statements relating to the application of such rules, which

conform to the requirements of this paragraph and which shall

cease to have effect upon the effective date of the rules

required under subparagraph (A).

"(ii) Pending issuance of the rules required under subparagraph

(A), any rule or order of any court, or of the Judicial

Conference, providing for the redaction of certain categories of

information in order to protect privacy and security concerns

arising from electronic filing shall comply with, and be

construed in conformity with, subparagraph (A)(iv).

"(C) Not later than 1 year after the rules prescribed under

subparagraph (A) take effect, and every 2 years thereafter, the

Judicial Conference shall submit to Congress a report on the

adequacy of those rules to protect privacy and security.

"(d) Dockets With Links to Documents. - The Judicial Conference

of the United States shall explore the feasibility of technology to

post online dockets with links allowing all filings, decisions, and

rulings in each case to be obtained from the docket sheet of that

case.

"(e) Cost of Providing Electronic Docketing Information. -

[Amended section 303(a) of Pub. L. 102-140, set out as a note under

section 1913 of Title 28, Judiciary and Judicial Procedure.]

"(f) Time Requirements. - Not later than 2 years after the

effective date of this title [see Effective Date note set out under

section 3601 of this title], the websites under subsection (a)

shall be established, except that access to documents filed in

electronic form shall be established not later than 4 years after

that effective date.

"(g) Deferral. -

"(1) In general. -

"(A) Election. -

"(i) Notification. - The Chief Justice of the United

States, a chief judge, or chief bankruptcy judge may submit a

notification to the Administrative Office of the United

States Courts to defer compliance with any requirement of

this section with respect to the Supreme Court, a court of

appeals, district, or the bankruptcy court of a district.

"(ii) Contents. - A notification submitted under this

subparagraph shall state -

"(I) the reasons for the deferral; and

"(II) the online methods, if any, or any alternative methods,

such court or district is using to provide greater public

access to information.

"(B) Exception. - To the extent that the Supreme Court, a

court of appeals, district, or bankruptcy court of a district

maintains a website under subsection (a), the Supreme Court or

that court of appeals or district shall comply with subsection

(b)(1).

"(2) Report. - Not later than 1 year after the effective date

of this title [see Effective Date note set out under section 3601

of this title], and every year thereafter, the Judicial

Conference of the United States shall submit a report to the

Committees on Governmental Affairs and the Judiciary of the

Senate and the Committees on Government Reform and the Judiciary

of the House of Representatives that -

"(A) contains all notifications submitted to the

Administrative Office of the United States Courts under this

subsection; and

"(B) summarizes and evaluates all notifications.

"SEC. 206. REGULATORY AGENCIES.

"(a) Purposes. - The purposes of this section are to -

"(1) improve performance in the development and issuance of

agency regulations by using information technology to increase

access, accountability, and transparency; and

"(2) enhance public participation in Government by electronic

means, consistent with requirements under subchapter II of

chapter 5 of title 5, United States Code, (commonly referred to

as the 'Administrative Procedures Act').

"(b) Information Provided by Agencies Online. - To the extent

practicable as determined by the agency in consultation with the

Director, each agency (as defined under section 551 of title 5,

United States Code) shall ensure that a publicly accessible Federal

Government website includes all information about that agency

required to be published in the Federal Register under paragraphs

(1) and (2) of section 552(a) of title 5, United States Code.

"(c) Submissions by Electronic Means. - To the extent

practicable, agencies shall accept submissions under section 553(c)

of title 5, United States Code, by electronic means.

"(d) Electronic Docketing. -

"(1) In general. - To the extent practicable, as determined by

the agency in consultation with the Director, agencies shall

ensure that a publicly accessible Federal Government website

contains electronic dockets for rulemakings under section 553 of

title 5, United States Code.

"(2) Information available. - Agency electronic dockets shall

make publicly available online to the extent practicable, as

determined by the agency in consultation with the Director -

"(A) all submissions under section 553(c) of title 5, United

States Code; and

"(B) other materials that by agency rule or practice are

included in the rulemaking docket under section 553(c) of title

5, United States Code, whether or not submitted electronically.

"(e) Time Limitation. - Agencies shall implement the requirements

of this section consistent with a timetable established by the

Director and reported to Congress in the first annual report under

section 3606 of title 44 (as added by this Act).

"SEC. 207. ACCESSIBILITY, USABILITY, AND PRESERVATION OF

GOVERNMENT INFORMATION.

"(a) Purpose. - The purpose of this section is to improve the

methods by which Government information, including information on

the Internet, is organized, preserved, and made accessible to the

public.

"(b) Definitions. - In this section, the term -

"(1) 'Committee' means the Interagency Committee on Government

Information established under subsection (c); and

"(2) 'directory' means a taxonomy of subjects linked to

websites that -

"(A) organizes Government information on the Internet

according to subject matter; and

"(B) may be created with the participation of human editors.

"(c) Interagency Committee. -

"(1) Establishment. - Not later than 180 days after the date of

enactment of this title [Dec. 17, 2002], the Director shall

establish the Interagency Committee on Government Information.

"(2) Membership. - The Committee shall be chaired by the

Director or the designee of the Director and -

"(A) shall include representatives from -

"(i) the National Archives and Records Administration;

"(ii) the offices of the Chief Information Officers from

Federal agencies; and

"(iii) other relevant officers from the executive branch;

and

"(B) may include representatives from the Federal legislative

and judicial branches.

"(3) Functions. - The Committee shall -

"(A) engage in public consultation to the maximum extent

feasible, including consultation with interested communities

such as public advocacy organizations;

"(B) conduct studies and submit recommendations, as provided

under this section, to the Director and Congress; and

"(C) share effective practices for access to, dissemination

of, and retention of Federal information.

"(4) Termination. - The Committee may be terminated on a date

determined by the Director, except the Committee may not

terminate before the Committee submits all recommendations

required under this section.

"(d) Categorizing of Information. -

"(1) Committee functions. - Not later than 2 years after the

date of enactment of this Act [Dec. 17, 2002], the Committee

shall submit recommendations to the Director on -

"(A) the adoption of standards, which are open to the maximum

extent feasible, to enable the organization and categorization

of Government information -

"(i) in a way that is searchable electronically, including

by searchable identifiers; and

"(ii) in ways that are interoperable across agencies;

"(B) the definition of categories of Government information

which should be classified under the standards; and

"(C) determining priorities and developing schedules for the

initial implementation of the standards by agencies.

"(2) Functions of the director. - Not later than 1 year after

the submission of recommendations under paragraph (1), the

Director shall issue policies -

"(A) requiring that agencies use standards, which are open to

the maximum extent feasible, to enable the organization and

categorization of Government information -

"(i) in a way that is searchable electronically, including

by searchable identifiers;

"(ii) in ways that are interoperable across agencies; and

"(iii) that are, as appropriate, consistent with the

provisions under section 3602(f)(8) of title 44, United

States Code;

"(B) defining categories of Government information which

shall be required to be classified under the standards; and

"(C) determining priorities and developing schedules for the

initial implementation of the standards by agencies.

"(3) Modification of policies. - After the submission of agency

reports under paragraph (4), the Director shall modify the

policies, as needed, in consultation with the Committee and

interested parties.

"(4) Agency functions. - Each agency shall report annually to

the Director, in the report established under section 202(g), on

compliance of that agency with the policies issued under

paragraph (2)(A).

"(e) Public Access to Electronic Information. -

"(1) Committee functions. - Not later than 2 years after the

date of enactment of this Act [Dec. 17, 2002], the Committee

shall submit recommendations to the Director and the Archivist of

the United States on -

"(A) the adoption by agencies of policies and procedures to

ensure that chapters 21, 25, 27, 29, and 31 of title 44, United

States Code, are applied effectively and comprehensively to

Government information on the Internet and to other electronic

records; and

"(B) the imposition of timetables for the implementation of

the policies and procedures by agencies.

"(2) Functions of the archivist. - Not later than 1 year after

the submission of recommendations by the Committee under

paragraph (1), the Archivist of the United States shall issue

policies -

"(A) requiring the adoption by agencies of policies and

procedures to ensure that chapters 21, 25, 27, 29, and 31 of

title 44, United States Code, are applied effectively and

comprehensively to Government information on the Internet and

to other electronic records; and

"(B) imposing timetables for the implementation of the

policies, procedures, and technologies by agencies.

"(3) Modification of policies. - After the submission of agency

reports under paragraph (4), the Archivist of the United States

shall modify the policies, as needed, in consultation with the

Committee and interested parties.

"(4) Agency functions. - Each agency shall report annually to

the Director, in the report established under section 202(g), on

compliance of that agency with the policies issued under

paragraph (2)(A).

"(f) Agency Websites. -

"(1) Standards for agency websites. - Not later than 2 years

after the effective date of this title [see Effective Date note

set out under section 3601 of this title], the Director shall

promulgate guidance for agency websites that includes -

"(A) requirements that websites include direct links to -

"(i) descriptions of the mission and statutory authority of

the agency;

"(ii) information made available to the public under

subsections (a)(1) and (b) of section 552 of title 5, United

States Code (commonly referred to as the 'Freedom of

Information Act');

"(iii) information about the organizational structure of

the agency; and

"(iv) the strategic plan of the agency developed under

section 306 of title 5, United States Code; and

"(B) minimum agency goals to assist public users to navigate

agency websites, including -

"(i) speed of retrieval of search results;

"(ii) the relevance of the results;

"(iii) tools to aggregate and disaggregate data; and

"(iv) security protocols to protect information.

"(2) Agency requirements. - (A) Not later than 2 years after

the date of enactment of this Act [Dec. 17, 2002], each agency

shall -

"(i) consult with the Committee and solicit public comment;

"(ii) establish a process for determining which Government

information the agency intends to make available and accessible

to the public on the Internet and by other means;

"(iii) develop priorities and schedules for making Government

information available and accessible;

"(iv) make such final determinations, priorities, and

schedules available for public comment;

"(v) post such final determinations, priorities, and

schedules on the Internet; and

"(vi) submit such final determinations, priorities, and

schedules to the Director, in the report established under

section 202(g).

"(B) Each agency shall update determinations, priorities, and

schedules of the agency, as needed, after consulting with the

Committee and soliciting public comment, if appropriate.

"(3) Public domain directory of public federal government

websites. -

"(A) Establishment. - Not later than 2 years after the

effective date of this title [see Effective Date note set out

under section 3601 of this title], the Director and each agency

shall -

"(i) develop and establish a public domain directory of

public Federal Government websites; and

"(ii) post the directory on the Internet with a link to the

integrated Internet-based system established under section

204.

"(B) Development. - With the assistance of each agency, the

Director shall -

"(i) direct the development of the directory through a

collaborative effort, including input from -

"(I) agency librarians;

"(II) information technology managers;

"(III) program managers;

"(IV) records managers;

"(V) Federal depository librarians; and

"(VI) other interested parties; and

"(ii) develop a public domain taxonomy of subjects used to

review and categorize public Federal Government websites.

"(C) Update. - With the assistance of each agency, the

Administrator of the Office of Electronic Government shall -

"(i) update the directory as necessary, but not less than

every 6 months; and

"(ii) solicit interested persons for improvements to the

directory.

"(g) Access to Federally Funded Research and Development. -

"(1) Development and maintenance of governmentwide repository

and website. -

"(A) Repository and website. - The Director of the Office of

Management and Budget (or the Director's delegate), in

consultation with the Director of the Office of Science and

Technology Policy and other relevant agencies, shall ensure the

development and maintenance of -

"(i) a repository that fully integrates, to the maximum

extent feasible, information about research and development

funded by the Federal Government, and the repository shall -

"(I) include information about research and development funded

by the Federal Government, consistent with any relevant

protections for the information under section 552 of title 5,

United States Code, and performed by -

"(aa) institutions not a part of the Federal Government,

including State, local, and foreign governments; industrial

firms; educational institutions; not-for-profit

organizations; federally funded research and development

centers; and private individuals; and

"(bb) entities of the Federal Government, including

research and development laboratories, centers, and

offices; and

"(II) integrate information about each separate research and

development task or award, including -

"(aa) the dates upon which the task or award is expected

to start and end;

"(bb) a brief summary describing the objective and the

scientific and technical focus of the task or award;

"(cc) the entity or institution performing the task or

award and its contact information;

"(dd) the total amount of Federal funds expected to be

provided to the task or award over its lifetime and the

amount of funds expected to be provided in each fiscal year

in which the work of the task or award is ongoing;

"(ee) any restrictions attached to the task or award that

would prevent the sharing with the general public of any or

all of the information required by this subsection, and the

reasons for such restrictions; and

"(ff) such other information as may be determined to be

appropriate; and

"(ii) 1 or more websites upon which all or part of the

repository of Federal research and development shall be made

available to and searchable by Federal agencies and

non-Federal entities, including the general public, to

facilitate -

"(I) the coordination of Federal research and development

activities;

"(II) collaboration among those conducting Federal research

and development;

"(III) the transfer of technology among Federal agencies and

between Federal agencies and non-Federal entities; and

"(IV) access by policymakers and the public to information

concerning Federal research and development activities.

"(B) Oversight. - The Director of the Office of Management

and Budget shall issue any guidance determined necessary to

ensure that agencies provide all information requested under

this subsection.

"(2) Agency functions. - Any agency that funds Federal research

and development under this subsection shall provide the

information required to populate the repository in the manner

prescribed by the Director of the Office of Management and

Budget.

"(3) Committee functions. - Not later than 18 months after the

date of enactment of this Act [Dec. 17, 2002], working with the

Director of the Office of Science and Technology Policy, and

after consultation with interested parties, the Committee shall

submit recommendations to the Director on -

"(A) policies to improve agency reporting of information for

the repository established under this subsection; and

"(B) policies to improve dissemination of the results of

research performed by Federal agencies and federally funded

research and development centers.

"(4) Functions of the director. - After submission of

recommendations by the Committee under paragraph (3), the

Director shall report on the recommendations of the Committee and

Director to Congress, in the E-Government report under section

3606 of title 44 (as added by this Act).

"(5) Authorization of appropriations. - There are authorized to

be appropriated for the development, maintenance, and operation

of the Governmentwide repository and website under this

subsection -

"(A) $2,000,000 in each of the fiscal years 2003 through

2005; and

"(B) such sums as are necessary in each of the fiscal years

2006 and 2007.

"SEC. 208. PRIVACY PROVISIONS.

"(a) Purpose. - The purpose of this section is to ensure

sufficient protections for the privacy of personal information as

agencies implement citizen-centered electronic Government.

"(b) Privacy Impact Assessments. -

"(1) Responsibilities of agencies. -

"(A) In general. - An agency shall take actions described

under subparagraph (B) before -

"(i) developing or procuring information technology that

collects, maintains, or disseminates information that is in

an identifiable form; or

"(ii) initiating a new collection of information that -

"(I) will be collected, maintained, or disseminated using

information technology; and

"(II) includes any information in an identifiable form

permitting the physical or online contacting of a specific

individual, if identical questions have been posed to, or

identical reporting requirements imposed on, 10 or more

persons, other than agencies, instrumentalities, or employees

of the Federal Government.

"(B) Agency activities. - To the extent required under

subparagraph (A), each agency shall -

"(i) conduct a privacy impact assessment;

"(ii) ensure the review of the privacy impact assessment by

the Chief Information Officer, or equivalent official, as

determined by the head of the agency; and

"(iii) if practicable, after completion of the review under

clause (ii), make the privacy impact assessment publicly

available through the website of the agency, publication in

the Federal Register, or other means.

"(C) Sensitive information. - Subparagraph (B)(iii) may be

modified or waived for security reasons, or to protect

classified, sensitive, or private information contained in an

assessment.

"(D) Copy to director. - Agencies shall provide the Director

with a copy of the privacy impact assessment for each system

for which funding is requested.

"(2) Contents of a privacy impact assessment. -

"(A) In general. - The Director shall issue guidance to

agencies specifying the required contents of a privacy impact

assessment.

"(B) Guidance. - The guidance shall -

"(i) ensure that a privacy impact assessment is

commensurate with the size of the information system being

assessed, the sensitivity of information that is in an

identifiable form in that system, and the risk of harm from

unauthorized release of that information; and

"(ii) require that a privacy impact assessment address -

"(I) what information is to be collected;

"(II) why the information is being collected;

"(III) the intended use of the agency of the information;

"(IV) with whom the information will be shared;

"(V) what notice or opportunities for consent would be

provided to individuals regarding what information is

collected and how that information is shared;

"(VI) how the information will be secured; and

"(VII) whether a system of records is being created under

section 552a of title 5, United States Code, (commonly

referred to as the 'Privacy Act').

"(3) Responsibilities of the director. - The Director shall -

"(A) develop policies and guidelines for agencies on the

conduct of privacy impact assessments;

"(B) oversee the implementation of the privacy impact

assessment process throughout the Government; and

"(C) require agencies to conduct privacy impact assessments

of existing information systems or ongoing collections of

information that is in an identifiable form as the Director

determines appropriate.

"(c) Privacy Protections on Agency Websites. -

"(1) Privacy policies on websites. -

"(A) Guidelines for notices. - The Director shall develop

guidance for privacy notices on agency websites used by the

public.

"(B) Contents. - The guidance shall require that a privacy

notice address, consistent with section 552a of title 5, United

States Code -

"(i) what information is to be collected;

"(ii) why the information is being collected;

"(iii) the intended use of the agency of the information;

"(iv) with whom the information will be shared;

"(v) what notice or opportunities for consent would be

provided to individuals regarding what information is

collected and how that information is shared;

"(vi) how the information will be secured; and

"(vii) the rights of the individual under section 552a of

title 5, United States Code (commonly referred to as the

'Privacy Act'), and other laws relevant to the protection of

the privacy of an individual.

"(2) Privacy policies in machine-readable formats. - The

Director shall issue guidance requiring agencies to translate

privacy policies into a standardized machine-readable format.

"(d) Definition. - In this section, the term 'identifiable form'

means any representation of information that permits the identity

of an individual to whom the information applies to be reasonably

inferred by either direct or indirect means.

"SEC. 209. FEDERAL INFORMATION TECHNOLOGY WORKFORCE DEVELOPMENT.

"(a) Purpose. - The purpose of this section is to improve the

skills of the Federal workforce in using information technology to

deliver Government information and services.

"(b) Workforce Development. -

"(1) In general. - In consultation with the Director of the

Office of Management and Budget, the Chief Information Officers

Council, and the Administrator of General Services, the Director

of the Office of Personnel Management shall -

"(A) analyze, on an ongoing basis, the personnel needs of the

Federal Government related to information technology and

information resource management;

"(B) identify where current information technology and

information resource management training do not satisfy the

personnel needs described in subparagraph (A);

"(C) oversee the development of curricula, training methods,

and training priorities that correspond to the projected

personnel needs of the Federal Government related to

information technology and information resource management; and

"(D) assess the training of Federal employees in information

technology disciplines in order to ensure that the information

resource management needs of the Federal Government are

addressed.

"(2) Information technology training programs. - The head of

each Executive agency, after consultation with the Director of

the Office of Personnel Management, the Chief Information

Officers Council, and the Administrator of General Services,

shall establish and operate information technology training

programs consistent with the requirements of this subsection.

Such programs shall -

"(A) have curricula covering a broad range of information

technology disciplines corresponding to the specific

information technology and information resource management

needs of the agency involved;

"(B) be developed and applied according to rigorous

standards; and

"(C) be designed to maximize efficiency, through the use of

self-paced courses, online courses, on-the-job training, and

the use of remote instructors, wherever such features can be

applied without reducing the effectiveness of the training or

negatively impacting academic standards.

"(3) Governmentwide policies and evaluation. - The Director of

the Office of Personnel Management, in coordination with the

Director of the Office of Management and Budget, shall issue

policies to promote the development of performance standards for

training and uniform implementation of this subsection by

Executive agencies, with due regard for differences in program

requirements among agencies that may be appropriate and warranted

in view of the agency mission. The Director of the Office of

Personnel Management shall evaluate the implementation of the

provisions of this subsection by Executive agencies.

"(4) Chief information officer authorities and

responsibilities. - Subject to the authority, direction, and

control of the head of an Executive agency, the chief information

officer of such agency shall carry out all powers, functions, and

duties of the head of the agency with respect to implementation

of this subsection. The chief information officer shall ensure

that the policies of the agency head established in accordance

with this subsection are implemented throughout the agency.

"(5) Information technology training reporting. - The Director

of the Office of Management and Budget shall ensure that the

heads of Executive agencies collect and maintain standardized

information on the information technology and information

resources management workforce related to the implementation of

this subsection.

"(6) Authority to detail employees to non-Federal employers. -

In carrying out the preceding provisions of this subsection, the

Director of the Office of Personnel Management may provide for a

program under which a Federal employee may be detailed to a

non-Federal employer. The Director of the Office of Personnel

Management shall prescribe regulations for such program,

including the conditions for service and duties as the Director

considers necessary.

"(7) Coordination provision. - An assignment described in

section 3703 of title 5, United States Code, may not be made

unless a program under paragraph (6) is established, and the

assignment is made in accordance with the requirements of such

program.

"(8) Employee participation. - Subject to information resource

management needs and the limitations imposed by resource needs in

other occupational areas, and consistent with their overall

workforce development strategies, agencies shall encourage

employees to participate in occupational information technology

training.

"(9) Authorization of Appropriations. - There are authorized to

be appropriated to the Office of Personnel Management for the

implementation of this subsection, $15,000,000 in fiscal year

2003, and such sums as are necessary for each fiscal year

thereafter.

"(10) Executive agency defined. - For purposes of this

subsection, the term 'Executive agency' has the meaning given the

term 'agency' under section 3701 of title 5, United States Code

(as added by subsection (c)).

"(c) Information Technology Exchange Program. -

"(1) In general. - [Enacted chapter 37 of Title 5, Government

Organization and Employees.]

"(2) Report. - Not later than 4 years after the date of the

enactment of this Act [Dec. 17, 2002], the General Accounting

Office shall prepare and submit to the Committee on Government

Reform of the House of Representatives and the Committee on

Governmental Affairs of the Senate a report on the operation of

chapter 37 of title 5, United States Code (as added by this

subsection). Such report shall include -

"(A) an evaluation of the effectiveness of the program

established by such chapter; and

"(B) a recommendation as to whether such program should be

continued (with or without modification) or allowed to lapse.

"(3) Clerical Amendment. - [Amended analysis for part III of

Title 5.]

"(d) Ethics Provisions. -

"(1) One-year restriction on certain communications. - [Amended

section 207 of Title 18, Crimes and Criminal Procedure.]

"(2) Disclosure of confidential information. - [Amended section

1905 of Title 18.]

"(3) Contract advice. - [Amended section 207 of Title 18.]

"(4) Restriction on disclosure of procurement information. -

[Amended section 423 of Title 41, Public Contracts.]

"(e) Report on Existing Exchange Programs. -

"(1) Exchange program defined. - For purposes of this

subsection, the term 'exchange program' means an executive

exchange program, the program under subchapter VI of chapter 33

of title 5, United States Code, and any other program which

allows for -

"(A) the assignment of employees of the Federal Government to

non-Federal employers;

"(B) the assignment of employees of non-Federal employers to

the Federal Government; or

"(C) both.

"(2) Reporting requirement. - Not later than 1 year after the

date of the enactment of this Act [Dec. 17, 2002], the Office of

Personnel Management shall prepare and submit to the Committee on

Government Reform of the House of Representatives and the

Committee on Governmental Affairs of the Senate a report

identifying all existing exchange programs.

"(3) Specific information. - The report shall, for each such

program, include -

"(A) a brief description of the program, including its size,

eligibility requirements, and terms or conditions for

participation;

"(B) specific citation to the law or other authority under

which the program is established;

"(C) the names of persons to contact for more information,

and how they may be reached; and

"(D) any other information which the Office considers

appropriate.

"(f) Report on the Establishment of a Governmentwide Information

Technology Training Program. -

"(1) In general. - Not later January 1, 2003, the Office of

Personnel Management, in consultation with the Chief Information

Officers Council and the Administrator of General Services, shall

review and submit to the Committee on Government Reform of the

House of Representatives and the Committee on Governmental

Affairs of the Senate a written report on the following:

"(A) The adequacy of any existing information technology

training programs available to Federal employees on a

Governmentwide basis.

"(B)(i) If one or more such programs already exist,

recommendations as to how they might be improved.

"(ii) If no such program yet exists, recommendations as to

how such a program might be designed and established.

"(C) With respect to any recommendations under subparagraph

(B), how the program under chapter 37 of title 5, United States

Code, might be used to help carry them out.

"(2) Cost estimate. - The report shall, for any recommended

program (or improvements) under paragraph (1)(B), include the

estimated costs associated with the implementation and operation

of such program as so established (or estimated difference in

costs of any such program as so improved).

"(g) Technical and Conforming Amendments. -

"(1) Amendments to title 5, united states code. - [Amended

sections 3111, 4108, and 7353 of Title 5.]

"(2) Amendment to title 18, united states code. - [Amended

section 209 of Title 18.]

"(3) Other amendments. - [Amended section 125(c)(1) of Pub. L.

100-238, set out as a note under section 8432 of Title 5.]

"SEC. 210. SHARE-IN-SAVINGS INITIATIVES.

"(a) Defense Contracts. - [Enacted section 2332 of Title 10,

Armed Forces.]

"(b) Other Contracts. - [Enacted section 266a of Title 41.]

"(c) Development of Incentives. - The Director of the Office of

Management and Budget shall, in consultation with the Committee on

Governmental Affairs of the Senate, the Committee on Government

Reform of the House of Representatives, and executive agencies,

develop techniques to permit an executive agency to retain a

portion of the savings (after payment of the contractor's share of

the savings) derived from share-in-savings contracts as funds are

appropriated to the agency in future fiscal years.

"(d) Regulations. - Not later than 270 days after the date of the

enactment of this Act [Dec. 17, 2002], the Federal Acquisition

Regulation shall be revised to implement the provisions enacted by

this section. Such revisions shall -

"(1) provide for the use of competitive procedures in the

selection and award of share-in-savings contracts to -

"(A) ensure the contractor's share of savings reflects the

risk involved and market conditions; and

"(B) otherwise yield greatest value to the government; and

"(2) allow appropriate regulatory flexibility to facilitate the

use of share-in-savings contracts by executive agencies,

including the use of innovative provisions for technology

refreshment and nonstandard Federal Acquisition Regulation

contract clauses.

"(e) Additional Guidance. - The Administrator of General Services

shall -

"(1) identify potential opportunities for the use of

share-in-savings contracts; and

"(2) in consultation with the Director of the Office of

Management and Budget, provide guidance to executive agencies for

determining mutually beneficial savings share ratios and

baselines from which savings may be measured.

"(f) OMB Report to Congress. - In consultation with executive

agencies, the Director of the Office of Management and Budget

shall, not later than 2 years after the date of the enactment of

this Act [Dec. 17, 2002], submit to Congress a report containing -

"(1) a description of the number of share-in-savings contracts

entered into by each executive agency under by [sic] this section

and the amendments made by this section, and, for each contract

identified -

"(A) the information technology acquired;

"(B) the total amount of payments made to the contractor; and

"(C) the total amount of savings or other measurable benefits

realized;

"(2) a description of the ability of agencies to determine the

baseline costs of a project against which savings can be

measured; and

"(3) any recommendations, as the Director deems appropriate,

regarding additional changes in law that may be necessary to

ensure effective use of share-in-savings contracts by executive

agencies.

"(g) GAO Report to Congress. - The Comptroller General shall, not

later than 6 months after the report required under subsection (f)

is submitted to Congress, conduct a review of that report and

submit to Congress a report containing -

"(1) the results of the review;

"(2) an independent assessment by the Comptroller General of

the effectiveness of the use of share-in-savings contracts in

improving the mission-related and administrative processes of the

executive agencies and the achievement of agency missions; and

"(3) a recommendation on whether the authority to enter into

share-in-savings contracts should be continued.

"(h) Repeal of Share-in-Savings Pilot Program. -

"(1) Repeal. - [Repealed section 11521 of Title 40, Public

Buildings, Property, and Works.]

"(2) Conforming amendments to pilot program authority. -

[Amended sections 11501 to 11505 of Title 40.]

"(3) Additional conforming amendments. - [Redesignated 11522 of

Title 40 as 11521 and amended headings and analysis.]

"(i) Definitions. - In this section, the terms 'contractor',

'savings', and 'share-in-savings contract' have the meanings given

those terms in section 317 of the Federal Property and

Administrative Services Act of 1949 [41 U.S.C. 266a] (as added by

subsection (b)).

"SEC. 211. AUTHORIZATION FOR ACQUISITION OF INFORMATION

TECHNOLOGY BY STATE AND LOCAL GOVERNMENTS THROUGH FEDERAL

SUPPLY SCHEDULES.

"(a) Authority To Use Certain Supply Schedules. - [Amended

section 502 of Title 40.]

"(b) Procedures. - Not later than 30 days after the date of the

enactment of this Act [Dec. 17, 2002], the Administrator of General

Services shall establish procedures to implement section 501(c) of

title 40, United States Code (as added by subsection (a)).

"(c) Report. - Not later than December 31, 2004, the

Administrator shall submit to the Committee on Government Reform of

the House of Representatives and the Committee on Governmental

Affairs of the Senate a report on the implementation and effects of

the amendment made by subsection (a).

"SEC. 212. INTEGRATED REPORTING STUDY AND PILOT PROJECTS.

"(a) Purposes. - The purposes of this section are to -

"(1) enhance the interoperability of Federal information

systems;

"(2) assist the public, including the regulated community, in

electronically submitting information to agencies under Federal

requirements, by reducing the burden of duplicate collection and

ensuring the accuracy of submitted information; and

"(3) enable any person to integrate and obtain similar

information held by 1 or more agencies under 1 or more Federal

requirements without violating the privacy rights of an

individual.

"(b) Definitions. - In this section, the term -

"(1) 'agency' means an Executive agency as defined under

section 105 of title 5, United States Code; and

"(2) 'person' means any individual, trust, firm, joint stock

company, corporation (including a government corporation),

partnership, association, State, municipality, commission,

political subdivision of a State, interstate body, or agency or

component of the Federal Government.

"(c) Report. -

"(1) In general. - Not later than 3 years after the date of

enactment of this Act [Dec. 17, 2002], the Director shall oversee

a study, in consultation with agencies, the regulated community,

public interest organizations, and the public, and submit a

report to the Committee on Governmental Affairs of the Senate and

the Committee on Government Reform of the House of

Representatives on progress toward integrating Federal

information systems across agencies.

"(2) Contents. - The report under this section shall -

"(A) address the integration of data elements used in the

electronic collection of information within databases

established under Federal statute without reducing the quality,

accessibility, scope, or utility of the information contained

in each database;

"(B) address the feasibility of developing, or enabling the

development of, software, including Internet-based tools, for

use by reporting persons in assembling, documenting, and

validating the accuracy of information electronically submitted

to agencies under nonvoluntary, statutory, and regulatory

requirements;

"(C) address the feasibility of developing a distributed

information system involving, on a voluntary basis, at least 2

agencies, that -

"(i) provides consistent, dependable, and timely public

access to the information holdings of 1 or more agencies, or

some portion of such holdings, without requiring public users

to know which agency holds the information; and

"(ii) allows the integration of public information held by

the participating agencies;

"(D) address the feasibility of incorporating other elements

related to the purposes of this section at the discretion of

the Director; and

"(E) make any recommendations that the Director deems

appropriate on the use of integrated reporting and information

systems, to reduce the burden on reporting and strengthen

public access to databases within and across agencies.

"(d) Pilot Projects To Encourage Integrated Collection and

Management of Data and Interoperability of Federal Information

Systems. -

"(1) In general. - In order to provide input to the study under

subsection (c), the Director shall designate, in consultation

with agencies, a series of no more than 5 pilot projects that

integrate data elements. The Director shall consult with

agencies, the regulated community, public interest organizations,

and the public on the implementation of the pilot projects.

"(2) Goals of pilot projects. -

"(A) In general. - Each goal described under subparagraph (B)

shall be addressed by at least 1 pilot project each.

"(B) Goals. - The goals under this paragraph are to -

"(i) reduce information collection burdens by eliminating

duplicative data elements within 2 or more reporting

requirements;

"(ii) create interoperability between or among public

databases managed by 2 or more agencies using technologies

and techniques that facilitate public access; and

"(iii) develop, or enable the development of, software to

reduce errors in electronically submitted information.

"(3) Input. - Each pilot project shall seek input from users on

the utility of the pilot project and areas for improvement. To

the extent practicable, the Director shall consult with relevant

agencies and State, tribal, and local governments in carrying out

the report and pilot projects under this section.

"(e) Protections. - The activities authorized under this section

shall afford protections for -

"(1) confidential business information consistent with section

552(b)(4) of title 5, United States Code, and other relevant law;

"(2) personal privacy information under sections 552(b)(6) and

(7)(C) and 552a of title 5, United States Code, and other

relevant law;

"(3) other information consistent with section 552(b)(3) of

title 5, United States Code, and other relevant law; and

"(4) confidential statistical information collected under a

confidentiality pledge, solely for statistical purposes,

consistent with the Office of Management and Budget's Federal

Statistical Confidentiality Order, and other relevant law.

"SEC. 213. COMMUNITY TECHNOLOGY CENTERS.

"(a) Purposes. - The purposes of this section are to -

"(1) study and enhance the effectiveness of community

technology centers, public libraries, and other institutions that

provide computer and Internet access to the public; and

"(2) promote awareness of the availability of on-line

government information and services, to users of community

technology centers, public libraries, and other public facilities

that provide access to computer technology and Internet access to

the public.

"(b) Study and Report. - Not later than 2 years after the

effective date of this title [see Effective Date note set out under

section 3601 of this title], the Administrator shall -

"(1) ensure that a study is conducted to evaluate the best

practices of community technology centers that have received

Federal funds; and

"(2) submit a report on the study to -

"(A) the Committee on Governmental Affairs of the Senate;

"(B) the Committee on Health, Education, Labor, and Pensions

of the Senate;

"(C) the Committee on Government Reform of the House of

Representatives; and

"(D) the Committee on Education and the Workforce of the

House of Representatives.

"(c) Contents. - The report under subsection (b) may consider -

"(1) an evaluation of the best practices being used by

successful community technology centers;

"(2) a strategy for -

"(A) continuing the evaluation of best practices used by

community technology centers; and

"(B) establishing a network to share information and

resources as community technology centers evolve;

"(3) the identification of methods to expand the use of best

practices to assist community technology centers, public

libraries, and other institutions that provide computer and

Internet access to the public;

"(4) a database of all community technology centers that have

received Federal funds, including -

"(A) each center's name, location, services provided,

director, other points of contact, number of individuals

served; and

"(B) other relevant information;

"(5) an analysis of whether community technology centers have

been deployed effectively in urban and rural areas throughout the

Nation; and

"(6) recommendations of how to -

"(A) enhance the development of community technology centers;

and

"(B) establish a network to share information and resources.

"(d) Cooperation. - All agencies that fund community technology

centers shall provide to the Administrator any information and

assistance necessary for the completion of the study and the report

under this section.

"(e) Assistance. -

"(1) In general. - The Administrator, in consultation with the

Secretary of Education, shall work with other relevant Federal

agencies, and other interested persons in the private and

nonprofit sectors to -

"(A) assist in the implementation of recommendations; and

"(B) identify other ways to assist community technology

centers, public libraries, and other institutions that provide

computer and Internet access to the public.

"(2) Types of assistance. - Assistance under this subsection

may include -

"(A) contribution of funds;

"(B) donations of equipment, and training in the use and

maintenance of the equipment; and

"(C) the provision of basic instruction or training material

in computer skills and Internet usage.

"(f) Online Tutorial. -

"(1) In general. - The Administrator, in consultation with the

Secretary of Education, the Director of the Institute of Museum

and Library Services, other relevant agencies, and the public,

shall develop an online tutorial that -

"(A) explains how to access Government information and

services on the Internet; and

"(B) provides a guide to available online resources.

"(2) Distribution. - The Administrator, with assistance from

the Secretary of Education, shall distribute information on the

tutorial to community technology centers, public libraries, and

other institutions that afford Internet access to the public.

"(g) Promotion of Community Technology Centers. - The

Administrator, with assistance from the Department of Education and

in consultation with other agencies and organizations, shall

promote the availability of community technology centers to raise

awareness within each community where such a center is located.

"(h) Authorization of Appropriations. - There are authorized to

be appropriated for the study of best practices at community

technology centers, for the development and dissemination of the

online tutorial, and for the promotion of community technology

centers under this section -

"(1) $2,000,000 in fiscal year 2003;

"(2) $2,000,000 in fiscal year 2004; and

"(3) such sums as are necessary in fiscal years 2005 through

2007.

"SEC. 214. ENHANCING CRISIS MANAGEMENT THROUGH ADVANCED

INFORMATION TECHNOLOGY.

"(a) Purpose. - The purpose of this section is to improve how

information technology is used in coordinating and facilitating

information on disaster preparedness, response, and recovery, while

ensuring the availability of such information across multiple

access channels.

"(b) In General. -

"(1) Study on enhancement of crisis response. - Not later than

90 days after the date of enactment of this Act [Dec. 17, 2002],

the Administrator, in consultation with the Federal Emergency

Management Agency, shall ensure that a study is conducted on

using information technology to enhance crisis preparedness,

response, and consequence management of natural and manmade

disasters.

"(2) Contents. - The study under this subsection shall address

-

"(A) a research and implementation strategy for effective use

of information technology in crisis response and consequence

management, including the more effective use of technologies,

management of information technology research initiatives, and

incorporation of research advances into the information and

communications systems of -

"(i) the Federal Emergency Management Agency; and

"(ii) other Federal, State, and local agencies responsible

for crisis preparedness, response, and consequence

management; and

"(B) opportunities for research and development on enhanced

technologies into areas of potential improvement as determined

during the course of the study.

"(3) Report. - Not later than 2 years after the date on which a

contract is entered into under paragraph (1), the Administrator

shall submit a report on the study, including findings and

recommendations to -

"(A) the Committee on Governmental Affairs of the Senate; and

"(B) the Committee on Government Reform of the House of

Representatives.

"(4) Interagency cooperation. - Other Federal departments and

agencies with responsibility for disaster relief and emergency

assistance shall fully cooperate with the Administrator in

carrying out this section.

"(5) Authorization of appropriations. - There are authorized to

be appropriated for research under this subsection, such sums as

are necessary for fiscal year 2003.

"(c) Pilot Projects. - Based on the results of the research

conducted under subsection (b), the Administrator, in consultation

with the Federal Emergency Management Agency, shall initiate pilot

projects or report to Congress on other activities that further the

goal of maximizing the utility of information technology in

disaster management. The Administrator shall cooperate with other

relevant agencies, and, if appropriate, State, local, and tribal

governments, in initiating such pilot projects.

"SEC. 215. DISPARITIES IN ACCESS TO THE INTERNET.

"(a) Study and Report. -

"(1) Study. - Not later than 90 days after the date of

enactment of this Act [Dec. 17, 2002], the Administrator of

General Services shall request that the National Academy of

Sciences, acting through the National Research Council, enter

into a contract to conduct a study on disparities in Internet

access for online Government services.

"(2) Report. - Not later than 2 years after the date of

enactment of this Act, the Administrator of General Services

shall submit to the Committee on Governmental Affairs of the

Senate and the Committee on Government Reform of the House of

Representatives a final report of the study under this section,

which shall set forth the findings, conclusions, and

recommendations of the National Research Council.

"(b) Contents. - The report under subsection (a) shall include a

study of -

"(1) how disparities in Internet access influence the

effectiveness of online Government services, including a review

of -

"(A) the nature of disparities in Internet access;

"(B) the affordability of Internet service;

"(C) the incidence of disparities among different groups

within the population; and

"(D) changes in the nature of personal and public Internet

access that may alleviate or aggravate effective access to

online Government services;

"(2) how the increase in online Government services is

influencing the disparities in Internet access and how technology

development or diffusion trends may offset such adverse

influences; and

"(3) related societal effects arising from the interplay of

disparities in Internet access and the increase in online

Government services.

"(c) Recommendations. - The report shall include recommendations

on actions to ensure that online Government initiatives shall not

have the unintended result of increasing any deficiency in public

access to Government services.

"(d) Authorization of Appropriations. - There are authorized to

be appropriated $950,000 in fiscal year 2003 to carry out this

section.

"SEC. 216. COMMON PROTOCOLS FOR GEOGRAPHIC INFORMATION SYSTEMS.

"(a) Purposes. - The purposes of this section are to -

"(1) reduce redundant data collection and information; and

"(2) promote collaboration and use of standards for government

geographic information.

"(b) Definition. - In this section, the term 'geographic

information' means information systems that involve locational

data, such as maps or other geospatial information resources.

"(c) In General. -

"(1) Common protocols. - The Administrator, in consultation

with the Secretary of the Interior, working with the Director and

through an interagency group, and working with private sector

experts, State, local, and tribal governments, commercial and

international standards groups, and other interested parties,

shall facilitate the development of common protocols for the

development, acquisition, maintenance, distribution, and

application of geographic information. If practicable, the

Administrator shall incorporate intergovernmental and public

private geographic information partnerships into efforts under

this subsection.

"(2) Interagency group. - The interagency group referred to

under paragraph (1) shall include representatives of the National

Institute of Standards and Technology and other agencies.

"(d) Director. - The Director shall oversee -

"(1) the interagency initiative to develop common protocols;

"(2) the coordination with State, local, and tribal

governments, public private partnerships, and other interested

persons on effective and efficient ways to align geographic

information and develop common protocols; and

"(3) the adoption of common standards relating to the

protocols.

"(e) Common Protocols. - The common protocols shall be designed

to -

"(1) maximize the degree to which unclassified geographic

information from various sources can be made electronically

compatible and accessible; and

"(2) promote the development of interoperable geographic

information systems technologies that shall -

"(A) allow widespread, low-cost use and sharing of geographic

data by Federal agencies, State, local, and tribal governments,

and the public; and

"(B) enable the enhancement of services using geographic

data.

"(f) Authorization of Appropriations. - There are authorized to

be appropriated such sums as are necessary to carry out this

section, for each of the fiscal years 2003 through 2007."

INFORMATION SECURITY RESPONSIBILITIES OF CERTAIN AGENCIES

Pub. L. 107-347, title III, Sec. 301(c)(1)(A), Dec. 17, 2002, 116

Stat. 2955, provided that: "Nothing in this Act [see Tables for

classification] (including any amendment made by this Act) shall

supersede any authority of the Secretary of Defense, the Director

of Central Intelligence, or other agency head, as authorized by law

and as directed by the President, with regard to the operation,

control, or management of national security systems, as defined by

section 3542(b)(2) of title 44, United States Code."

ATOMIC ENERGY ACT OF 1954

Pub. L. 107-347, title III, Sec. 301(c)(2), Dec. 17, 2002, 116

Stat. 2955, provided that: "Nothing in this Act [see Tables for

classification] shall supersede any requirement made by or under

the Atomic Energy Act of 1954 (42 U.S.C. 2011 et seq.). Restricted

data or formerly restricted data shall be handled, protected,

classified, downgraded, and declassified in conformity with the

Atomic Energy Act of 1954 (42 U.S.C. 2011 et seq.)."

CONFIDENTIAL INFORMATION PROTECTION AND STATISTICAL EFFICIENCY

Pub. L. 107-347, title V, Dec. 17, 2002, 116 Stat. 2962, provided

that:

"SEC. 501. SHORT TITLE.

"This title may be cited as the 'Confidential Information

Protection and Statistical Efficiency Act of 2002'.

"SEC. 502. DEFINITIONS.

"As used in this title:

"(1) The term 'agency' means any entity that falls within the

definition of the term 'executive agency' as defined in section

102 of title 31, United States Code, or 'agency', as defined in

section 3502 of title 44, United States Code.

"(2) The term 'agent' means an individual -

"(A)(i) who is an employee of a private organization or a

researcher affiliated with an institution of higher learning

(including a person granted special sworn status by the Bureau

of the Census under section 23(c) of title 13, United States

Code), and with whom a contract or other agreement is executed,

on a temporary basis, by an executive agency to perform

exclusively statistical activities under the control and

supervision of an officer or employee of that agency;

"(ii) who is working under the authority of a government

entity with which a contract or other agreement is executed by

an executive agency to perform exclusively statistical

activities under the control of an officer or employee of that

agency;

"(iii) who is a self-employed researcher, a consultant, a

contractor, or an employee of a contractor, and with whom a

contract or other agreement is executed by an executive agency

to perform a statistical activity under the control of an

officer or employee of that agency; or

"(iv) who is a contractor or an employee of a contractor, and

who is engaged by the agency to design or maintain the systems

for handling or storage of data received under this title; and

"(B) who agrees in writing to comply with all provisions of

law that affect information acquired by that agency.

"(3) The term 'business data' means operating and financial

data and information about businesses, tax-exempt organizations,

and government entities.

"(4) The term 'identifiable form' means any representation of

information that permits the identity of the respondent to whom

the information applies to be reasonably inferred by either

direct or indirect means.

"(5) The term 'nonstatistical purpose' -

"(A) means the use of data in identifiable form for any

purpose that is not a statistical purpose, including any

administrative, regulatory, law enforcement, adjudicatory, or

other purpose that affects the rights, privileges, or benefits

of a particular identifiable respondent; and

"(B) includes the disclosure under section 552 of title 5,

United States Code (popularly known as the Freedom of

Information Act) of data that are acquired for exclusively

statistical purposes under a pledge of confidentiality.

"(6) The term 'respondent' means a person who, or organization

that, is requested or required to supply information to an

agency, is the subject of information requested or required to be

supplied to an agency, or provides that information to an agency.

"(7) The term 'statistical activities' -

"(A) means the collection, compilation, processing, or

analysis of data for the purpose of describing or making

estimates concerning the whole, or relevant groups or

components within, the economy, society, or the natural

environment; and

"(B) includes the development of methods or resources that

support those activities, such as measurement methods, models,

statistical classifications, or sampling frames.

"(8) The term 'statistical agency or unit' means an agency or

organizational unit of the executive branch whose activities are

predominantly the collection, compilation, processing, or

analysis of information for statistical purposes.

"(9) The term 'statistical purpose' -

"(A) means the description, estimation, or analysis of the

characteristics of groups, without identifying the individuals

or organizations that comprise such groups; and

"(B) includes the development, implementation, or maintenance

of methods, technical or administrative procedures, or

information resources that support the purposes described in

subparagraph (A).

"SEC. 503. COORDINATION AND OVERSIGHT OF POLICIES.

"(a) In General. - The Director of the Office of Management and

Budget shall coordinate and oversee the confidentiality and

disclosure policies established by this title. The Director may

promulgate rules or provide other guidance to ensure consistent

interpretation of this title by the affected agencies.

"(b) Agency Rules. - Subject to subsection (c), agencies may

promulgate rules to implement this title. Rules governing

disclosures of information that are authorized by this title shall

be promulgated by the agency that originally collected the

information.

"(c) Review and Approval of Rules. - The Director shall review

any rules proposed by an agency pursuant to this title for

consistency with the provisions of this title and chapter 35 of

title 44, United States Code, and such rules shall be subject to

the approval of the Director.

"(d) Reports. -

"(1) The head of each agency shall provide to the Director of

the Office of Management and Budget such reports and other

information as the Director requests.

"(2) Each Designated Statistical Agency referred to in section

522 shall report annually to the Director of the Office of

Management and Budget, the Committee on Government Reform of the

House of Representatives, and the Committee on Governmental

Affairs of the Senate on the actions it has taken to implement

sections 523 and 524. The report shall include copies of each

written agreement entered into pursuant to section 524(a) for the

applicable year.

"(3) The Director of the Office of Management and Budget shall

include a summary of reports submitted to the Director under

paragraph (2) and actions taken by the Director to advance the

purposes of this title in the annual report to the Congress on

statistical programs prepared under section 3504(e)(2) of title

44, United States Code.

"SEC. 504. EFFECT ON OTHER LAWS.

"(a) Title 44, United States Code. - This title, including

amendments made by this title, does not diminish the authority

under section 3510 of title 44, United States Code, of the Director

of the Office of Management and Budget to direct, and of an agency

to make, disclosures that are not inconsistent with any applicable

law.

"(b) Title 13 and Title 44, United States Code. - This title,

including amendments made by this title, does not diminish the

authority of the Bureau of the Census to provide information in

accordance with sections 8, 16, 301, and 401 of title 13, United

States Code, and section 2108 of title 44, United States Code.

"(c) Title 13, United States Code. - This title, including

amendments made by this title, shall not be construed as

authorizing the disclosure for nonstatistical purposes of

demographic data or information collected by the Census Bureau

pursuant to section 9 of title 13, United States Code.

"(d) Various Energy Statutes. - Data or information acquired by

the Energy Information Administration under a pledge of

confidentiality and designated by the Energy Information

Administration to be used for exclusively statistical purposes

shall not be disclosed in identifiable form for nonstatistical

purposes under -

"(1) section 12, 20, or 59 of the Federal Energy Administration

Act of 1974 (15 U.S.C. 771, 779, 790h);

"(2) section 11 of the Energy Supply and Environmental

Coordination Act of 1974 (15 U.S.C. 796); or

"(3) section 205 or 407 of the Department of the Energy

Organization Act of 1977 (42 U.S.C. 7135, 7177).

"(e) Section 201 of Congressional Budget Act of 1974 [2 U.S.C.

601]. - This title, including amendments made by this title, shall

not be construed to limit any authorities of the Congressional

Budget Office to work (consistent with laws governing the

confidentiality of information the disclosure of which would be a

violation of law) with databases of Designated Statistical Agencies

(as defined in section 522), either separately or, for data that

may be shared pursuant to section 524 of this title or other

authority, jointly in order to improve the general utility of these

databases for the statistical purpose of analyzing pension and

health care financing issues.

"(f) Preemption of State Law. - Nothing in this title shall

preempt applicable State law regarding the confidentiality of data

collected by the States.

"(g) Statutes Regarding False Statements. - Notwithstanding

section 512, information collected by an agency for exclusively

statistical purposes under a pledge of confidentiality may be

provided by the collecting agency to a law enforcement agency for

the prosecution of submissions to the collecting agency of false

statistical information under statutes that authorize criminal

penalties (such as section 221 of title 13, United States Code) or

civil penalties for the provision of false statistical information,

unless such disclosure or use would otherwise be prohibited under

Federal law.

"(h) Construction. - Nothing in this title shall be construed as

restricting or diminishing any confidentiality protections or

penalties for unauthorized disclosure that otherwise apply to data

or information collected for statistical purposes or nonstatistical

purposes, including, but not limited to, section 6103 of the

Internal Revenue Code of 1986 (26 U.S.C. 6103).

"(i) Authority of Congress. - Nothing in this title shall be

construed to affect the authority of the Congress, including its

committees, members, or agents, to obtain data or information for a

statistical purpose, including for oversight of an agency's

statistical activities.

"SUBTITLE A - CONFIDENTIAL INFORMATION PROTECTION

"SEC. 511. FINDINGS AND PURPOSES.

"(a) Findings. - The Congress finds the following:

"(1) Individuals, businesses, and other organizations have

varying degrees of legal protection when providing information to

the agencies for strictly statistical purposes.

"(2) Pledges of confidentiality by agencies provide assurances

to the public that information about individuals or organizations

or provided by individuals or organizations for exclusively

statistical purposes will be held in confidence and will not be

used against such individuals or organizations in any agency

action.

"(3) Protecting the confidentiality interests of individuals or

organizations who provide information under a pledge of

confidentiality for Federal statistical programs serves both the

interests of the public and the needs of society.

"(4) Declining trust of the public in the protection of

information provided under a pledge of confidentiality to the

agencies adversely affects both the accuracy and completeness of

statistical analyses.

"(5) Ensuring that information provided under a pledge of

confidentiality for statistical purposes receives protection is

essential in continuing public cooperation in statistical

programs.

"(b) Purposes. - The purposes of this subtitle are the following:

"(1) To ensure that information supplied by individuals or

organizations to an agency for statistical purposes under a

pledge of confidentiality is used exclusively for statistical

purposes.

"(2) To ensure that individuals or organizations who supply

information under a pledge of confidentiality to agencies for

statistical purposes will neither have that information disclosed

in identifiable form to anyone not authorized by this title nor

have that information used for any purpose other than a

statistical purpose.

"(3) To safeguard the confidentiality of individually

identifiable information acquired under a pledge of

confidentiality for statistical purposes by controlling access

to, and uses made of, such information.

"SEC. 512. LIMITATIONS ON USE AND DISCLOSURE OF DATA AND

INFORMATION.

"(a) Use of Statistical Data or Information. - Data or

information acquired by an agency under a pledge of confidentiality

and for exclusively statistical purposes shall be used by officers,

employees, or agents of the agency exclusively for statistical

purposes.

"(b) Disclosure of Statistical Data or Information. -

"(1) Data or information acquired by an agency under a pledge

of confidentiality for exclusively statistical purposes shall not

be disclosed by an agency in identifiable form, for any use other

than an exclusively statistical purpose, except with the informed

consent of the respondent.

"(2) A disclosure pursuant to paragraph (1) is authorized only

when the head of the agency approves such disclosure and the

disclosure is not prohibited by any other law.

"(3) This section does not restrict or diminish any

confidentiality protections in law that otherwise apply to data

or information acquired by an agency under a pledge of

confidentiality for exclusively statistical purposes.

"(c) Rule for Use of Data or Information for Nonstatistical

Purposes. - A statistical agency or unit shall clearly distinguish

any data or information it collects for nonstatistical purposes (as

authorized by law) and provide notice to the public, before the

data or information is collected, that the data or information

could be used for nonstatistical purposes.

"(d) Designation of Agents. - A statistical agency or unit may

designate agents, by contract or by entering into a special

agreement containing the provisions required under section 502(2)

for treatment as an agent under that section, who may perform

exclusively statistical activities, subject to the limitations and

penalties described in this title.

"SEC. 513. FINES AND PENALTIES.

"Whoever, being an officer, employee, or agent of an agency

acquiring information for exclusively statistical purposes, having

taken and subscribed the oath of office, or having sworn to observe

the limitations imposed by section 512, comes into possession of

such information by reason of his or her being an officer,

employee, or agent and, knowing that the disclosure of the specific

information is prohibited under the provisions of this title,

willfully discloses the information in any manner to a person or

agency not entitled to receive it, shall be guilty of a class E

felony and imprisoned for not more than 5 years, or fined not more

than $250,000, or both.

"SUBTITLE B - STATISTICAL EFFICIENCY

"SEC. 521. FINDINGS AND PURPOSES.

"(a) Findings. - The Congress finds the following:

"(1) Federal statistics are an important source of information

for public and private decision-makers such as policymakers,

consumers, businesses, investors, and workers.

"(2) Federal statistical agencies should continuously seek to

improve their efficiency. Statutory constraints limit the ability

of these agencies to share data and thus to achieve higher

efficiency for Federal statistical programs.

"(3) The quality of Federal statistics depends on the

willingness of businesses to respond to statistical surveys.

Reducing reporting burdens will increase response rates, and

therefore lead to more accurate characterizations of the economy.

"(4) Enhanced sharing of business data among the Bureau of the

Census, the Bureau of Economic Analysis, and the Bureau of Labor

Statistics for exclusively statistical purposes will improve

their ability to track more accurately the large and rapidly

changing nature of United States business. In particular, the

statistical agencies will be able to better ensure that

businesses are consistently classified in appropriate industries,

resolve data anomalies, produce statistical samples that are

consistently adjusted for the entry and exit of new businesses in

a timely manner, and correct faulty reporting errors quickly and

efficiently.

"(5) The Congress enacted the International Investment and

Trade in Services Act of 1990 [probably means the International

Investment and Trade in Services Survey Act, Pub. L. 94-472, as

amended by Pub. L. 101-533, which is classified to 22 U.S.C. 3101

et seq.] that allowed the Bureau of the Census, the Bureau of

Economic Analysis, and the Bureau of Labor Statistics to share

data on foreign-owned companies. The Act not only expanded

detailed industry coverage from 135 industries to over 800

industries with no increase in the data collected from

respondents but also demonstrated how data sharing can result in

the creation of valuable data products.

"(6) With subtitle A of this title, the sharing of business

data among the Bureau of the Census, the Bureau of Economic

Analysis, and the Bureau of Labor Statistics continues to ensure

the highest level of confidentiality for respondents to

statistical surveys.

"(b) Purposes. - The purposes of this subtitle are the following:

"(1) To authorize the sharing of business data among the Bureau

of the Census, the Bureau of Economic Analysis, and the Bureau of

Labor Statistics for exclusively statistical purposes.

"(2) To reduce the paperwork burdens imposed on businesses that

provide requested information to the Federal Government.

"(3) To improve the comparability and accuracy of Federal

economic statistics by allowing the Bureau of the Census, the

Bureau of Economic Analysis, and the Bureau of Labor Statistics

to update sample frames, develop consistent classifications of

establishments and companies into industries, improve coverage,

and reconcile significant differences in data produced by the

three agencies.

"(4) To increase understanding of the United States economy,

especially for key industry and regional statistics, to develop

more accurate measures of the impact of technology on

productivity growth, and to enhance the reliability of the

Nation's most important economic indicators, such as the National

Income and Product Accounts.

"SEC. 522. DESIGNATION OF STATISTICAL AGENCIES.

"For purposes of this subtitle, the term 'Designated Statistical

Agency' means each of the following:

"(1) The Bureau of the Census of the Department of Commerce.

"(2) The Bureau of Economic Analysis of the Department of

Commerce.

"(3) The Bureau of Labor Statistics of the Department of Labor.

"SEC. 523. RESPONSIBILITIES OF DESIGNATED STATISTICAL AGENCIES.

"The head of each of the Designated Statistical Agencies shall -

"(1) identify opportunities to eliminate duplication and

otherwise reduce reporting burden and cost imposed on the public

in providing information for statistical purposes;

"(2) enter into joint statistical projects to improve the

quality and reduce the cost of statistical programs; and

"(3) protect the confidentiality of individually identifiable

information acquired for statistical purposes by adhering to

safeguard principles, including -

"(A) emphasizing to their officers, employees, and agents the

importance of protecting the confidentiality of information in

cases where the identity of individual respondents can

reasonably be inferred by either direct or indirect means;

"(B) training their officers, employees, and agents in their

legal obligations to protect the confidentiality of

individually identifiable information and in the procedures

that must be followed to provide access to such information;

"(C) implementing appropriate measures to assure the physical

and electronic security of confidential data;

"(D) establishing a system of records that identifies

individuals accessing confidential data and the project for

which the data were required; and

"(E) being prepared to document their compliance with

safeguard principles to other agencies authorized by law to

monitor such compliance.

"SEC. 524. SHARING OF BUSINESS DATA AMONG DESIGNATED STATISTICAL

AGENCIES.

"(a) In General. - A Designated Statistical Agency may provide

business data in an identifiable form to another Designated

Statistical Agency under the terms of a written agreement among the

agencies sharing the business data that specifies -

"(1) the business data to be shared;

"(2) the statistical purposes for which the business data are

to be used;

"(3) the officers, employees, and agents authorized to examine

the business data to be shared; and

"(4) appropriate security procedures to safeguard the

confidentiality of the business data.

"(b) Responsibilities of Agencies Under Other Laws. - The

provision of business data by an agency to a Designated Statistical

Agency under this subtitle shall in no way alter the responsibility

of the agency providing the data under other statutes (including

section 552 of title 5, United States Code (popularly known as the

Freedom of Information Act), and section 552b of title 5, United

States Code (popularly known as the Privacy Act of 1974 [Pub. L.

93-579, see Short Title note set out under section 552a of Title 5,

Government Organization and Employees])) with respect to the

provision or withholding of such information by the agency

providing the data.

"(c) Responsibilities of Officers, Employees, and Agents. -

Examination of business data in identifiable form shall be limited

to the officers, employees, and agents authorized to examine the

individual reports in accordance with written agreements pursuant

to this section. Officers, employees, and agents of a Designated

Statistical Agency who receive data pursuant to this subtitle shall

be subject to all provisions of law, including penalties, that

relate -

"(1) to the unlawful provision of the business data that would

apply to the officers, employees, and agents of the agency that

originally obtained the information; and

"(2) to the unlawful disclosure of the business data that would

apply to officers, employees, and agents of the agency that

originally obtained the information.

"(d) Notice. - Whenever a written agreement concerns data that

respondents were required by law to report and the respondents were

not informed that the data could be shared among the Designated

Statistical Agencies, for exclusively statistical purposes, the

terms of such agreement shall be described in a public notice

issued by the agency that intends to provide the data. Such notice

shall allow a minimum of 60 days for public comment.

"SEC. 525. LIMITATIONS ON USE OF BUSINESS DATA PROVIDED BY

DESIGNATED STATISTICAL AGENCIES.

"(a) Use, Generally. - Business data provided by a Designated

Statistical Agency pursuant to this subtitle shall be used

exclusively for statistical purposes.

"(b) Publication. - Publication of business data acquired by a

Designated Statistical Agency shall occur in a manner whereby the

data furnished by any particular respondent are not in identifiable

form.

"SEC. 526. CONFORMING AMENDMENTS.

"(a) Department of Commerce. - [Amended section 176a of Title 15,

Commerce and Trade.]

"(b) Title 13. - [Enacted section 402 of Title 13, Census.]".

WAIVER OF PAPERWORK REDUCTION

Pub. L. 101-508, title IV, Sec. 4711(f), Nov. 5, 1990, 104 Stat.

1388-187, provided that: "Chapter 35 of title 44, United States

Code, and Executive Order 12291 [formerly set out as a note under

section 601 of Title 5, Government Organization and Employees]

shall not apply to information and regulations required for

purposes of carrying out this Act [see Tables for classification]

and implementing the amendments made by this Act."

-FOOTNOTE-

(!1) See References in Text note below.

-End-

-CITE-

44 USC Sec. 3502 01/06/03

-EXPCITE-

TITLE 44 - PUBLIC PRINTING AND DOCUMENTS

CHAPTER 35 - COORDINATION OF FEDERAL INFORMATION POLICY

SUBCHAPTER I - FEDERAL INFORMATION POLICY

-HEAD-

Sec. 3502. Definitions

-STATUTE-

As used in this subchapter -

(1) the term "agency" means any executive department, military

department, Government corporation, Government controlled

corporation, or other establishment in the executive branch of

the Government (including the Executive Office of the President),

or any independent regulatory agency, but does not include -

(A) the General Accounting Office;

(B) Federal Election Commission;

(C) the governments of the District of Columbia and of the

territories and possessions of the United States, and their

various subdivisions; or

(D) Government-owned contractor-operated facilities,

including laboratories engaged in national defense research and

production activities;

(2) the term "burden" means time, effort, or financial

resources expended by persons to generate, maintain, or provide

information to or for a Federal agency, including the resources

expended for -

(A) reviewing instructions;

(B) acquiring, installing, and utilizing technology and

systems;

(C) adjusting the existing ways to comply with any previously

applicable instructions and requirements;

(D) searching data sources;

(E) completing and reviewing the collection of information;

and

(F) transmitting, or otherwise disclosing the information;

(3) the term "collection of information" -

(A) means the obtaining, causing to be obtained, soliciting,

or requiring the disclosure to third parties or the public, of

facts or opinions by or for an agency, regardless of form or

format, calling for either -

(i) answers to identical questions posed to, or identical

reporting or recordkeeping requirements imposed on, ten or

more persons, other than agencies, instrumentalities, or

employees of the United States; or

(ii) answers to questions posed to agencies,

instrumentalities, or employees of the United States which

are to be used for general statistical purposes; and

(B) shall not include a collection of information described

under section 3518(c)(1);

(4) the term "Director" means the Director of the Office of

Management and Budget;

(5) the term "independent regulatory agency" means the Board of

Governors of the Federal Reserve System, the Commodity Futures

Trading Commission, the Consumer Product Safety Commission, the

Federal Communications Commission, the Federal Deposit Insurance

Corporation, the Federal Energy Regulatory Commission, the

Federal Housing Finance Board, the Federal Maritime Commission,

the Federal Trade Commission, the Interstate Commerce Commission,

the Mine Enforcement Safety and Health Review Commission, the

National Labor Relations Board, the Nuclear Regulatory

Commission, the Occupational Safety and Health Review Commission,

the Postal Rate Commission, the Securities and Exchange

Commission, and any other similar agency designated by statute as

a Federal independent regulatory agency or commission;

(6) the term "information resources" means information and

related resources, such as personnel, equipment, funds, and

information technology;

(7) the term "information resources management" means the

process of managing information resources to accomplish agency

missions and to improve agency performance, including through the

reduction of information collection burdens on the public;

(8) the term "information system" means a discrete set of

information resources organized for the collection, processing,

maintenance, use, sharing, dissemination, or disposition of

information;

(9) the term "information technology" has the meaning given

that term in section 11101 of title 40 but does not include

national security systems as defined in section 11103 of title

40;

(10) the term "person" means an individual, partnership,

association, corporation, business trust, or legal

representative, an organized group of individuals, a State,

territorial, tribal, or local government or branch thereof, or a

political subdivision of a State, territory, tribal, or local

government or a branch of a political subdivision;

(11) the term "practical utility" means the ability of an

agency to use information, particularly the capability to process

such information in a timely and useful fashion;

(12) the term "public information" means any information,

regardless of form or format, that an agency discloses,

disseminates, or makes available to the public;

(13) the term "recordkeeping requirement" means a requirement

imposed by or for an agency on persons to maintain specified

records, including a requirement to -

(A) retain such records;

(B) notify third parties, the Federal Government, or the

public of the existence of such records;

(C) disclose such records to third parties, the Federal

Government, or the public; or

(D) report to third parties, the Federal Government, or the

public regarding such records; and

(14) the term "penalty" includes the imposition by an agency or

court of a fine or other punishment; a judgment for monetary

damages or equitable relief; or the revocation, suspension,

reduction, or denial of a license, privilege, right, grant, or

benefit.

-SOURCE-

(Added Pub. L. 104-13, Sec. 2, May 22, 1995, 109 Stat. 164; amended

Pub. L. 104-106, div. E, title LVI, Sec. 5605(a), Feb. 10, 1996,

110 Stat. 700; Pub. L. 105-85, div. A, title X, Sec. 1073(h)(5)(A),

Nov. 18, 1997, 111 Stat. 1907; Pub. L. 106-398, Sec. 1 [[div. A],

title X, Sec. 1064(b)], Oct. 30, 2000, 114 Stat. 1654, 1654A-275;

Pub. L. 107-217, Sec. 3(l)(4), Aug. 21, 2002, 116 Stat. 1301.)

-MISC1-

PRIOR PROVISIONS

A prior section 3502, added Pub. L. 96-511, Sec. 2(a), Dec. 11,

1980, 94 Stat. 2813; amended Pub. L. 98-443, Sec. 9(h), Oct. 4,

1984, 98 Stat. 1708; Pub. L. 99-500, Sec. 101(m) [title VIII, Sec.

812], Oct. 18, 1986, 100 Stat. 1783-308, 1783-335, and Pub. L.

99-591, Sec. 101(m) [title VIII, Sec. 812], Oct. 30, 1986, 100

Stat. 3341-308, 3341-335; Pub. L. 101-73, title VII, Sec. 744(e),

Aug. 9, 1989, 103 Stat. 438, defined terms used in this chapter

prior to the general amendment of this chapter by Pub. L. 104-13.

Another prior section 3502, Pub. L. 90-620, Oct. 22, 1968, 82

Stat. 1302; Pub. L. 93-153, title IV, Sec. 409(a), Nov. 16, 1973,

87 Stat. 593, defined "Federal agency", "person", and

"information", prior to the general amendment of this chapter by

Pub. L. 96-511.

AMENDMENTS

2002 - Par. (9). Pub. L. 107-217 substituted "section 11101 of

title 40" for "section 5002 of the Clinger-Cohen Act of 1996 (40

U.S.C. 1401)" and "section 11103 of title 40" for "section 5142 of

that Act (40 U.S.C. 1452)".

2000 - Pub. L. 106-398 substituted "subchapter" for "chapter" in

introductory provisions.

1997 - Par. (9). Pub. L. 105-85 substituted "the Clinger-Cohen

Act of 1996 (40 U.S.C. 1401)" for "the Information Technology

Management Reform Act of 1996" and inserted "(40 U.S.C. 1452)"

after "that Act".

1996 - Par. (9). Pub. L. 104-106 added par. (9) and struck out

former par. (9) which read as follows: "the term 'information

technology' has the same meaning as the term 'automatic data

processing equipment' as defined by section 111(a)(2) and (3)(C)(i)

through (v) of the Federal Property and Administrative Services Act

of 1949 (40 U.S.C. 759(a)(2) and (3)(C)(i) through (v));".

EFFECTIVE DATE OF 2000 AMENDMENT

Amendment by Pub. L. 106-398 effective 30 days after Oct. 30,

2000, see section 1 [[div. A], title X, Sec. 1065] of Pub. L.

106-398, set out as an Effective Date note under section 3531 of

this title.

EFFECTIVE DATE OF 1996 AMENDMENT

Amendment by Pub. L. 104-106 effective 180 days after Feb. 10,

1996, see section 5701 of Pub. L. 104-106, Feb. 10, 1996, 110 Stat.

702.

-TRANS-

ABOLITION OF INTERSTATE COMMERCE COMMISSION AND TRANSFER OF

FUNCTIONS

Interstate Commerce Commission abolished and functions of

Commission transferred, except as otherwise provided in Pub. L.

104-88, to Surface Transportation Board effective Jan. 1, 1996, by

section 702 of Title 49, Transportation, and section 101 of Pub. L.

104-88, set out as a note under section 701 of Title 49. References

to Interstate Commerce Commission deemed to refer to Surface

Transportation Board, a member or employee of the Board, or

Secretary of Transportation, as appropriate, see section 205 of

Pub. L. 104-88, set out as a note under section 701 of Title 49.

-SECREF-

SECTION REFERRED TO IN OTHER SECTIONS

This section is referred to in sections 3532, 3542, 3601 of this

title; title 10 section 1782; title 15 section 278g-3; title 31

sections 1344, 3811; title 40 section 11101; title 41 section 421;

title 42 section 1320b-9.

-End-

-CITE-

44 USC Sec. 3503 01/06/03

-EXPCITE-

TITLE 44 - PUBLIC PRINTING AND DOCUMENTS

CHAPTER 35 - COORDINATION OF FEDERAL INFORMATION POLICY

SUBCHAPTER I - FEDERAL INFORMATION POLICY

-HEAD-

Sec. 3503. Office of Information and Regulatory Affairs

-STATUTE-

(a) There is established in the Office of Management and Budget

an office to be known as the Office of Information and Regulatory

Affairs.

(b) There shall be at the head of the Office an Administrator who

shall be appointed by the President, by and with the advice and

consent of the Senate. The Director shall delegate to the

Administrator the authority to administer all functions under this

subchapter, except that any such delegation shall not relieve the

Director of responsibility for the administration of such

functions. The Administrator shall serve as principal adviser to

the Director on Federal information resources management policy.

-SOURCE-

(Added Pub. L. 104-13, Sec. 2, May 22, 1995, 109 Stat. 166; amended

Pub. L. 106-398, Sec. 1 [[div. A], title X, Sec. 1064(b)], Oct. 30,

2000, 114 Stat. 1654, 1654A-275.)

-MISC1-

PRIOR PROVISIONS

A prior section 3503, added Pub. L. 96-511, Sec. 2(a), Dec. 11,

1980, 94 Stat. 2814; amended Pub. L. 99-500, Sec. 101(m) [title

VIII, Sec. 813(a)], Oct. 18, 1986, 100 Stat. 1783-308, 1783-336,

and Pub. L. 99-591, Sec. 101(m) [title VIII, Sec. 813(a)], Oct. 30,

1986, 100 Stat. 3341-308, 3341-336, related to the establishment of

the Office of Information and Regulatory Affairs prior to the

general amendment of this chapter by Pub. L. 104-13.

Another prior section 3503, Pub. L. 90-620, Oct. 22, 1968, 82

Stat. 1303, prescribed duties of Director of Bureau of the Budget,

prior to the general amendment of this chapter by Pub. L. 96-511.

See section 3504 of this title.

AMENDMENTS

2000 - Subsec. (b). Pub. L. 106-398 substituted "subchapter" for

"chapter".

EFFECTIVE DATE OF 2000 AMENDMENT

Amendment by Pub. L. 106-398 effective 30 days after Oct. 30,

2000, see section 1 [[div. A], title X, Sec. 1065] of Pub. L.

106-398, set out as an Effective Date note under section 3531 of

this title.

-TRANS-

DELEGATION OF OTHER FUNCTIONS TO ADMINISTRATOR

Section 3 of Pub. L. 96-511, as amended by Pub. L. 97-258, Sec.

5(b), Sept. 13, 1982, 96 Stat. 1083; Pub. L. 99-500, Sec. 101(m)

[title VIII, Sec. 821(b)(3)], Oct. 18, 1986, 100 Stat. 1783-308,

1783-342, and Pub. L. 99-591, Sec. 101(m) [title VIII, Sec.

821(b)(3)], Oct. 30, 1986, 100 Stat. 3341-308, 3341-342, provided:

"[(a) Repealed]

"(b) The Director of the Office of Management and Budget shall

delegate to the Administrator for the Office of Information and

Regulatory Affairs all functions, authority, and responsibility of

the Director under section 552a of title 5, United States Code,

under Executive Order 12046 [Ex. Ord. No. 12046, Mar. 27, 1978, 43

F.R. 14193, set out as a note under section 305 of Title 47,

Telegraphs, Telephones, and Radiotelegraphs] and Reorganization

Plan No. 1 for telecommunications [probably means Reorg. Plan No. 1

of 1970, 35 F.R. 6421, 84 Stat. 2083, set out in the Appendix to

Title 5, Government Organization and Employees], and under sections

110 and 111 of the Federal Property and Administrative Services Act

of 1949 ([now 40 U.S.C. 322 and former] 40 U.S.C. 759)."

[Section 101(m) [title VIII, Sec. 833] of Pub. L. 99-500 and Pub.

L. 99-591 provided that: "This title and the amendments made by

this title [amending former sections 3501 to 3507, 3511, 3514, and

3520 of this title and sections 751, 757, and 759 of former Title

40, Public Buildings, Property, and Works, enacting provisions set

out as a notes under section 101 of this title and former section

3503 of this title, amending provisions set out as a note above,

and repealing provisions set out as a note under section 759 of

former Title 40] shall take effect on the date of enactment of this

Act [Oct. 18, 1986], except as provided in section 813(b) [set out

as a note under former section 3503 of this title] and except that

the provisions of section 821 and the amendments made by such

section [amending former sections 3503 and 3504 of this title,

sections 757 and 759 of former Title 40, and provisions set out as

a note above] shall take effect on January 1, 1987."]

-SECREF-

SECTION REFERRED TO IN OTHER SECTIONS

This section is referred to in title 31 section 505.

-End-

-CITE-

44 USC Sec. 3504 01/06/03

-EXPCITE-

TITLE 44 - PUBLIC PRINTING AND DOCUMENTS

CHAPTER 35 - COORDINATION OF FEDERAL INFORMATION POLICY

SUBCHAPTER I - FEDERAL INFORMATION POLICY

-HEAD-

Sec. 3504. Authority and functions of Director

-STATUTE-

(a)(1) The Director shall oversee the use of information

resources to improve the efficiency and effectiveness of

governmental operations to serve agency missions, including burden

reduction and service delivery to the public. In performing such

oversight, the Director shall -

(A) develop, coordinate and oversee the implementation of

Federal information resources management policies, principles,

standards, and guidelines; and

(B) provide direction and oversee -

(i) the review and approval of the collection of information

and the reduction of the information collection burden;

(ii) agency dissemination of and public access to

information;

(iii) statistical activities;

(iv) records management activities;

(v) privacy, confidentiality, security, disclosure, and

sharing of information; and

(vi) the acquisition and use of information technology,

including alternative information technologies that provide for

electronic submission, maintenance, or disclosure of

information as a substitute for paper and for the use and

acceptance of electronic signatures.

(2) The authority of the Director under this subchapter shall be

exercised consistent with applicable law.

(b) With respect to general information resources management

policy, the Director shall -

(1) develop and oversee the implementation of uniform

information resources management policies, principles, standards,

and guidelines;

(2) foster greater sharing, dissemination, and access to public

information, including through -

(A) the use of the Government Information Locator Service;

and

(B) the development and utilization of common standards for

information collection, storage, processing and communication,

including standards for security, interconnectivity and

interoperability;

(3) initiate and review proposals for changes in legislation,

regulations, and agency procedures to improve information

resources management practices;

(4) oversee the development and implementation of best

practices in information resources management, including

training; and

(5) oversee agency integration of program and management

functions with information resources management functions.

(c) With respect to the collection of information and the control

of paperwork, the Director shall -

(1) review and approve proposed agency collections of

information;

(2) coordinate the review of the collection of information

associated with Federal procurement and acquisition by the Office

of Information and Regulatory Affairs with the Office of Federal

Procurement Policy, with particular emphasis on applying

information technology to improve the efficiency and

effectiveness of Federal procurement, acquisition and payment,

and to reduce information collection burdens on the public;

(3) minimize the Federal information collection burden, with

particular emphasis on those individuals and entities most

adversely affected;

(4) maximize the practical utility of and public benefit from

information collected by or for the Federal Government;

(5) establish and oversee standards and guidelines by which

agencies are to estimate the burden to comply with a proposed

collection of information; (!1)

(6) publish in the Federal Register and make available on the

Internet (in consultation with the Small Business Administration)

on an annual basis a list of the compliance assistance resources

available to small businesses, with the first such publication

occurring not later than 1 year after the date of enactment of

the Small Business Paperwork Relief Act of 2002.

(d) With respect to information dissemination, the Director shall

develop and oversee the implementation of policies, principles,

standards, and guidelines to -

(1) apply to Federal agency dissemination of public

information, regardless of the form or format in which such

information is disseminated; and

(2) promote public access to public information and fulfill the

purposes of this subchapter, including through the effective use

of information technology.

(e) With respect to statistical policy and coordination, the

Director shall -

(1) coordinate the activities of the Federal statistical system

to ensure -

(A) the efficiency and effectiveness of the system; and

(B) the integrity, objectivity, impartiality, utility, and

confidentiality of information collected for statistical

purposes;

(2) ensure that budget proposals of agencies are consistent

with system-wide priorities for maintaining and improving the

quality of Federal statistics and prepare an annual report on

statistical program funding;

(3) develop and oversee the implementation of Governmentwide

policies, principles, standards, and guidelines concerning -

(A) statistical collection procedures and methods;

(B) statistical data classification;

(C) statistical information presentation and dissemination;

(D) timely release of statistical data; and

(E) such statistical data sources as may be required for the

administration of Federal programs;

(4) evaluate statistical program performance and agency

compliance with Governmentwide policies, principles, standards

and guidelines;

(5) promote the sharing of information collected for

statistical purposes consistent with privacy rights and

confidentiality pledges;

(6) coordinate the participation of the United States in

international statistical activities, including the development

of comparable statistics;

(7) appoint a chief statistician who is a trained and

experienced professional statistician to carry out the functions

described under this subsection;

(8) establish an Interagency Council on Statistical Policy to

advise and assist the Director in carrying out the functions

under this subsection that shall -

(A) be headed by the chief statistician; and

(B) consist of -

(i) the heads of the major statistical programs; and

(ii) representatives of other statistical agencies under

rotating membership; and

(9) provide opportunities for training in statistical policy

functions to employees of the Federal Government under which -

(A) each trainee shall be selected at the discretion of the

Director based on agency requests and shall serve under the

chief statistician for at least 6 months and not more than 1

year; and

(B) all costs of the training shall be paid by the agency

requesting training.

(f) With respect to records management, the Director shall -

(1) provide advice and assistance to the Archivist of the

United States and the Administrator of General Services to

promote coordination in the administration of chapters 29, 31,

and 33 of this title with the information resources management

policies, principles, standards, and guidelines established under

this subchapter;

(2) review compliance by agencies with -

(A) the requirements of chapters 29, 31, and 33 of this

title; and

(B) regulations promulgated by the Archivist of the United

States and the Administrator of General Services; and

(3) oversee the application of records management policies,

principles, standards, and guidelines, including requirements for

archiving information maintained in electronic format, in the

planning and design of information systems.

(g) With respect to privacy and security, the Director shall -

(1) develop and oversee the implementation of policies,

principles, standards, and guidelines on privacy,

confidentiality, security, disclosure and sharing of information

collected or maintained by or for agencies; and

(2) oversee and coordinate compliance with sections 552 and

552a of title 5, sections 20 and 21 of the National Institute of

Standards and Technology Act (15 U.S.C. 278g-3 and 278g-4),

section 11331 of title 40 and subchapter II of this chapter, and

related information management laws.

(h) With respect to Federal information technology, the Director

shall -

(1) in consultation with the Director of the National Institute

of Standards and Technology and the Administrator of General

Services -

(A) develop and oversee the implementation of policies,

principles, standards, and guidelines for information

technology functions and activities of the Federal Government,

including periodic evaluations of major information systems;

and

(B) oversee the development and implementation of standards

under section 11331 of title 40;

(2) monitor the effectiveness of, and compliance with,

directives issued under subtitle III of title 40 and directives

issued under section 322 of title 40;

(3) coordinate the development and review by the Office of

Information and Regulatory Affairs of policy associated with

Federal procurement and acquisition of information technology

with the Office of Federal Procurement Policy;

(4) ensure, through the review of agency budget proposals,

information resources management plans and other means -

(A) agency integration of information resources management

plans, program plans and budgets for acquisition and use of

information technology; and

(B) the efficiency and effectiveness of inter-agency

information technology initiatives to improve agency

performance and the accomplishment of agency missions; and

(5) promote the use of information technology by the Federal

Government to improve the productivity, efficiency, and

effectiveness of Federal programs, including through

dissemination of public information and the reduction of

information collection burdens on the public.

-SOURCE-

(Added Pub. L. 104-13, Sec. 2, May 22, 1995, 109 Stat. 167; amended

Pub. L. 104-106, div. E, title LI, Sec. 5131(e)(1), title LVI, Sec.

5605(b), (c), Feb. 10, 1996, 110 Stat. 688, 700; Pub. L. 105-85,

div. A, title X, Sec. 1073(h)(5)(B), (C), Nov. 18, 1997, 111 Stat.

1907; Pub. L. 105-277, div. C, title XVII, Sec. 1702, Oct. 21,

1998, 112 Stat. 2681-749; Pub. L. 106-398, Sec. 1 [[div. A], title

X, Sec. 1064(b)], Oct. 30, 2000, 114 Stat. 1654, 1654A-275; Pub. L.

107-198, Sec. 2(a), June 28, 2002, 116 Stat. 729; Pub. L. 107-217,

Sec. 3(l)(5), Aug. 21, 2002, 116 Stat. 1301; Pub. L. 107-296, title

X, Sec. 1005(c)(1), Nov. 25, 2002, 116 Stat. 2272; Pub. L. 107-347,

title III, Sec. 305(c)(1), Dec. 17, 2002, 116 Stat. 2960.)

-REFTEXT-

REFERENCES IN TEXT

The date of enactment of the Small Business Paperwork Relief Act

of 2002, referred to in subsec. (c)(6), is the date of enactment of

Pub. L. 107-198, which was approved June 28, 2002.

-MISC1-

PRIOR PROVISIONS

A prior section 3504, added Pub. L. 96-511, Sec. 2(a), Dec. 11,

1980, 94 Stat. 2815; amended Pub. L. 98-497, title I, Sec.

107(b)(26), Oct. 19, 1984, 98 Stat. 2291; Pub. L. 99-500, Sec.

101(m) [title VIII, Secs. 814, 821(b)(2)], Oct. 18, 1986, 100 Stat.

1783-308, 1783-336, 1783-342, and Pub. L. 99-591, Sec. 101(m)

[title VIII, Secs. 814, 821(b)(2)], Oct. 30, 1986, 100 Stat.

3341-308, 3341-336, 3341-342, related to authority and functions of

Director prior to the general amendment of this chapter by Pub. L.

104-13.

Another prior section 3504, Pub. L. 90-620, Oct. 22, 1968, 82

Stat. 1303, provided for designation of a central collection

agency, prior to the general amendment of this chapter by Pub. L.

96-511. See section 3509 of this title.

AMENDMENTS

2002 - Subsec. (c)(6). Pub. L. 107-198 added par. (6).

Subsec. (g)(1). Pub. L. 107-296, Sec. 1005(c)(1)(A), and Pub. L.

107-347, Sec. 305(c)(1)(A), amended par. (1) identically, inserting

"and" at end.

Subsec. (g)(2). Pub. L. 107-347, Sec. 305(c)(1)(B), substituted

"section 11331 of title 40 and subchapter II of this chapter" for

"sections 11331 and 11332(b) and (c) of title 40" and a period for

"; and" at end.

Pub. L. 107-296, Sec. 1005(c)(1)(B), which directed amendment of

par. (2) by substituting "section 11331 of title 40 and subchapter

II of this title" for "sections 11331 and 11332(b) and (c) of title

40" and a period for the semicolon, could not be executed because

of amendment by Pub. L. 107-347, Sec. 305(c)(1)(B). See Amendment

note above and Effective Date of 2002 Amendments notes below.

Pub. L. 107-217, Sec. 3(l)(5)(A), substituted "sections 11331 and

11332(b) and (c) of title 40" for "section 5131 of the

Clinger-Cohen Act of 1996 (40 U.S.C. 1441), and sections 5 and 6 of

the Computer Security Act of 1987 (40 U.S.C. 759 note)".

Subsec. (g)(3). Pub. L. 107-296, Sec. 1005(c)(1)(C), and Pub. L.

107-347, Sec. 305(c)(1)(C), amended subsec. (g) identically,

striking out par. (3) which read as follows: "require Federal

agencies, consistent with the standards and guidelines promulgated

under sections 11331 and 11332(b) and (c) of title 40, to identify

and afford security protections commensurate with the risk and

magnitude of the harm resulting from the loss, misuse, or

unauthorized access to or modification of information collected or

maintained by or on behalf of an agency."

Pub. L. 107-217, Sec. 3(l)(5)(B), substituted "sections 11331 and

11332(b) and (c) of title 40" for "section 5131 of the

Clinger-Cohen Act of 1996 (40 U.S.C. 1441) and sections 5 and 6 of

the Computer Security Act of 1987 (40 U.S.C. 759 note)".

Subsec. (h)(1)(B). Pub. L. 107-217, Sec. 3(l)(5)(C), substituted

"section 11331 of title 40" for "section 5131 of the Clinger-Cohen

Act of 1996 (40 U.S.C. 1441)".

Subsec. (h)(2). Pub. L. 107-217, Sec. 3(l)(5)(D), substituted

"subtitle III of title 40" for "division E of the Clinger-Cohen Act

of 1996 (40 U.S.C. 1401 et seq.)" and "section 322 of title 40" for

"section 110 of the Federal Property and Administrative Services

Act of 1949 (40 U.S.C. 757)".

2000 - Subsecs. (a)(2), (d)(2), (f)(1). Pub. L. 106-398

substituted "subchapter" for "chapter".

1998 - Subsec. (a)(1)(B)(vi). Pub. L. 105-277 amended cl. (vi)

generally. Prior to amendment, cl. (vi) read as follows: "the

acquisition and use of information technology."

1997 - Subsecs. (g)(2), (3), (h)(1)(B). Pub. L. 105-85, Sec.

1073(h)(5)(C), substituted "Clinger-Cohen Act of 1996 (40 U.S.C.

1441)" for "Information Technology Management Reform Act of 1996".

Subsec. (h)(2). Pub. L. 105-85, Sec. 1073(h)(5)(B), substituted

"division E of the Clinger-Cohen Act of 1996 (40 U.S.C. 1401 et

seq.)" for "the Information Technology Management Reform Act of

1996".

1996 - Subsec. (g)(2). Pub. L. 104-106, Sec. 5131(e)(1)(A),

substituted "sections 20 and 21 of the National Institute of

Standards and Technology Act (15 U.S.C. 278g-3 and 278g-4), section

5131 of the Information Technology Management Reform Act of 1996,

and sections 5 and 6 of the Computer Security Act of 1987 (40

U.S.C. 759 note)" for "the Computer Security Act of 1987 (40 U.S.C.

759 note)".

Subsec. (g)(3). Pub. L. 104-106, Sec. 5131(e)(1)(B), substituted

"the standards and guidelines promulgated under section 5131 of the

Information Technology Management Reform Act of 1996 and sections 5

and 6 of the Computer Security Act of 1987 (40 U.S.C. 759 note)"

for "the Computer Security Act of 1987 (40 U.S.C. 759 note)".

Subsec. (h)(1)(B). Pub. L. 104-106, Sec. 5605(b), substituted

"section 5131 of the Information Technology Management Reform Act

of 1996" for "section 111(d) of the Federal Property and

Administrative Services Act of 1949 (40 U.S.C. 759(d))".

Subsec. (h)(2). Pub. L. 104-106, Sec. 5605(c), substituted "the

Information Technology Management Reform Act of 1996 and directives

issued under section 110 of the Federal Property and Administrative

Services Act of 1949 (40 U.S.C. 757)" for "sections 110 and 111 of

the Federal Property and Administrative Services Act of 1949 (40

U.S.C. 757 and 759)".

EFFECTIVE DATE OF 2002 AMENDMENTS

Amendment by Pub. L. 107-347 effective Dec. 17, 2002, see section

402(b) of Pub. L. 107-347, set out as an Effective Date note under

section 3541 of this title.

Amendment by Pub. L. 107-296 effective 60 days after Nov. 25,

2002, see section 4 of Pub. L. 107-296, set out as an Effective

Date note under section 101 of Title 6, Domestic Security.

EFFECTIVE DATE OF 2000 AMENDMENT

Amendment by Pub. L. 106-398 effective 30 days after Oct. 30,

2000, see section 1 [[div. A], title X, Sec. 1065] of Pub. L.

106-398, set out as an Effective Date note under section 3531 of

this title.

EFFECTIVE DATE OF 1996 AMENDMENT

Amendment by Pub. L. 104-106 effective 180 days after Feb. 10,

1996, see section 5701 of Pub. L. 104-106, Feb. 10, 1996, 110 Stat.

702.

GOVERNMENT PAPERWORK ELIMINATION

Pub. L. 105-277, div. C, title XVII, Oct. 21, 1998, 112 Stat.

2681-749, provided that:

"SEC. 1701. SHORT TITLE.

"This title may be cited as the 'Government Paperwork Elimination

Act'.

"SEC. 1702. AUTHORITY OF OMB TO PROVIDE FOR ACQUISITION AND USE

OF ALTERNATIVE INFORMATION TECHNOLOGIES BY EXECUTIVE AGENCIES.

"[Amended this section.]

"SEC. 1703. PROCEDURES FOR USE AND ACCEPTANCE OF ELECTRONIC

SIGNATURES BY EXECUTIVE AGENCIES.

"(a) In General. - In order to fulfill the responsibility to

administer the functions assigned under chapter 35 of title 44,

United States Code, the provisions of the Clinger-Cohen Act of 1996

(divisions D and E of Public Law 104-106) [see Short Title of 1996

Amendment note set out under 41 U.S.C. 251] and the amendments made

by that Act, and the provisions of this title, the Director of the

Office of Management and Budget shall, in consultation with the

National Telecommunications and Information Administration and not

later than 18 months after the date of enactment of this Act [Oct.

21, 1998], develop procedures for the use and acceptance of

electronic signatures by Executive agencies.

"(b) Requirements for Procedures. - (1) The procedures developed

under subsection (a) -

"(A) shall be compatible with standards and technology for

electronic signatures that are generally used in commerce and

industry and by State governments;

"(B) may not inappropriately favor one industry or technology;

"(C) shall ensure that electronic signatures are as reliable as

is appropriate for the purpose in question and keep intact the

information submitted;

"(D) shall provide for the electronic acknowledgment of

electronic forms that are successfully submitted; and

"(E) shall, to the extent feasible and appropriate, require an

Executive agency that anticipates receipt by electronic means of

50,000 or more submittals of a particular form to take all steps

necessary to ensure that multiple methods of electronic

signatures are available for the submittal of such form.

"(2) The Director shall ensure the compatibility of the

procedures under paragraph (1)(A) in consultation with appropriate

private bodies and State government entities that set standards for

the use and acceptance of electronic signatures.

"SEC. 1704. DEADLINE FOR IMPLEMENTATION BY EXECUTIVE AGENCIES OF

PROCEDURES FOR USE AND ACCEPTANCE OF ELECTRONIC SIGNATURES.

"In order to fulfill the responsibility to administer the

functions assigned under chapter 35 of title 44, United States

Code, the provisions of the Clinger-Cohen Act of 1996 (divisions D

and E of Public Law 104-106) [see Short Title of 1996 Amendment

note set out under 41 U.S.C. 251] and the amendments made by that

Act, and the provisions of this title, the Director of the Office

of Management and Budget shall ensure that, commencing not later

than five years after the date of enactment of this Act [Oct. 21,

1998], Executive agencies provide -

"(1) for the option of the electronic maintenance, submission,

or disclosure of information, when practicable as a substitute

for paper; and

"(2) for the use and acceptance of electronic signatures, when

practicable.

"SEC. 1705. ELECTRONIC STORAGE AND FILING OF EMPLOYMENT FORMS.

"In order to fulfill the responsibility to administer the

functions assigned under chapter 35 of title 44, United States

Code, the provisions of the Clinger-Cohen Act of 1996 (divisions D

and E of Public Law 104-106) [see Short Title of 1996 Amendment

note set out under 41 U.S.C. 251] and the amendments made by that

Act, and the provisions of this title, the Director of the Office

of Management and Budget shall, not later than 18 months after the

date of enactment of this Act [Oct. 21, 1998], develop procedures

to permit private employers to store and file electronically with

Executive agencies forms containing information pertaining to the

employees of such employers.

"SEC. 1706. STUDY ON USE OF ELECTRONIC SIGNATURES.

"(a) Ongoing Study Required. - In order to fulfill the

responsibility to administer the functions assigned under chapter

35 of title 44, United States Code, the provisions of the

Clinger-Cohen Act of 1996 (divisions D and E of Public Law 104-106)

[see Short Title of 1996 Amendment note set out under 41 U.S.C.

251] and the amendments made by that Act, and the provisions of

this title, the Director of the Office of Management and Budget

shall, in cooperation with the National Telecommunications and

Information Administration, conduct an ongoing study of the use of

electronic signatures under this title on -

"(1) paperwork reduction and electronic commerce;

"(2) individual privacy; and

"(3) the security and authenticity of transactions.

"(b) Reports. - The Director shall submit to Congress on a

periodic basis a report describing the results of the study carried

out under subsection (a).

"SEC. 1707. ENFORCEABILITY AND LEGAL EFFECT OF ELECTRONIC

RECORDS.

"Electronic records submitted or maintained in accordance with

procedures developed under this title, or electronic signatures or

other forms of electronic authentication used in accordance with

such procedures, shall not be denied legal effect, validity, or

enforceability because such records are in electronic form.

"SEC. 1708. DISCLOSURE OF INFORMATION.

"Except as provided by law, information collected in the

provision of electronic signature services for communications with

an executive agency, as provided by this title, shall only be used

or disclosed by persons who obtain, collect, or maintain such

information as a business or government practice, for the purpose

of facilitating such communications, or with the prior affirmative

consent of the person about whom the information pertains.

"SEC. 1709. APPLICATION WITH INTERNAL REVENUE LAWS.

"No provision of this title shall apply to the Department of the

Treasury or the Internal Revenue Service to the extent that such

provision -

"(1) involves the administration of the internal revenue laws;

or

"(2) conflicts with any provision of the Internal Revenue

Service Restructuring and Reform Act of 1998 [Pub. L. 105-206,

see Tables for classification] or the Internal Revenue Code of

1986 [26 U.S.C. 1 et seq.].

"SEC. 1710. DEFINITIONS.

"For purposes of this title:

"(1) Electronic signature. - The term 'electronic signature'

means a method of signing an electronic message that -

"(A) identifies and authenticates a particular person as the

source of the electronic message; and

"(B) indicates such person's approval of the information

contained in the electronic message.

"(2) Executive agency. - The term 'Executive agency' has the

meaning given that term in section 105 of title 5, United States

Code."

-SECREF-

SECTION REFERRED TO IN OTHER SECTIONS

This section is referred to in sections 3602, 3603 of this title;

title 40 sections 11302, 11303; title 42 section 13271.

-FOOTNOTE-

(!1) So in original. Probably should be followed by "and".

-End-

-CITE-

44 USC Sec. 3505 01/06/03

-EXPCITE-

TITLE 44 - PUBLIC PRINTING AND DOCUMENTS

CHAPTER 35 - COORDINATION OF FEDERAL INFORMATION POLICY

SUBCHAPTER I - FEDERAL INFORMATION POLICY

-HEAD-

Sec. 3505. Assignment of tasks and deadlines

-STATUTE-

(a) In carrying out the functions under this subchapter, the

Director shall -

(1) in consultation with agency heads, set an annual

Governmentwide goal for the reduction of information collection

burdens by at least 10 percent during each of fiscal years 1996

and 1997 and 5 percent during each of fiscal years 1998, 1999,

2000, and 2001, and set annual agency goals to -

(A) reduce information collection burdens imposed on the

public that -

(i) represent the maximum practicable opportunity in each

agency; and

(ii) are consistent with improving agency management of the

process for the review of collections of information

established under section 3506(c); and

(B) improve information resources management in ways that

increase the productivity, efficiency and effectiveness of

Federal programs, including service delivery to the public;

(2) with selected agencies and non-Federal entities on a

voluntary basis, conduct pilot projects to test alternative

policies, practices, regulations, and procedures to fulfill the

purposes of this subchapter, particularly with regard to

minimizing the Federal information collection burden; and

(3) in consultation with the Administrator of General Services,

the Director of the National Institute of Standards and

Technology, the Archivist of the United States, and the Director

of the Office of Personnel Management, develop and maintain a

Governmentwide strategic plan for information resources

management, that shall include -

(A) a description of the objectives and the means by which

the Federal Government shall apply information resources to

improve agency and program performance;

(B) plans for -

(i) reducing information burdens on the public, including

reducing such burdens through the elimination of duplication

and meeting shared data needs with shared resources;

(ii) enhancing public access to and dissemination of,

information, using electronic and other formats; and

(iii) meeting the information technology needs of the

Federal Government in accordance with the purposes of this

subchapter; and

(C) a description of progress in applying information

resources management to improve agency performance and the

accomplishment of missions.

(b) For purposes of any pilot project conducted under subsection

(a)(2), the Director may, after consultation with the agency head,

waive the application of any administrative directive issued by an

agency with which the project is conducted, including any directive

requiring a collection of information, after giving timely notice

to the public and the Congress regarding the need for such waiver.

(c) (!1) Inventory of Major Information Systems. - (1) The head

of each agency shall develop and maintain an inventory of major

information systems (including major national security systems)

operated by or under the control of such agency.

(2) The identification of information systems in an inventory

under this subsection shall include an identification of the

interfaces between each such system and all other systems or

networks, including those not operated by or under the control of

the agency.

(3) Such inventory shall be -

(A) updated at least annually;

(B) made available to the Comptroller General; and

(C) used to support information resources management, including

-

(i) preparation and maintenance of the inventory of

information resources under section 3506(b)(4);

(ii) information technology planning, budgeting, acquisition,

and management under section 3506(h), subtitle III of title 40,

and related laws and guidance;

(iii) monitoring, testing, and evaluation of information

security controls under subchapter II;

(iv) preparation of the index of major information systems

required under section 552(g) of title 5, United States Code;

and

(v) preparation of information system inventories required

for records management under chapters 21, 29, 31, and 33.

(4) The Director shall issue guidance for and oversee the

implementation of the requirements of this subsection.

(c) (!1) Inventory of Information Systems. - (1) The head of each

agency shall develop and maintain an inventory of the information

systems (including national security systems) operated by or under

the control of such agency;

(2) The identification of information systems in an inventory

under this subsection shall include an identification of the

interfaces between each such system and all other systems or

networks, including those not operated by or under the control of

the agency;

(3) Such inventory shall be -

(A) updated at least annually;

(B) made available to the Comptroller General; and

(C) used to support information resources management, including

-

(i) preparation and maintenance of the inventory of

information resources under section 3506(b)(4);

(ii) information technology planning, budgeting, acquisition,

and management under section 3506(h), subtitle III of title 40,

and related laws and guidance;

(iii) monitoring, testing, and evaluation of information

security controls under subchapter II;

(iv) preparation of the index of major information systems

required under section 552(g) of title 5, United States Code;

and

(v) preparation of information system inventories required

for records management under chapters 21, 29, 31, and 33.

(4) The Director shall issue guidance for and oversee the

implementation of the requirements of this subsection.

-SOURCE-

(Added Pub. L. 104-13, Sec. 2, May 22, 1995, 109 Stat. 170; amended

Pub. L. 106-398, Sec. 1 [[div. A], title X, Sec. 1064(b)], Oct. 30,

2000, 114 Stat. 1654, 1654A-275; Pub. L. 107-296, title X, Sec.

1005(c)(2), Nov. 25, 2002, 116 Stat. 2272; Pub. L. 107-347, title

III, Sec. 305(c)(2), Dec. 17, 2002, 116 Stat. 2961.)

-MISC1-

PRIOR PROVISIONS

A prior section 3505, added Pub. L. 96-511, Sec. 2(a), Dec. 11,

1980, 94 Stat. 2818; amended Pub. L. 99-500, Sec. 101(m) [title

VIII, Sec. 815], Oct. 18, 1986, 100 Stat. 1783-308, 1783-337, and

Pub. L. 99-591, Sec. 101(m) [title VIII, Sec. 815], Oct. 30, 1986,

100 Stat. 3341-308, 3341-337, related to assignment of tasks and

deadlines prior to the general amendment of this chapter by Pub. L.

104-13.

Another prior section 3505, Pub. L. 90-620, Oct. 22, 1968, 82

Stat. 1303, prohibited independent collection by an agency, prior

to the general amendment of this chapter by Pub. L. 96-511. See

section 3509 of this title.

AMENDMENTS

2002 - Subsec. (c). Pub. L. 107-347, added subsec. (c) relating

to inventory of major information systems.

Pub. L. 107-296 added subsec. (c) relating to inventory of

information systems.

2000 - Subsec. (a). Pub. L. 106-398 substituted "subchapter" for

"chapter" in introductory provisions and pars. (2) and (3)(B)(iii).

EFFECTIVE DATE OF 2002 AMENDMENT

Amendment by Pub. L. 107-296 effective 60 days after Nov. 25,

2002, see section 4 of Pub. L. 107-296, set out as an Effective

Date note under section 101 of Title 6, Domestic Security.

EFFECTIVE DATE OF 2000 AMENDMENT

Amendment by Pub. L. 106-398 effective 30 days after Oct. 30,

2000, see section 1 [[div. A], title X, Sec. 1065] of Pub. L.

106-398, set out as an Effective Date note under section 3531 of

this title.

-SECREF-

SECTION REFERRED TO IN OTHER SECTIONS

This section is referred to in sections 3514, 3534, 3544 of this

title.

-FOOTNOTE-

(!1) So in original. Two subsecs. (c) have been enacted.

-End-

-CITE-

44 USC Sec. 3506 01/06/03

-EXPCITE-

TITLE 44 - PUBLIC PRINTING AND DOCUMENTS

CHAPTER 35 - COORDINATION OF FEDERAL INFORMATION POLICY

SUBCHAPTER I - FEDERAL INFORMATION POLICY

-HEAD-

Sec. 3506. Federal agency responsibilities

-STATUTE-

(a)(1) The head of each agency shall be responsible for -

(A) carrying out the agency's information resources management

activities to improve agency productivity, efficiency, and

effectiveness; and

(B) complying with the requirements of this subchapter and

related policies established by the Director.

(2)(A) Except as provided under subparagraph (B), the head of

each agency shall designate a Chief Information Officer who shall

report directly to such agency head to carry out the

responsibilities of the agency under this subchapter.

(B) The Secretary of the Department of Defense and the Secretary

of each military department may each designate Chief Information

Officers who shall report directly to such Secretary to carry out

the responsibilities of the department under this subchapter. If

more than one Chief Information Officer is designated, the

respective duties of the Chief Information Officers shall be

clearly delineated.

(3) The Chief Information Officer designated under paragraph (2)

shall head an office responsible for ensuring agency compliance

with and prompt, efficient, and effective implementation of the

information policies and information resources management

responsibilities established under this subchapter, including the

reduction of information collection burdens on the public. The

Chief Information Officer and employees of such office shall be

selected with special attention to the professional qualifications

required to administer the functions described under this

subchapter.

(4) Each agency program official shall be responsible and

accountable for information resources assigned to and supporting

the programs under such official. In consultation with the Chief

Information Officer designated under paragraph (2) and the agency

Chief Financial Officer (or comparable official), each agency

program official shall define program information needs and develop

strategies, systems, and capabilities to meet those needs.

(b) With respect to general information resources management,

each agency shall -

(1) manage information resources to -

(A) reduce information collection burdens on the public;

(B) increase program efficiency and effectiveness; and

(C) improve the integrity, quality, and utility of

information to all users within and outside the agency,

including capabilities for ensuring dissemination of public

information, public access to government information, and

protections for privacy and security;

(2) in accordance with guidance by the Director, develop and

maintain a strategic information resources management plan that

shall describe how information resources management activities

help accomplish agency missions;

(3) develop and maintain an ongoing process to -

(A) ensure that information resources management operations

and decisions are integrated with organizational planning,

budget, financial management, human resources management, and

program decisions;

(B) in cooperation with the agency Chief Financial Officer

(or comparable official), develop a full and accurate

accounting of information technology expenditures, related

expenses, and results; and

(C) establish goals for improving information resources

management's contribution to program productivity, efficiency,

and effectiveness, methods for measuring progress towards those

goals, and clear roles and responsibilities for achieving those

goals;

(4) in consultation with the Director, the Administrator of

General Services, and the Archivist of the United States,

maintain a current and complete inventory of the agency's

information resources, including directories necessary to fulfill

the requirements of section 3511 of this subchapter; and

(5) in consultation with the Director and the Director of the

Office of Personnel Management, conduct formal training programs

to educate agency program and management officials about

information resources management.

(c) With respect to the collection of information and the control

of paperwork, each agency shall -

(1) establish a process within the office headed by the Chief

Information Officer designated under subsection (a), that is

sufficiently independent of program responsibility to evaluate

fairly whether proposed collections of information should be

approved under this subchapter, to -

(A) review each collection of information before submission

to the Director for review under this subchapter, including -

(i) an evaluation of the need for the collection of

information;

(ii) a functional description of the information to be

collected;

(iii) a plan for the collection of the information;

(iv) a specific, objectively supported estimate of burden;

(v) a test of the collection of information through a pilot

program, if appropriate; and

(vi) a plan for the efficient and effective management and

use of the information to be collected, including necessary

resources;

(B) ensure that each information collection -

(i) is inventoried, displays a control number and, if

appropriate, an expiration date;

(ii) indicates the collection is in accordance with the

clearance requirements of section 3507; and

(iii) informs the person receiving the collection of

information of -

(I) the reasons the information is being collected;

(II) the way such information is to be used;

(III) an estimate, to the extent practicable, of the

burden of the collection;

(IV) whether responses to the collection of information

are voluntary, required to obtain a benefit, or mandatory;

and

(V) the fact that an agency may not conduct or sponsor,

and a person is not required to respond to, a collection of

information unless it displays a valid control number; and

(C) assess the information collection burden of proposed

legislation affecting the agency;

(2)(A) except as provided under subparagraph (B) or section

3507(j), provide 60-day notice in the Federal Register, and

otherwise consult with members of the public and affected

agencies concerning each proposed collection of information, to

solicit comment to -

(i) evaluate whether the proposed collection of information

is necessary for the proper performance of the functions of the

agency, including whether the information shall have practical

utility;

(ii) evaluate the accuracy of the agency's estimate of the

burden of the proposed collection of information;

(iii) enhance the quality, utility, and clarity of the

information to be collected; and

(iv) minimize the burden of the collection of information on

those who are to respond, including through the use of

automated collection techniques or other forms of information

technology; and

(B) for any proposed collection of information contained in a

proposed rule (to be reviewed by the Director under section

3507(d)), provide notice and comment through the notice of

proposed rulemaking for the proposed rule and such notice shall

have the same purposes specified under subparagraph (A)(i)

through (iv);

(3) certify (and provide a record supporting such

certification, including public comments received by the agency)

that each collection of information submitted to the Director for

review under section 3507 -

(A) is necessary for the proper performance of the functions

of the agency, including that the information has practical

utility;

(B) is not unnecessarily duplicative of information otherwise

reasonably accessible to the agency;

(C) reduces to the extent practicable and appropriate the

burden on persons who shall provide information to or for the

agency, including with respect to small entities, as defined

under section 601(6) of title 5, the use of such techniques as

-

(i) establishing differing compliance or reporting

requirements or timetables that take into account the

resources available to those who are to respond;

(ii) the clarification, consolidation, or simplification of

compliance and reporting requirements; or

(iii) an exemption from coverage of the collection of

information, or any part thereof;

(D) is written using plain, coherent, and unambiguous

terminology and is understandable to those who are to respond;

(E) is to be implemented in ways consistent and compatible,

to the maximum extent practicable, with the existing reporting

and recordkeeping practices of those who are to respond;

(F) indicates for each recordkeeping requirement the length

of time persons are required to maintain the records specified;

(G) contains the statement required under paragraph

(1)(B)(iii);

(H) has been developed by an office that has planned and

allocated resources for the efficient and effective management

and use of the information to be collected, including the

processing of the information in a manner which shall enhance,

where appropriate, the utility of the information to agencies

and the public;

(I) uses effective and efficient statistical survey

methodology appropriate to the purpose for which the

information is to be collected; and

(J) to the maximum extent practicable, uses information

technology to reduce burden and improve data quality, agency

efficiency and responsiveness to the public; and

(4) in addition to the requirements of this chapter regarding

the reduction of information collection burdens for small

business concerns (as defined in section 3 of the Small Business

Act (15 U.S.C. 632)), make efforts to further reduce the

information collection burden for small business concerns with

fewer than 25 employees.

(d) With respect to information dissemination, each agency shall

-

(1) ensure that the public has timely and equitable access to

the agency's public information, including ensuring such access

through -

(A) encouraging a diversity of public and private sources for

information based on government public information;

(B) in cases in which the agency provides public information

maintained in electronic format, providing timely and equitable

access to the underlying data (in whole or in part); and

(C) agency dissemination of public information in an

efficient, effective, and economical manner;

(2) regularly solicit and consider public input on the agency's

information dissemination activities;

(3) provide adequate notice when initiating, substantially

modifying, or terminating significant information dissemination

products; and

(4) not, except where specifically authorized by statute -

(A) establish an exclusive, restricted, or other distribution

arrangement that interferes with timely and equitable

availability of public information to the public;

(B) restrict or regulate the use, resale, or redissemination

of public information by the public;

(C) charge fees or royalties for resale or redissemination of

public information; or

(D) establish user fees for public information that exceed

the cost of dissemination.

(e) With respect to statistical policy and coordination, each

agency shall -

(1) ensure the relevance, accuracy, timeliness, integrity, and

objectivity of information collected or created for statistical

purposes;

(2) inform respondents fully and accurately about the sponsors,

purposes, and uses of statistical surveys and studies;

(3) protect respondents' privacy and ensure that disclosure

policies fully honor pledges of confidentiality;

(4) observe Federal standards and practices for data

collection, analysis, documentation, sharing, and dissemination

of information;

(5) ensure the timely publication of the results of statistical

surveys and studies, including information about the quality and

limitations of the surveys and studies; and

(6) make data available to statistical agencies and readily

accessible to the public.

(f) With respect to records management, each agency shall

implement and enforce applicable policies and procedures, including

requirements for archiving information maintained in electronic

format, particularly in the planning, design and operation of

information systems.

(g) With respect to privacy and security, each agency shall -

(1) implement and enforce applicable policies, procedures,

standards, and guidelines on privacy, confidentiality, security,

disclosure and sharing of information collected or maintained by

or for the agency; and

(2) assume responsibility and accountability for compliance

with and coordinated management of sections 552 and 552a of title

5, subchapter II of this chapter, and related information

management laws.

(h) With respect to Federal information technology, each agency

shall -

(1) implement and enforce applicable Governmentwide and agency

information technology management policies, principles,

standards, and guidelines;

(2) assume responsibility and accountability for information

technology investments;

(3) promote the use of information technology by the agency to

improve the productivity, efficiency, and effectiveness of agency

programs, including the reduction of information collection

burdens on the public and improved dissemination of public

information;

(4) propose changes in legislation, regulations, and agency

procedures to improve information technology practices, including

changes that improve the ability of the agency to use technology

to reduce burden; and

(5) assume responsibility for maximizing the value and

assessing and managing the risks of major information systems

initiatives through a process that is -

(A) integrated with budget, financial, and program management

decisions; and

(B) used to select, control, and evaluate the results of

major information systems initiatives.

(i)(1) In addition to the requirements described in subsection

(c), each agency shall, with respect to the collection of

information and the control of paperwork, establish 1 point of

contact in the agency to act as a liaison between the agency and

small business concerns (as defined in section 3 of the Small

Business Act (15 U.S.C. 632)).

(2) Each point of contact described under paragraph (1) shall be

established not later than 1 year after the date of enactment of

the Small Business Paperwork Relief Act of 2002.

-SOURCE-

(Added Pub. L. 104-13, Sec. 2, May 22, 1995, 109 Stat. 171; amended

Pub. L. 104-106, div. E, title LI, Sec. 5125(a), Feb. 10, 1996, 110

Stat. 684; Pub. L. 106-398, Sec. 1 [[div. A], title X, Sec.

1064(b)], Oct. 30, 2000, 114 Stat. 1654, 1654A-275; Pub. L.

107-198, Sec. 2(b), (c), June 28, 2002, 116 Stat. 729; Pub. L.

107-217, Sec. 3(l)(6), Aug. 21, 2002, 116 Stat. 1302; Pub. L.

107-296, title X, Sec. 1005(c)(3), Nov. 25, 2002, 116 Stat. 2273;

Pub. L. 107-347, title III, Sec. 305(c)(3), Dec. 17, 2002, 116

Stat. 2961.)

-REFTEXT-

REFERENCES IN TEXT

The date of enactment of the Small Business Paperwork Relief Act

of 2002, referred to in subsec. (i)(2), is the date of enactment of

Pub. L. 107-198, which was approved June 28, 2002.

-MISC1-

PRIOR PROVISIONS

A prior section 3506, added Pub. L. 96-511, Sec. 2(a), Dec. 11,

1980, 94 Stat. 2819; amended Pub. L. 99-500, Sec. 101(m) [title

VIII, Sec. 816], Oct. 18, 1986, 100 Stat. 1783-308, 1783-338, and

Pub. L. 99-591, Sec. 101(m) [title VIII, Sec. 816], Oct. 30, 1986,

100 Stat. 3341-308, 3341-338, related to Federal agency

responsibilities prior to the general amendment of this chapter by

Pub. L. 104-13.

Another prior section 3506, Pub. L. 90-620, Oct. 22, 1968, 82

Stat. 1303, provided for determination of necessity for information

and hearing thereon, prior to the general amendment of this chapter

by Pub. L. 96-511. See section 3508 of this title.

AMENDMENTS

2002 - Subsec. (c)(4). Pub. L. 107-198, Sec. 2(c), added par.

(4).

Subsec. (g)(1). Pub. L. 107-296, Sec. 1005(c)(3)(A), and Pub. L.

107-347, Sec. 305(c)(3)(A), amended par. (1) identically, inserting

"and" at end.

Subsec. (g)(2). Pub. L. 107-296, Sec. 1005(c)(3)(B), and Pub. L.

107-347, Sec. 305(c)(3)(B), amended par. (2) identically,

substituting "subchapter II of this chapter" for "section 11332 of

title 40" and a period for "; and" at end.

Pub. L. 107-217, Sec. 3(l)(6)(A), substituted "section 11332 of

title 40" for "the Computer Security Act of 1987 (40 U.S.C. 759

note)".

Subsec. (g)(3). Pub. L. 107-296, Sec. 1005(c)(3)(C), and Pub. L.

107-347, Sec. 305(c)(3)(C), amended subsec. (g) identically,

striking out par. (3) which read as follows: "consistent with

section 11332 of title 40, identify and afford security protections

commensurate with the risk and magnitude of the harm resulting from

the loss, misuse, or unauthorized access to or modification of

information collected or maintained by or on behalf of an agency."

Pub. L. 107-217, Sec. 3(l)(6)(B), substituted "section 11332 of

title 40" for "the Computer Security Act of 1987 (40 U.S.C. 759

note)".

Subsec. (i). Pub. L. 107-198, Sec. 2(b), added subsec. (i).

2000 - Subsecs. (a)(1) to (3), (b)(4), (c)(1). Pub. L. 106-398

substituted "subchapter" for "chapter" wherever appearing.

1996 - Subsec. (a)(2)(A). Pub. L. 104-106, Sec. 5125(a)(1)(A),

substituted "Chief Information Officer" for "senior official".

Subsec. (a)(2)(B). Pub. L. 104-106, Sec. 5125(a)(1)(B),

substituted "designate Chief Information Officers" for "designate

senior officials", "Chief Information Officer" for "official", and

"the Chief Information Officers" for "the officials".

Subsec. (a)(3), (4). Pub. L. 104-106, Sec. 5125(a)(1)(C),

substituted "Chief Information Officer" for "senior official"

wherever appearing.

Subsec. (c)(1). Pub. L. 104-106, Sec. 5125(a)(2), substituted

"Chief Information Officer" for "official" in introductory

provisions.

EFFECTIVE DATE OF 2002 AMENDMENT

Amendment by Pub. L. 107-296 effective 60 days after Nov. 25,

2002, see section 4 of Pub. L. 107-296, set out as an Effective

Date note under section 101 of Title 6, Domestic Security.

EFFECTIVE DATE OF 2000 AMENDMENT

Amendment by Pub. L. 106-398 effective 30 days after Oct. 30,

2000, see section 1 [[div. A], title X, Sec. 1065] of Pub. L.

106-398, set out as an Effective Date note under section 3531 of

this title.

EFFECTIVE DATE OF 1996 AMENDMENT

Amendment by Pub. L. 104-106 effective 180 days after Feb. 10,

1996, see section 5701 of Pub. L. 104-106, Feb. 10, 1996, 110 Stat.

702.

-EXEC-

EX. ORD. NO. 13073. YEAR 2000 CONVERSION

Ex. Ord. No. 13073, Feb. 4, 1998, 63 F.R. 6467, as amended by Ex.

Ord. No. 13127, June 14, 1999, 64 F.R. 32793, provided:

The American people expect reliable service from their Government

and deserve the confidence that critical government functions

dependent on electronic systems will be performed accurately and in

a timely manner. Because of a design feature in many electronic

systems, a large number of activities in the public and private

sectors could be at risk beginning in the year 2000. Some computer

systems and other electronic devices will misinterpret the year

"00" as 1900, rather than 2000. Unless appropriate action is taken,

this flaw, known as the "Y2K problem," can cause systems that

support those functions to compute erroneously or simply not run.

Minimizing the Y2K problem will require a major technological and

managerial effort, and it is critical that the United States

Government do its part in addressing this challenge.

Accordingly, by the authority vested in me as President by the

Constitution and the laws of the United States of America, it is

hereby ordered as follows:

Section 1. Policy. (a) It shall be the policy of the executive

branch that agencies shall:

(1) assure that no critical Federal program experiences

disruption because of the Y2K problem;

(2) assist and cooperate with State, local, and tribal

governments to address the Y2K problem where those governments

depend on Federal information or information technology or the

Federal Government is dependent on those governments to perform

critical missions;

(3) cooperate with the private sector operators of critical

national and local systems, including the banking and financial

system, the telecommunications system, the public health system,

the transportation system, and the electric power generation

system, in addressing the Y2K problem; and

(4) communicate with their foreign counterparts to raise

awareness of and generate cooperative international arrangements to

address the Y2K problem.

(b) As used in this order, "agency" and "agencies" refer to

Federal agencies that are not in the judicial or legislative

branches.

Sec. 2. Year 2000 Conversion Council. There is hereby established

the President's Council on Year 2000 Conversion (the "Council").

(a) The Council shall be led by a Chair who shall be an Assistant

to the President, and it shall be composed of one representative

from each of the executive departments and from such other Federal

agencies as may be determined by the Chair of the Council (the

"Chair").

(b) The Chair shall appoint a Vice Chair and assign other

responsibilities for operations of the council as he or she deems

necessary.

(c) The Chair shall oversee the activities of agencies to assure

that their systems operate smoothly through the year 2000, act as

chief spokesperson on this issue for the executive branch in

national and international fora, provide policy coordination of

executive branch activities with State, local, and tribal

governments on the Y2K problem, and promote appropriate Federal

roles with respect to private sector activities in this area.

(d) The Chair and the Director of the Office of Management and

Budget shall report jointly at least quarterly to me on the

progress of agencies in addressing the Y2K problem.

(e) The Chair shall identify such resources from agencies as the

Chair deems necessary for the implementation of the policies set

out in this order, consistent with applicable law.

Sec. 3. Responsibilities of Agency Heads. (a) The head of each

agency shall:

(1) assure that efforts to address the Y2K problem receive the

highest priority attention in the agency and that the policies

established in this order are carried out; and

(2) cooperate to the fullest extent with the Chair by making

available such information, support, and assistance, including

personnel, as the Chair may request to support the accomplishment

of the tasks assigned herein, consistent with applicable law.

(b) The heads of executive departments and the agencies

designated by the Chair under section 2(a) of this order shall

identify a responsible official to represent the head of the

executive department or agency on the Council with sufficient

authority and experience to commit agency resources to address the

Y2K problem.

Sec. 4. Responsibilities of Interagency and Executive Office

Councils. Interagency councils and councils within the Executive

Office of the President, including the President's Management

Council, the Chief Information Officers Council, the Chief

Financial Officers Council, the President's Council on Integrity

and Efficiency, the Executive Council on Integrity and Efficiency,

the National Science and Technology Council, the National

Performance Review, the National Economic Council, the Domestic

Policy Council, and the National Security Council shall provide

assistance and support to the Chair upon the Chair's request.

Sec. 5. Information Coordination Center. (a) To assist the Chair

in the Y2K response duties included under section 2(c) of this

order, there shall be established the Information Coordination

Center (ICC) in the General Services Administration.

(b) At the direction of the Chair, the ICC will assist in making

preparations for information sharing and coordination within the

Federal Government and key components of the public and private

sectors, coordinating agency assessments of Y2K emergencies that

could have an adverse affect on U.S. interests at home and abroad,

and, if necessary, assisting Federal agencies and the Chair in

reconstitution processes where appropriate.

(c) The ICC will:

(1) consist of officials from executive agencies, designated by

agency heads under subsection 3(a)(2) of this order, who have

expertise in important management and technical areas, computer

hardware, software or security systems, reconstitution and

recovery, and of additional personnel hired directly or by

contract, as required, to carry out the duties described under

section 5 of this order;

(2) work with the Council and the Office of Management and Budget

to assure that Federal efforts to restore critical systems are

coordinated with efforts managed by Federal agencies acting under

existing emergency response authorities.

(d) The Chair of the President's Council on Year 2000 Conversion

shall designate a Director of the ICC.

Sec. 6. Judicial Review. This Executive order is intended only to

improve the internal management of the executive branch and does

not create any right or benefit, substantive or procedural,

enforceable at law or equity by a party against the United States,

its agencies, or instrumentalities, its officers or employees, or

any other person.

William J. Clinton.

-SECREF-

SECTION REFERRED TO IN OTHER SECTIONS

This section is referred to in sections 3505, 3507, 3520, 3534,

3544, 3603 of this title; title 10 section 2223; title 38 sections

308, 310; title 40 sections 11312, 11313, 11317; title 42 section

14953 of this title.

-End-

-CITE-

44 USC Sec. 3507 01/06/03

-EXPCITE-

TITLE 44 - PUBLIC PRINTING AND DOCUMENTS

CHAPTER 35 - COORDINATION OF FEDERAL INFORMATION POLICY

SUBCHAPTER I - FEDERAL INFORMATION POLICY

-HEAD-

Sec. 3507. Public information collection activities; submission to

Director; approval and delegation

-STATUTE-

(a) An agency shall not conduct or sponsor the collection of

information unless in advance of the adoption or revision of the

collection of information -

(1) the agency has -

(A) conducted the review established under section

3506(c)(1);

(B) evaluated the public comments received under section

3506(c)(2);

(C) submitted to the Director the certification required

under section 3506(c)(3), the proposed collection of

information, copies of pertinent statutory authority,

regulations, and other related materials as the Director may

specify; and

(D) published a notice in the Federal Register -

(i) stating that the agency has made such submission; and

(ii) setting forth -

(I) a title for the collection of information;

(II) a summary of the collection of information;

(III) a brief description of the need for the information

and the proposed use of the information;

(IV) a description of the likely respondents and proposed

frequency of response to the collection of information;

(V) an estimate of the burden that shall result from the

collection of information; and

(VI) notice that comments may be submitted to the agency

and Director;

(2) the Director has approved the proposed collection of

information or approval has been inferred, under the provisions

of this section; and

(3) the agency has obtained from the Director a control number

to be displayed upon the collection of information.

(b) The Director shall provide at least 30 days for public

comment prior to making a decision under subsection (c), (d), or

(h), except as provided under subsection (j).

(c)(1) For any proposed collection of information not contained

in a proposed rule, the Director shall notify the agency involved

of the decision to approve or disapprove the proposed collection of

information.

(2) The Director shall provide the notification under paragraph

(1), within 60 days after receipt or publication of the notice

under subsection (a)(1)(D), whichever is later.

(3) If the Director does not notify the agency of a denial or

approval within the 60-day period described under paragraph (2) -

(A) the approval may be inferred;

(B) a control number shall be assigned without further delay;

and

(C) the agency may collect the information for not more than 1

year.

(d)(1) For any proposed collection of information contained in a

proposed rule -

(A) as soon as practicable, but no later than the date of

publication of a notice of proposed rulemaking in the Federal

Register, each agency shall forward to the Director a copy of any

proposed rule which contains a collection of information and any

information requested by the Director necessary to make the

determination required under this subsection; and

(B) within 60 days after the notice of proposed rulemaking is

published in the Federal Register, the Director may file public

comments pursuant to the standards set forth in section 3508 on

the collection of information contained in the proposed rule;

(2) When a final rule is published in the Federal Register, the

agency shall explain -

(A) how any collection of information contained in the final

rule responds to the comments, if any, filed by the Director or

the public; or

(B) the reasons such comments were rejected.

(3) If the Director has received notice and failed to comment on

an agency rule within 60 days after the notice of proposed

rulemaking, the Director may not disapprove any collection of

information specifically contained in an agency rule.

(4) No provision in this section shall be construed to prevent

the Director, in the Director's discretion -

(A) from disapproving any collection of information which was

not specifically required by an agency rule;

(B) from disapproving any collection of information contained

in an agency rule, if the agency failed to comply with the

requirements of paragraph (1) of this subsection;

(C) from disapproving any collection of information contained

in a final agency rule, if the Director finds within 60 days

after the publication of the final rule that the agency's

response to the Director's comments filed under paragraph (2) of

this subsection was unreasonable; or

(D) from disapproving any collection of information contained

in a final rule, if -

(i) the Director determines that the agency has substantially

modified in the final rule the collection of information

contained in the proposed rule; and

(ii) the agency has not given the Director the information

required under paragraph (1) with respect to the modified

collection of information, at least 60 days before the issuance

of the final rule.

(5) This subsection shall apply only when an agency publishes a

notice of proposed rulemaking and requests public comments.

(6) The decision by the Director to approve or not act upon a

collection of information contained in an agency rule shall not be

subject to judicial review.

(e)(1) Any decision by the Director under subsection (c), (d),

(h), or (j) to disapprove a collection of information, or to

instruct the agency to make substantive or material change to a

collection of information, shall be publicly available and include

an explanation of the reasons for such decision.

(2) Any written communication between the Administrator of the

Office of Information and Regulatory Affairs, or any employee of

the Office of Information and Regulatory Affairs, and an agency or

person not employed by the Federal Government concerning a proposed

collection of information shall be made available to the public.

(3) This subsection shall not require the disclosure of -

(A) any information which is protected at all times by

procedures established for information which has been

specifically authorized under criteria established by an

Executive order or an Act of Congress to be kept secret in the

interest of national defense or foreign policy; or

(B) any communication relating to a collection of information

which is not approved under this subchapter, the disclosure of

which could lead to retaliation or discrimination against the

communicator.

(f)(1) An independent regulatory agency which is administered by

2 or more members of a commission, board, or similar body, may by

majority vote void -

(A) any disapproval by the Director, in whole or in part, of a

proposed collection of information of that agency; or

(B) an exercise of authority under subsection (d) of section

3507 concerning that agency.

(2) The agency shall certify each vote to void such disapproval

or exercise to the Director, and explain the reasons for such vote.

The Director shall without further delay assign a control number to

such collection of information, and such vote to void the

disapproval or exercise shall be valid for a period of 3 years.

(g) The Director may not approve a collection of information for

a period in excess of 3 years.

(h)(1) If an agency decides to seek extension of the Director's

approval granted for a currently approved collection of

information, the agency shall -

(A) conduct the review established under section 3506(c),

including the seeking of comment from the public on the continued

need for, and burden imposed by the collection of information;

and

(B) after having made a reasonable effort to seek public

comment, but no later than 60 days before the expiration date of

the control number assigned by the Director for the currently

approved collection of information, submit the collection of

information for review and approval under this section, which

shall include an explanation of how the agency has used the

information that it has collected.

(2) If under the provisions of this section, the Director

disapproves a collection of information contained in an existing

rule, or recommends or instructs the agency to make a substantive

or material change to a collection of information contained in an

existing rule, the Director shall -

(A) publish an explanation thereof in the Federal Register; and

(B) instruct the agency to undertake a rulemaking within a

reasonable time limited to consideration of changes to the

collection of information contained in the rule and thereafter to

submit the collection of information for approval or disapproval

under this subchapter.

(3) An agency may not make a substantive or material modification

to a collection of information after such collection has been

approved by the Director, unless the modification has been

submitted to the Director for review and approval under this

subchapter.

(i)(1) If the Director finds that a senior official of an agency

designated under section 3506(a) is sufficiently independent of

program responsibility to evaluate fairly whether proposed

collections of information should be approved and has sufficient

resources to carry out this responsibility effectively, the

Director may, by rule in accordance with the notice and comment

provisions of chapter 5 of title 5, United States Code, delegate to

such official the authority to approve proposed collections of

information in specific program areas, for specific purposes, or

for all agency purposes.

(2) A delegation by the Director under this section shall not

preclude the Director from reviewing individual collections of

information if the Director determines that circumstances warrant

such a review. The Director shall retain authority to revoke such

delegations, both in general and with regard to any specific

matter. In acting for the Director, any official to whom approval

authority has been delegated under this section shall comply fully

with the rules and regulations promulgated by the Director.

(j)(1) The agency head may request the Director to authorize a

collection of information, if an agency head determines that -

(A) a collection of information -

(i) is needed prior to the expiration of time periods

established under this subchapter; and

(ii) is essential to the mission of the agency; and

(B) the agency cannot reasonably comply with the provisions of

this subchapter because -

(i) public harm is reasonably likely to result if normal

clearance procedures are followed;

(ii) an unanticipated event has occurred; or

(iii) the use of normal clearance procedures is reasonably

likely to prevent or disrupt the collection of information or

is reasonably likely to cause a statutory or court ordered

deadline to be missed.

(2) The Director shall approve or disapprove any such

authorization request within the time requested by the agency head

and, if approved, shall assign the collection of information a

control number. Any collection of information conducted under this

subsection may be conducted without compliance with the provisions

of this subchapter for a maximum of 180 days after the date on

which the Director received the request to authorize such

collection.

-SOURCE-

(Added Pub. L. 104-13, Sec. 2, May 22, 1995, 109 Stat. 176; amended

Pub. L. 104-106, div. E, title LVI, Sec. 5605(d), Feb. 10, 1996,

110 Stat. 700; Pub. L. 106-398, Sec. 1 [[div. A], title X, Sec.

1064(b)], Oct. 30, 2000, 114 Stat. 1654, 1654A-275.)

-MISC1-

PRIOR PROVISIONS

A prior section 3507, added Pub. L. 96-511, Sec. 2(a), Dec. 11,

1980, 94 Stat. 2819; amended Pub. L. 99-500, Sec. 101(m) [title

VIII, Sec. 817], Oct. 18, 1986, 100 Stat. 1783-308, 1783-338, and

Pub. L. 99-591, Sec. 101(m) [title VIII, Sec. 817], Oct. 30, 1986,

100 Stat. 3341-308, 3341-338, related to submission to Director of

public information collection request for an approval or delegation

to a senior official of an agency prior to the general amendment of

this chapter by Pub. L. 104-13.

Another prior section 3507, Pub. L. 90-620, Oct. 22, 1968, 82

Stat. 1304, provided for cooperation of agencies in making

information available, prior to the general amendment of this

chapter by Pub. L. 96-511. See section 3510(a) of this title.

AMENDMENTS

2000 - Subsecs. (e)(3)(B), (h), (j). Pub. L. 106-398 substituted

"subchapter" for "chapter" wherever appearing.

1996 - Subsec. (j)(2). Pub. L. 104-106 substituted "180 days" for

"90 days".

EFFECTIVE DATE OF 2000 AMENDMENT

Amendment by Pub. L. 106-398 effective 30 days after Oct. 30,

2000, see section 1 [[div. A], title X, Sec. 1065] of Pub. L.

106-398, set out as an Effective Date note under section 3531 of

this title.

EFFECTIVE DATE OF 1996 AMENDMENT

Amendment by Pub. L. 104-106 effective 180 days after Feb. 10,

1996, see section 5701 of Pub. L. 104-106, Feb. 10, 1996, 110 Stat.

702.

-SECREF-

SECTION REFERRED TO IN OTHER SECTIONS

This section is referred to in sections 3506, 3509 of this title;

title 42 sections 242k, 14953.

-End-

-CITE-

44 USC Sec. 3508 01/06/03

-EXPCITE-

TITLE 44 - PUBLIC PRINTING AND DOCUMENTS

CHAPTER 35 - COORDINATION OF FEDERAL INFORMATION POLICY

SUBCHAPTER I - FEDERAL INFORMATION POLICY

-HEAD-

Sec. 3508. Determination of necessity for information; hearing

-STATUTE-

Before approving a proposed collection of information, the

Director shall determine whether the collection of information by

the agency is necessary for the proper performance of the functions

of the agency, including whether the information shall have

practical utility. Before making a determination the Director may

give the agency and other interested persons an opportunity to be

heard or to submit statements in writing. To the extent, if any,

that the Director determines that the collection of information by

an agency is unnecessary for any reason, the agency may not engage

in the collection of information.

-SOURCE-

(Added Pub. L. 104-13, Sec. 2, May 22, 1995, 109 Stat. 179.)

-MISC1-

PRIOR PROVISIONS

A prior section 3508, added Pub. L. 96-511, Sec. 2(a), Dec. 11,

1980, 94 Stat. 2821, related to determination of whether collection

of information is necessary for proper performance of functions of

agency prior to the general amendment of this chapter by Pub. L.

104-13.

Another prior section 3508, Pub. L. 90-620, Oct. 22, 1968, 82

Stat. 1304, related to unlawful disclosure of information,

penalties, and release of information to other agencies, prior to

the general amendment of this chapter by Pub. L. 96-511. See

section 3510(b) of this title.

-SECREF-

SECTION REFERRED TO IN OTHER SECTIONS

This section is referred to in section 3507 of this title.

-End-

-CITE-

44 USC Sec. 3509 01/06/03

-EXPCITE-

TITLE 44 - PUBLIC PRINTING AND DOCUMENTS

CHAPTER 35 - COORDINATION OF FEDERAL INFORMATION POLICY

SUBCHAPTER I - FEDERAL INFORMATION POLICY

-HEAD-

Sec. 3509. Designation of central collection agency

-STATUTE-

The Director may designate a central collection agency to obtain

information for two or more agencies if the Director determines

that the needs of such agencies for information will be adequately

served by a single collection agency, and such sharing of data is

not inconsistent with applicable law. In such cases the Director

shall prescribe (with reference to the collection of information)

the duties and functions of the collection agency so designated and

of the agencies for which it is to act as agent (including

reimbursement for costs). While the designation is in effect, an

agency covered by the designation may not obtain for itself

information for the agency which is the duty of the collection

agency to obtain. The Director may modify the designation from time

to time as circumstances require. The authority to designate under

this section is subject to the provisions of section 3507(f) of

this subchapter.

-SOURCE-

(Added Pub. L. 104-13, Sec. 2, May 22, 1995, 109 Stat. 180; amended

Pub. L. 106-398, Sec. 1 [[div. A], title X, Sec. 1064(b)], Oct. 30,

2000, 114 Stat. 1654, 1654A-275.)

-MISC1-

PRIOR PROVISIONS

A prior section 3509, added Pub. L. 96-511, Sec. 2(a), Dec. 11,

1980, 94 Stat. 2821, related to designation of central collection

agency prior to the general amendment of this chapter by Pub. L.

104-13.

Another prior section 3509, Pub. L. 90-620, Oct. 22, 1968, 82

Stat. 1304, related to plans or forms for collecting information,

submission to Director, and his approval, prior to the general

amendment of this chapter by Pub. L. 96-511.

AMENDMENTS

2000 - Pub. L. 106-398 substituted "subchapter" for "chapter".

EFFECTIVE DATE OF 2000 AMENDMENT

Amendment by Pub. L. 106-398 effective 30 days after Oct. 30,

2000, see section 1 [[div. A], title X, Sec. 1065] of Pub. L.

106-398, set out as an Effective Date note under section 3531 of

this title.

-SECREF-

SECTION REFERRED TO IN OTHER SECTIONS

This section is referred to in title 42 section 242k.

-End-

-CITE-

44 USC Sec. 3510 01/06/03

-EXPCITE-

TITLE 44 - PUBLIC PRINTING AND DOCUMENTS

CHAPTER 35 - COORDINATION OF FEDERAL INFORMATION POLICY

SUBCHAPTER I - FEDERAL INFORMATION POLICY

-HEAD-

Sec. 3510. Cooperation of agencies in making information available

-STATUTE-

(a) The Director may direct an agency to make available to

another agency, or an agency may make available to another agency,

information obtained by a collection of information if the

disclosure is not inconsistent with applicable law.

(b)(1) If information obtained by an agency is released by that

agency to another agency, all the provisions of law (including

penalties) that relate to the unlawful disclosure of information

apply to the officers and employees of the agency to which

information is released to the same extent and in the same manner

as the provisions apply to the officers and employees of the agency

which originally obtained the information.

(2) The officers and employees of the agency to which the

information is released, in addition, shall be subject to the same

provisions of law, including penalties, relating to the unlawful

disclosure of information as if the information had been collected

directly by that agency.

-SOURCE-

(Added Pub. L. 104-13, Sec. 2, May 22, 1995, 109 Stat. 180.)

-MISC1-

PRIOR PROVISIONS

A prior section 3510, added Pub. L. 96-511, Sec. 2(a), Dec. 11,

1980, 94 Stat. 2822, related to cooperation of agencies in making

information available prior to the general amendment of this

chapter by Pub. L. 104-13.

Another prior section 3510, Pub. L. 90-620, Oct. 22, 1968, 82

Stat. 1305, authorized promulgation of rules and regulations, prior

to the general amendment of this chapter by Pub. L. 96-511. See

section 3516 of this title.

-End-

-CITE-

44 USC Sec. 3511 01/06/03

-EXPCITE-

TITLE 44 - PUBLIC PRINTING AND DOCUMENTS

CHAPTER 35 - COORDINATION OF FEDERAL INFORMATION POLICY

SUBCHAPTER I - FEDERAL INFORMATION POLICY

-HEAD-

Sec. 3511. Establishment and operation of Government Information

Locator Service

-STATUTE-

(a) In order to assist agencies and the public in locating

information and to promote information sharing and equitable access

by the public, the Director shall -

(1) cause to be established and maintained a distributed

agency-based electronic Government Information Locator Service

(hereafter in this section referred to as the "Service"), which

shall identify the major information systems, holdings, and

dissemination products of each agency;

(2) require each agency to establish and maintain an agency

information locator service as a component of, and to support the

establishment and operation of the Service;

(3) in cooperation with the Archivist of the United States, the

Administrator of General Services, the Public Printer, and the

Librarian of Congress, establish an interagency committee to

advise the Secretary of Commerce on the development of technical

standards for the Service to ensure compatibility, promote

information sharing, and uniform access by the public;

(4) consider public access and other user needs in the

establishment and operation of the Service;

(5) ensure the security and integrity of the Service, including

measures to ensure that only information which is intended to be

disclosed to the public is disclosed through the Service; and

(6) periodically review the development and effectiveness of

the Service and make recommendations for improvement, including

other mechanisms for improving public access to Federal agency

public information.

(b) This section shall not apply to operational files as defined

by the Central Intelligence Agency Information Act (50 U.S.C. 431

et seq.).

-SOURCE-

(Added Pub. L. 104-13, Sec. 2, May 22, 1995, 109 Stat. 180.)

-REFTEXT-

REFERENCES IN TEXT

The Central Intelligence Agency Information Act, referred to in

subsec. (b), is Pub. L. 98-477, Oct. 15, 1984, 98 Stat. 2209, which

is classified principally to subchapter V (Sec. 431 et seq.) of

chapter 15 of Title 50, War and National Defense. For complete

classification of this Act to the Code, see Short Title of 1984

Amendment note set out under section 401 of Title 50 and Tables.

-MISC1-

PRIOR PROVISIONS

A prior section 3511, added Pub. L. 96-511, Sec. 2(a), Dec. 11,

1980, 94 Stat. 2822; amended Pub. L. 99-500, Sec. 101(m) [title

VIII, Sec. 818], Oct. 18, 1986, 100 Stat. 1783-308, 1783-339, and

Pub. L. 99-591, Sec. 101(m) [title VIII, Sec. 818], Oct. 30, 1986,

100 Stat. 3341-308, 3341-339, related to establishment and

operation of a Federal Information Locator System prior to the

general amendment of this chapter by Pub. L. 104-13.

Another prior section 3511, Pub. L. 90-620, Oct. 22, 1968, 82

Stat. 1305, provided for penalty for failure to furnish

information, prior to the general amendment of this chapter by Pub.

L. 96-511.

-SECREF-

SECTION REFERRED TO IN OTHER SECTIONS

This section is referred to in section 3506 of this title.

-End-

-CITE-

44 USC Sec. 3512 01/06/03

-EXPCITE-

TITLE 44 - PUBLIC PRINTING AND DOCUMENTS

CHAPTER 35 - COORDINATION OF FEDERAL INFORMATION POLICY

SUBCHAPTER I - FEDERAL INFORMATION POLICY

-HEAD-

Sec. 3512. Public protection

-STATUTE-

(a) Notwithstanding any other provision of law, no person shall

be subject to any penalty for failing to comply with a collection

of information that is subject to this subchapter if -

(1) the collection of information does not display a valid

control number assigned by the Director in accordance with this

subchapter; or

(2) the agency fails to inform the person who is to respond to

the collection of information that such person is not required to

respond to the collection of information unless it displays a

valid control number.

(b) The protection provided by this section may be raised in the

form of a complete defense, bar, or otherwise at any time during

the agency administrative process or judicial action applicable

thereto.

-SOURCE-

(Added Pub. L. 104-13, Sec. 2, May 22, 1995, 109 Stat. 181; amended

Pub. L. 106-398, Sec. 1 [[div. A], title X, Sec. 1064(b)], Oct. 30,

2000, 114 Stat. 1654, 1654A-275.)

-MISC1-

PRIOR PROVISIONS

A prior section 3512, added Pub. L. 96-511, Sec. 2(a), Dec. 11,

1980, 94 Stat. 2822, related to protection of persons failing to

maintain or provide information if information collection request

did not display current control number prior to the general

amendment of this chapter by Pub. L. 104-13.

Another prior section 3512, added Pub. L. 93-153, title IV, Sec.

409(b), Nov. 16, 1973, 87 Stat. 593, related to information for

independent regulatory agencies, prior to the general amendment of

this chapter by Pub. L. 96-511.

AMENDMENTS

2000 - Subsec. (a). Pub. L. 106-398 substituted "subchapter" for

"chapter" in introductory provisions and par. (1).

EFFECTIVE DATE OF 2000 AMENDMENT

Amendment by Pub. L. 106-398 effective 30 days after Oct. 30,

2000, see section 1 [[div. A], title X, Sec. 1065] of Pub. L.

106-398, set out as an Effective Date note under section 3531 of

this title.

-SECREF-

SECTION REFERRED TO IN OTHER SECTIONS

This section is referred to in title 15 section 57b-2; title 31

section 3811; title 42 section 14953.

-End-

-CITE-

44 USC Sec. 3513 01/06/03

-EXPCITE-

TITLE 44 - PUBLIC PRINTING AND DOCUMENTS

CHAPTER 35 - COORDINATION OF FEDERAL INFORMATION POLICY

SUBCHAPTER I - FEDERAL INFORMATION POLICY

-HEAD-

Sec. 3513. Director review of agency activities; reporting; agency

response

-STATUTE-

(a) In consultation with the Administrator of General Services,

the Archivist of the United States, the Director of the National

Institute of Standards and Technology, and the Director of the

Office of Personnel Management, the Director shall periodically

review selected agency information resources management activities

to ascertain the efficiency and effectiveness of such activities to

improve agency performance and the accomplishment of agency

missions.

(b) Each agency having an activity reviewed under subsection (a)

shall, within 60 days after receipt of a report on the review,

provide a written plan to the Director describing steps (including

milestones) to -

(1) be taken to address information resources management

problems identified in the report; and

(2) improve agency performance and the accomplishment of agency

missions.

-SOURCE-

(Added Pub. L. 104-13, Sec. 2, May 22, 1995, 109 Stat. 181.)

-MISC1-

PRIOR PROVISIONS

A prior section 3513, added Pub. L. 96-511, Sec. 2(a), Dec. 11,

1980, 94 Stat. 2822; amended Pub. L. 98-497, title I, Sec.

107(b)(27), Oct. 19, 1984, 98 Stat. 2291, related to periodic

review of agency activities by Director and report of review and

agency response to it prior to the general amendment of this

chapter by Pub. L. 104-13.

-End-

-CITE-

44 USC Sec. 3514 01/06/03

-EXPCITE-

TITLE 44 - PUBLIC PRINTING AND DOCUMENTS

CHAPTER 35 - COORDINATION OF FEDERAL INFORMATION POLICY

SUBCHAPTER I - FEDERAL INFORMATION POLICY

-HEAD-

Sec. 3514. Responsiveness to Congress

-STATUTE-

(a)(1) The Director shall -

(A) keep the Congress and congressional committees fully and

currently informed of the major activities under this subchapter;

and

(B) submit a report on such activities to the President of the

Senate and the Speaker of the House of Representatives annually

and at such other times as the Director determines necessary.

(2) The Director shall include in any such report a description

of the extent to which agencies have -

(A) reduced information collection burdens on the public,

including -

(i) a summary of accomplishments and planned initiatives to

reduce collection of information burdens;

(ii) a list of all violations of this subchapter and of any

rules, guidelines, policies, and procedures issued pursuant to

this subchapter;

(iii) a list of any increase in the collection of information

burden, including the authority for each such collection; and

(iv) a list of agencies that in the preceding year did not

reduce information collection burdens in accordance with

section 3505(a)(1), a list of the programs and statutory

responsibilities of those agencies that precluded that

reduction, and recommendations to assist those agencies to

reduce information collection burdens in accordance with that

section;

(B) improved the quality and utility of statistical

information;

(C) improved public access to Government information; and

(D) improved program performance and the accomplishment of

agency missions through information resources management.

(b) The preparation of any report required by this section shall

be based on performance results reported by the agencies and shall

not increase the collection of information burden on persons

outside the Federal Government.

-SOURCE-

(Added Pub. L. 104-13, Sec. 2, May 22, 1995, 109 Stat. 181; amended

Pub. L. 106-398, Sec. 1 [[div. A], title X, Sec. 1064(b)], Oct. 30,

2000, 114 Stat. 1654, 1654A-275.)

-MISC1-

PRIOR PROVISIONS

A prior section 3514, added Pub. L. 96-511, Sec. 2(a), Dec. 11,

1980, 94 Stat. 2823, and Pub. L. 99-500, Sec. 101(m) [title VIII,

Sec. 819], Oct. 18, 1986, 100 Stat. 1783-308, 1783-339, and Pub. L.

99-591, Sec. 101(m) [title VIII, Sec. 819], Oct. 30, 1986, 100

Stat. 3341-308, 3341-339, related to requirement that Director keep

Congress fully informed prior to the general amendment of this

chapter by Pub. L. 104-13.

AMENDMENTS

2000 - Subsec. (a)(1)(A), (2)(A)(ii). Pub. L. 106-398 substituted

"subchapter" for "chapter" wherever appearing.

EFFECTIVE DATE OF 2000 AMENDMENT

Amendment by Pub. L. 106-398 effective 30 days after Oct. 30,

2000, see section 1 [[div. A], title X, Sec. 1065] of Pub. L.

106-398, set out as an Effective Date note under section 3531 of

this title.

TERMINATION OF REPORTING REQUIREMENTS

For termination, effective May 15, 2000, of provisions of law

requiring submittal to Congress of any annual, semiannual, or other

regular periodic report listed in House Document No. 103-7 (in

which the 8th item on page 41 identifies an annual reporting

requirement which, as subsequently amended, is contained in subsec.

(a) of this section), see section 3003 of Pub. L. 104-66, as

amended, set out as a note under section 1113 of Title 31, Money

and Finance.

-End-

-CITE-

44 USC Sec. 3515 01/06/03

-EXPCITE-

TITLE 44 - PUBLIC PRINTING AND DOCUMENTS

CHAPTER 35 - COORDINATION OF FEDERAL INFORMATION POLICY

SUBCHAPTER I - FEDERAL INFORMATION POLICY

-HEAD-

Sec. 3515. Administrative powers

-STATUTE-

Upon the request of the Director, each agency (other than an

independent regulatory agency) shall, to the extent practicable,

make its services, personnel, and facilities available to the

Director for the performance of functions under this subchapter.

-SOURCE-

(Added Pub. L. 104-13, Sec. 2, May 22, 1995, 109 Stat. 182; amended

Pub. L. 106-398, Sec. 1 [[div. A], title X, Sec. 1064(b)], Oct. 30,

2000, 114 Stat. 1654, 1654A-275.)

-MISC1-

PRIOR PROVISIONS

A prior section 3515, added Pub. L. 96-511, Sec. 2(a), Dec. 11,

1980, 94 Stat. 2824, related to availability of agency services,

personnel, and facilities prior to the general amendment of this

chapter by Pub. L. 104-13.

AMENDMENTS

2000 - Pub. L. 106-398 substituted "subchapter" for "chapter".

EFFECTIVE DATE OF 2000 AMENDMENT

Amendment by Pub. L. 106-398 effective 30 days after Oct. 30,

2000, see section 1 [[div. A], title X, Sec. 1065] of Pub. L.

106-398, set out as an Effective Date note under section 3531 of

this title.

-End-

-CITE-

44 USC Sec. 3516 01/06/03

-EXPCITE-

TITLE 44 - PUBLIC PRINTING AND DOCUMENTS

CHAPTER 35 - COORDINATION OF FEDERAL INFORMATION POLICY

SUBCHAPTER I - FEDERAL INFORMATION POLICY

-HEAD-

Sec. 3516. Rules and regulations

-STATUTE-

The Director shall promulgate rules, regulations, or procedures

necessary to exercise the authority provided by this subchapter.

-SOURCE-

(Added Pub. L. 104-13, Sec. 2, May 22, 1995, 109 Stat. 182; amended

Pub. L. 106-398, Sec. 1 [[div. A], title X, Sec. 1064(b)], Oct. 30,

2000, 114 Stat. 1654, 1654A-275.)

-MISC1-

PRIOR PROVISIONS

A prior section 3516, added Pub. L. 96-511, Sec. 2(a), Dec. 11,

1980, 94 Stat. 2824, related to rules and regulations prior to the

general amendment of this chapter by Pub. L. 104-13.

AMENDMENTS

2000 - Pub. L. 106-398 substituted "subchapter" for "chapter".

EFFECTIVE DATE OF 2000 AMENDMENT

Amendment by Pub. L. 106-398 effective 30 days after Oct. 30,

2000, see section 1 [[div. A], title X, Sec. 1065] of Pub. L.

106-398, set out as an Effective Date note under section 3531 of

this title.

POLICY AND PROCEDURAL GUIDELINES

Pub. L. 106-554, Sec. 1(a)(3) [title V, Sec. 515], Dec. 21, 2000,

114 Stat. 2763, 2763A-153, provided that:

"(a) In General. - The Director of the Office of Management and

Budget shall, by not later than September 30, 2001, and with public

and Federal agency involvement, issue guidelines under sections

3504(d)(1) and 3516 of title 44, United States Code, that provide

policy and procedural guidance to Federal agencies for ensuring and

maximizing the quality, objectivity, utility, and integrity of

information (including statistical information) disseminated by

Federal agencies in fulfillment of the purposes and provisions of

chapter 35 of title 44, United States Code, commonly referred to as

the Paperwork Reduction Act.

"(b) Content of Guidelines. - The guidelines under subsection (a)

shall -

"(1) apply to the sharing by Federal agencies of, and access

to, information disseminated by Federal agencies; and

"(2) require that each Federal agency to which the guidelines

apply -

"(A) issue guidelines ensuring and maximizing the quality,

objectivity, utility, and integrity of information (including

statistical information) disseminated by the agency, by not

later than 1 year after the date of issuance of the guidelines

under subsection (a);

"(B) establish administrative mechanisms allowing affected

persons to seek and obtain correction of information maintained

and disseminated by the agency that does not comply with the

guidelines issued under subsection (a); and

"(C) report periodically to the Director -

"(i) the number and nature of complaints received by the

agency regarding the accuracy of information disseminated by

the agency; and

"(ii) how such complaints were handled by the agency."

-End-

-CITE-

44 USC Sec. 3517 01/06/03

-EXPCITE-

TITLE 44 - PUBLIC PRINTING AND DOCUMENTS

CHAPTER 35 - COORDINATION OF FEDERAL INFORMATION POLICY

SUBCHAPTER I - FEDERAL INFORMATION POLICY

-HEAD-

Sec. 3517. Consultation with other agencies and the public

-STATUTE-

(a) In developing information resources management policies,

plans, rules, regulations, procedures, and guidelines and in

reviewing collections of information, the Director shall provide

interested agencies and persons early and meaningful opportunity to

comment.

(b) Any person may request the Director to review any collection

of information conducted by or for an agency to determine, if,

under this subchapter, a person shall maintain, provide, or

disclose the information to or for the agency. Unless the request

is frivolous, the Director shall, in coordination with the agency

responsible for the collection of information -

(1) respond to the request within 60 days after receiving the

request, unless such period is extended by the Director to a

specified date and the person making the request is given notice

of such extension; and

(2) take appropriate remedial action, if necessary.

-SOURCE-

(Added Pub. L. 104-13, Sec. 2, May 22, 1995, 109 Stat. 182; amended

Pub. L. 106-398, Sec. 1 [[div. A], title X, Sec. 1064(b)], Oct. 30,

2000, 114 Stat. 1654, 1654A-275.)

-MISC1-

PRIOR PROVISIONS

A prior section 3517, added Pub. L. 96-511, Sec. 2(a), Dec. 11,

1980, 94 Stat. 2824, related to consultation with other agencies

and the public prior to the general amendment of this chapter by

Pub. L. 104-13.

AMENDMENTS

2000 - Subsec. (b). Pub. L. 106-398 substituted "subchapter" for

"chapter" in introductory provisions.

EFFECTIVE DATE OF 2000 AMENDMENT

Amendment by Pub. L. 106-398 effective 30 days after Oct. 30,

2000, see section 1 [[div. A], title X, Sec. 1065] of Pub. L.

106-398, set out as an Effective Date note under section 3531 of

this title.

-End-

-CITE-

44 USC Sec. 3518 01/06/03

-EXPCITE-

TITLE 44 - PUBLIC PRINTING AND DOCUMENTS

CHAPTER 35 - COORDINATION OF FEDERAL INFORMATION POLICY

SUBCHAPTER I - FEDERAL INFORMATION POLICY

-HEAD-

Sec. 3518. Effect on existing laws and regulations

-STATUTE-

(a) Except as otherwise provided in this subchapter, the

authority of an agency under any other law to prescribe policies,

rules, regulations, and procedures for Federal information

resources management activities is subject to the authority of the

Director under this subchapter.

(b) Nothing in this subchapter shall be deemed to affect or

reduce the authority of the Secretary of Commerce or the Director

of the Office of Management and Budget pursuant to Reorganization

Plan No. 1 of 1977 (as amended) and Executive order, relating to

telecommunications and information policy, procurement and

management of telecommunications and information systems, spectrum

use, and related matters.

(c)(1) Except as provided in paragraph (2), this subchapter shall

not apply to the collection of information -

(A) during the conduct of a Federal criminal investigation or

prosecution, or during the disposition of a particular criminal

matter;

(B) during the conduct of -

(i) a civil action to which the United States or any official

or agency thereof is a party; or

(ii) an administrative action or investigation involving an

agency against specific individuals or entities;

(C) by compulsory process pursuant to the Antitrust Civil

Process Act and section 13 of the Federal Trade Commission

Improvements Act of 1980; or

(D) during the conduct of intelligence activities as defined in

section 3.4(e) of Executive Order No. 12333, issued December 4,

1981, or successor orders, or during the conduct of cryptologic

activities that are communications security activities.

(2) This subchapter applies to the collection of information

during the conduct of general investigations (other than

information collected in an antitrust investigation to the extent

provided in subparagraph (C) of paragraph (1)) undertaken with

reference to a category of individuals or entities such as a class

of licensees or an entire industry.

(d) Nothing in this subchapter shall be interpreted as increasing

or decreasing the authority conferred by sections 11331 and 11332

(!1) of title 40 on the Secretary of Commerce or the Director of

the Office of Management and Budget.

(e) Nothing in this subchapter shall be interpreted as increasing

or decreasing the authority of the President, the Office of

Management and Budget or the Director thereof, under the laws of

the United States, with respect to the substantive policies and

programs of departments, agencies and offices, including the

substantive authority of any Federal agency to enforce the civil

rights laws.

-SOURCE-

(Added Pub. L. 104-13, Sec. 2, May 22, 1995, 109 Stat. 183; amended

Pub. L. 104-106, div. E, title LI, Sec. 5131(e)(2), Feb. 10, 1996,

110 Stat. 688; Pub. L. 105-85, div. A, title X, Sec. 1073(h)(5)(C),

Nov. 18, 1997, 111 Stat. 1907; Pub. L. 106-398, Sec. 1 [[div. A],

title X, Sec. 1064(b)], Oct. 30, 2000, 114 Stat. 1654, 1654A-275;

Pub. L. 107-217, Sec. 3(l)(7), Aug. 21, 2002, 116 Stat. 1302.)

-REFTEXT-

REFERENCES IN TEXT

Reorganization Plan No. 1 of 1977, referred to in subsec. (b), is

set out in the Appendix to Title 5, Government Organization and

Employees.

Executive order, referred to in subsec. (b), probably means Ex.

Ord. No. 12046, Mar. 27, 1978, 43 F.R. 13349, which is set out as a

note under section 305 of Title 47, Telegraphs, Telephones, and

Radiotelegraphs.

The Antitrust Civil Process Act, referred to in subsec.

(c)(1)(C), is Pub. L. 87-664, Sept. 19, 1962, 76 Stat. 548, as

amended, which is classified generally to chapter 34 (Sec. 1311 et

seq.) of Title 15, Commerce and Trade. For complete classification

of this Act to the Code, see Short Title note set out under section

1311 of Title 15 and Tables.

Section 13 of the Federal Trade Commission Improvements Act of

1980, referred to in subsec. (c)(1)(C), is classified to section

57b-1 of Title 15.

Executive Order No. 12333, referred to in subsec. (c)(1)(D), is

Ex. Ord. No. 12333, Dec. 4, 1981, 46 F.R. 59941, which is set out

as a note under section 401 of Title 50, War and National Defense.

Section 11332 of title 40, referred to in subsec. (d), was

repealed by Pub. L. 107-296, title X, Sec. 1005(a)(1), Nov. 25,

2002, 116 Stat. 2272, and Pub. L. 107-347, title III, Sec. 305(a),

Dec. 17, 2002, 116 Stat. 2960.

The civil rights laws, referred to in subsec. (e), are classified

generally to chapter 21 (Sec. 1981 et seq.) of Title 42, The Public

Health and Welfare.

-MISC1-

PRIOR PROVISIONS

A prior section 3518, added Pub. L. 96-511, Sec. 2(a), Dec. 11,

1980, 94 Stat. 2824, related to the effect on existing laws and

regulations prior to the general amendment of this chapter by Pub.

L. 104-13.

AMENDMENTS

2002 - Subsec. (d). Pub. L. 107-217 substituted "sections 11331

and 11332 of title 40" for "section 5131 of the Clinger-Cohen Act

of 1996 (40 U.S.C. 1441) and the Computer Security Act of 1987 (40

U.S.C. 759 note)".

2000 - Pub. L. 106-398 substituted "subchapter" for "chapter"

wherever appearing.

1997 - Subsec. (d). Pub. L. 105-85 substituted "Clinger-Cohen Act

of 1996 (40 U.S.C. 1441)" for "Information Technology Management

Reform Act of 1996".

1996 - Subsec. (d). Pub. L. 104-106 substituted "section 5131 of

the Information Technology Management Reform Act of 1996 and the

Computer Security Act of 1987 (40 U.S.C. 759 note) on the Secretary

of Commerce or" for "Public Law 89-306 on the Administrator of the

General Services Administration, the Secretary of Commerce, or".

EFFECTIVE DATE OF 2000 AMENDMENT

Amendment by Pub. L. 106-398 effective 30 days after Oct. 30,

2000, see section 1 [[div. A], title X, Sec. 1065] of Pub. L.

106-398, set out as an Effective Date note under section 3531 of

this title.

EFFECTIVE DATE OF 1996 AMENDMENT

Amendment by Pub. L. 104-106 effective 180 days after Feb. 10,

1996, see section 5701 of Pub. L. 104-106, Feb. 10, 1996, 110 Stat.

702.

-SECREF-

SECTION REFERRED TO IN OTHER SECTIONS

This section is referred to in section 3502 of this title; title

5 section 601.

-FOOTNOTE-

(!1) See References in Text note below.

-End-

-CITE-

44 USC Sec. 3519 01/06/03

-EXPCITE-

TITLE 44 - PUBLIC PRINTING AND DOCUMENTS

CHAPTER 35 - COORDINATION OF FEDERAL INFORMATION POLICY

SUBCHAPTER I - FEDERAL INFORMATION POLICY

-HEAD-

Sec. 3519. Access to information

-STATUTE-

Under the conditions and procedures prescribed in section 716 of

title 31, the Director and personnel in the Office of Information

and Regulatory Affairs shall furnish such information as the

Comptroller General may require for the discharge of the

responsibilities of the Comptroller General. For the purpose of

obtaining such information, the Comptroller General or

representatives thereof shall have access to all books, documents,

papers and records, regardless of form or format, of the Office.

-SOURCE-

(Added Pub. L. 104-13, Sec. 2, May 22, 1995, 109 Stat. 183.)

-MISC1-

PRIOR PROVISIONS

A prior section 3519, added Pub. L. 96-511, Sec. 2(a), Dec. 11,

1980, 94 Stat. 2825; amended Pub. L. 97-258, Sec. 3(m)(3), Sept.

13, 1982, 96 Stat. 1066, related to access to information prior to

the general amendment of this chapter by Pub. L. 104-13.

-End-

-CITE-

44 USC Sec. 3520 01/06/03

-EXPCITE-

TITLE 44 - PUBLIC PRINTING AND DOCUMENTS

CHAPTER 35 - COORDINATION OF FEDERAL INFORMATION POLICY

SUBCHAPTER I - FEDERAL INFORMATION POLICY

-HEAD-

Sec. 3520. Establishment of task force on information collection

and dissemination

-STATUTE-

(a) There is established a task force to study the feasibility of

streamlining requirements with respect to small business concerns

regarding collection of information and strengthening dissemination

of information (in this section referred to as the "task force").

(b)(1) The Director shall determine -

(A) subject to the minimum requirements under paragraph (2),

the number of representatives to be designated under each

subparagraph of that paragraph; and

(B) the agencies to be represented under paragraph (2)(K).

(2) After all determinations are made under paragraph (1), the

members of the task force shall be designated by the head of each

applicable department or agency, and include -

(A) 1 representative of the Director, who shall convene and

chair the task force;

(B) not less than 2 representatives of the Department of Labor,

including 1 representative of the Bureau of Labor Statistics and

1 representative of the Occupational Safety and Health

Administration;

(C) not less than 1 representative of the Environmental

Protection Agency;

(D) not less than 1 representative of the Department of

Transportation;

(E) not less than 1 representative of the Office of Advocacy of

the Small Business Administration;

(F) not less than 1 representative of the Internal Revenue

Service;

(G) not less than 2 representatives of the Department of Health

and Human Services, including 1 representative of the Centers for

Medicare and Medicaid Services;

(H) not less than 1 representative of the Department of

Agriculture;

(I) not less than 1 representative of the Department of the

Interior;

(J) not less than 1 representative of the General Services

Administration; and

(K) not less than 1 representative of each of 2 agencies not

represented by representatives described under subparagraphs (A)

through (J).

(c) The task force shall -

(1) identify ways to integrate the collection of information

across Federal agencies and programs and examine the feasibility

and desirability of requiring each agency to consolidate

requirements regarding collections of information with respect to

small business concerns within and across agencies, without

negatively impacting the effectiveness of underlying laws and

regulations regarding such collections of information, in order

that each small business concern may submit all information

required by the agency -

(A) to 1 point of contact in the agency;

(B) in a single format, such as a single electronic reporting

system, with respect to the agency; and

(C) with synchronized reporting for information submissions

having the same frequency, such as synchronized quarterly,

semiannual, and annual reporting dates;

(2) examine the feasibility and benefits to small businesses of

publishing a list by the Director of the collections of

information applicable to small business concerns (as defined in

section 3 of the Small Business Act (15 U.S.C. 632)), organized -

(A) by North American Industry Classification System code;

(B) by industrial sector description; or

(C) in another manner by which small business concerns can

more easily identify requirements with which those small

business concerns are expected to comply;

(3) examine the savings, including cost savings, and develop

recommendations for implementing -

(A) systems for electronic submissions of information to the

Federal Government; and

(B) interactive reporting systems, including components that

provide immediate feedback to assure that data being submitted

-

(i) meet requirements of format; and

(ii) are within the range of acceptable options for each

data field;

(4) make recommendations to improve the electronic

dissemination of information collected under Federal

requirements;

(5) recommend a plan for the development of an interactive

Governmentwide system, available through the Internet, to allow

each small business to -

(A) better understand which Federal requirements regarding

collection of information (and, when possible, which other

Federal regulatory requirements) apply to that particular

business; and

(B) more easily comply with those Federal requirements; and

(6) in carrying out this section, consider opportunities for

the coordination -

(A) of Federal and State reporting requirements; and

(B) among the points of contact described under section

3506(i), such as to enable agencies to provide small business

concerns with contacts for information collection requirements

for other agencies.

(d) The task force shall -

(1) by publication in the Federal Register, provide notice and

an opportunity for public comment on each report in draft form;

and

(2) make provision in each report for the inclusion of -

(A) any additional or dissenting views of task force members;

and

(B) a summary of significant public comments.

(e) Not later than 1 year after the date of enactment of the

Small Business Paperwork Relief Act of 2002, the task force shall

submit a report of its findings under subsection (c) (1), (2), and

(3) to -

(1) the Director;

(2) the chairpersons and ranking minority members of -

(A) the Committee on Governmental Affairs and the Committee

on Small Business and Entrepreneurship of the Senate; and

(B) the Committee on Government Reform and the Committee on

Small Business of the House of Representatives; and

(3) the Small Business and Agriculture Regulatory Enforcement

Ombudsman designated under section 30(b) of the Small Business

Act (15 U.S.C. 657(b)).

(f) Not later than 2 years after the date of enactment of the

Small Business Paperwork Relief Act of 2002, the task force shall

submit a report of its findings under subsection (c) (4) and (5) to

-

(1) the Director;

(2) the chairpersons and ranking minority members of -

(A) the Committee on Governmental Affairs and the Committee

on Small Business and Entrepreneurship of the Senate; and

(B) the Committee on Government Reform and the Committee on

Small Business of the House of Representatives; and

(3) the Small Business and Agriculture Regulatory Enforcement

Ombudsman designated under section 30(b) of the Small Business

Act (15 U.S.C. 657(b)).

(g) The task force shall terminate after completion of its work.

(h) In this section, the term "small business concern" has the

meaning given under section 3 of the Small Business Act (15 U.S.C.

632).

-SOURCE-

(Added Pub. L. 107-198, Sec. 3(a)(2), June 28, 2002, 116 Stat.

730.)

-REFTEXT-

REFERENCES IN TEXT

The date of enactment of the Small Business Paperwork Relief Act

of 2002, referred to in subsecs. (e) and (f), is the date of

enactment of Pub. L. 107-198, which was approved June 28, 2002.

-MISC1-

PRIOR PROVISIONS

A prior section 3520 was renumbered section 3521 of this title.

Another prior section 3520, added Pub. L. 96-511, Sec. 2(a), Dec.

11, 1980, 94 Stat. 2825; amended Pub. L. 99-500, Sec. 101(m) [title

VIII, Sec. 820], Oct. 18, 1986, 100 Stat. 1783-308, 1783-340, and

Pub. L. 99-591, Sec. 101(m) [title VIII, Sec. 820], Oct. 30, 1986,

100 Stat. 3341-308, 3341-340, related to authorization of

appropriations prior to the general amendment of this chapter by

Pub. L. 104-13.

-End-

-CITE-

44 USC Sec. 3521 01/06/03

-EXPCITE-

TITLE 44 - PUBLIC PRINTING AND DOCUMENTS

CHAPTER 35 - COORDINATION OF FEDERAL INFORMATION POLICY

SUBCHAPTER I - FEDERAL INFORMATION POLICY

-HEAD-

Sec. 3521. Authorization of appropriations

-STATUTE-

There are authorized to be appropriated to the Office of

Information and Regulatory Affairs to carry out the provisions of

this subchapter, and for no other purpose, $8,000,000 for each of

the fiscal years 1996, 1997, 1998, 1999, 2000, and 2001.

-SOURCE-

(Added Pub. L. 104-13, Sec. 2, May 22, 1995, 109 Stat. 184, Sec.

3520; amended Pub. L. 106-398, Sec. 1 [[div. A], title X, Sec.

1064(b)], Oct. 30, 2000, 114 Stat. 1654, 1654A-275; renumbered Sec.

3521, Pub. L. 107-198, Sec. 3(a)(1), June 28, 2002, 116 Stat. 730.)

-MISC1-

AMENDMENTS

2002 - Pub. L. 107-198 renumbered section 3520 of this title as

this section.

2000 - Pub. L. 106-398 substituted "subchapter" for "chapter".

EFFECTIVE DATE OF 2000 AMENDMENT

Amendment by Pub. L. 106-398 effective 30 days after Oct. 30,

2000, see section 1 [[div. A], title X, Sec. 1065] of Pub. L.

106-398, set out as an Effective Date note under section 3531 of

this title.

EFFECTIVE DATE

Section effective May 22, 1995, see section 4 of Pub. L. 104-13,

set out as a note under section 3501 of this title.

-End-

-CITE-

44 USC SUBCHAPTER II - INFORMATION SECURITY 01/06/03

-EXPCITE-

TITLE 44 - PUBLIC PRINTING AND DOCUMENTS

CHAPTER 35 - COORDINATION OF FEDERAL INFORMATION POLICY

SUBCHAPTER II - INFORMATION SECURITY

-HEAD-

SUBCHAPTER II - INFORMATION SECURITY

-STATAMEND-

APPLICABILITY OF SUBCHAPTER

This subchapter not to apply while subchapter III of this chapter

is in effect, see section 3549 of this title.

-MISC1-

AMENDMENTS

2002 - Pub. L. 107-296, title X, Sec. 1001(b)(1), Nov. 25, 2002,

116 Stat. 2259, reenacted subchapter heading without change.

-SECREF-

SUBCHAPTER REFERRED TO IN OTHER SECTIONS

This subchapter is referred to in sections 3504, 3506, 3549 of

this title; title 10 section 2224a.

-End-

-CITE-

44 USC Sec. 3531 01/06/03

-EXPCITE-

TITLE 44 - PUBLIC PRINTING AND DOCUMENTS

CHAPTER 35 - COORDINATION OF FEDERAL INFORMATION POLICY

SUBCHAPTER II - INFORMATION SECURITY

-HEAD-

Sec. 3531. Purposes

-STATUTE-

The purposes of this subchapter are to -

(1) provide a comprehensive framework for ensuring the

effectiveness of information security controls over information

resources that support Federal operations and assets;

(2) recognize the highly networked nature of the current

Federal computing environment and provide effective

governmentwide management and oversight of the related

information security risks, including coordination of information

security efforts throughout the civilian, national security, and

law enforcement communities;

(3) provide for development and maintenance of minimum controls

required to protect Federal information and information systems;

(4) provide a mechanism for improved oversight of Federal

agency information security programs;

(5) acknowledge that commercially developed information

security products offer advanced, dynamic, robust, and effective

information security solutions, reflecting market solutions for

the protection of critical information infrastructures important

to the national defense and economic security of the nation that

are designed, built, and operated by the private sector; and

(6) recognize that the selection of specific technical hardware

and software information security solutions should be left to

individual agencies from among commercially developed products.

-SOURCE-

(Added Pub. L. 107-296, title X, Sec. 1001(b)(1), Nov. 25, 2002,

116 Stat. 2259.)

-STATAMEND-

APPLICABILITY OF SECTION

This section not to apply while subchapter III of this chapter is

in effect, see section 3549 of this title.

-MISC1-

PRIOR PROVISIONS

A prior section 3531, added Pub. L. 106-398, Sec. 1 [[div. A],

title X, Sec. 1061], Oct. 30, 2000, 114 Stat. 1654, 1654A-266, set

forth purposes of this subchapter prior to the general amendment of

this subchapter by Pub. L. 107-296.

EFFECTIVE DATE

Subchapter effective 60 days after Nov. 25, 2002, see section 4

of Pub. L. 107-296, set out as a note under section 101 of Title 6,

Domestic Security.

Pub. L. 106-398, Sec. 1 [[div. A], title X, Sec. 1065], Oct. 30,

2000, 114 Stat. 1654, 1654A-275, which provided that subtitle G

(Secs. 1061-1065) of title X of [div. A] of H.R. 5408, as enacted

by section 1 of Pub. L. 106-398, enacting this subchapter, amending

sections 3501 to 3507, 3509, 3512, 3514 to 3518, and 3520 of this

title, and section 2224 of Title 10, Armed Forces, and enacting

provisions formerly set out as a note below , would take effect 30

days after Oct. 30, 2000, was repealed by Pub. L. 107-296, title X,

Sec. 1005(b), Nov. 25, 2002, 116 Stat. 2272.

RESPONSIBILITIES OF CERTAIN AGENCIES

Pub. L. 106-398, Sec. 1 [[div. A], title X, Sec. 1062], Oct. 30,

2000, 114 Stat. 1654, 1654A-272, which set forth responsibilities

of Department of Commerce, Department of Defense, Intelligence

Community, Department of Justice, General Services Administration,

and Office of Personnel Management relating to development,

issuance, review, and updating of information security policies,

principles, standards, and guidelines, including assessment of

training and personnel needs, was repealed by Pub. L. 107-296,

title X, Sec. 1005(b), Nov. 25, 2002, 116 Stat. 2272, and Pub. L.

107-347, title III, Sec. 305(b), Dec. 17, 2002, 116 Stat. 2960.

-End-

-CITE-

44 USC Sec. 3532 01/06/03

-EXPCITE-

TITLE 44 - PUBLIC PRINTING AND DOCUMENTS

CHAPTER 35 - COORDINATION OF FEDERAL INFORMATION POLICY

SUBCHAPTER II - INFORMATION SECURITY

-HEAD-

Sec. 3532. Definitions

-STATUTE-

(a) In General. - Except as provided under subsection (b), the

definitions under section 3502 shall apply to this subchapter.

(b) Additional Definitions. - As used in this subchapter -

(1) the term "information security" means protecting

information and information systems from unauthorized access,

use, disclosure, disruption, modification, or destruction in

order to provide -

(A) integrity, which means guarding against improper

information modification or destruction, and includes ensuring

information nonrepudiation and authenticity;

(B) confidentiality, which means preserving authorized

restrictions on access and disclosure, including means for

protecting personal privacy and proprietary information;

(C) availability, which means ensuring timely and reliable

access to and use of information; and

(D) authentication, which means utilizing digital credentials

to assure the identity of users and validate their access;

(2) the term "national security system" means any information

system (including any telecommunications system) used or operated

by an agency or by a contractor of an agency, or other

organization on behalf of an agency, the function, operation, or

use of which -

(A) involves intelligence activities;

(B) involves cryptologic activities related to national

security;

(C) involves command and control of military forces;

(D) involves equipment that is an integral part of a weapon

or weapons system; or

(E) is critical to the direct fulfillment of military or

intelligence missions provided that this definition does not

apply to a system that is used for routine administrative and

business applications (including payroll, finance, logistics,

and personnel management applications);

(3) the term "information technology" has the meaning given

that term in section 11101 of title 40; and

(4) the term "information system" means any equipment or

interconnected system or subsystems of equipment that is used in

the automatic acquisition, storage, manipulation, management,

movement, control, display, switching, interchange, transmission,

or reception of data or information, and includes -

(A) computers and computer networks;

(B) ancillary equipment;

(C) software, firmware, and related procedures;

(D) services, including support services; and

(E) related resources.

-SOURCE-

(Added Pub. L. 107-296, title X, Sec. 1001(b)(1), Nov. 25, 2002,

116 Stat. 2260.)

-STATAMEND-

APPLICABILITY OF SECTION

This section not to apply while subchapter III of this chapter is

in effect, see section 3549 of this title.

-MISC1-

PRIOR PROVISIONS

A prior section 3532, added Pub. L. 106-398, Sec. 1 [[div. A],

title X, Sec. 1061], Oct. 30, 2000, 114 Stat. 1654, 1654A-266,

related to definitions applicable to this subchapter prior to the

general amendment of this subchapter by Pub. L. 107-296.

-SECREF-

SECTION REFERRED TO IN OTHER SECTIONS

This section is referred to in title 6 section 511; title 15

section 278g-3.

-End-

-CITE-

44 USC Sec. 3533 01/06/03

-EXPCITE-

TITLE 44 - PUBLIC PRINTING AND DOCUMENTS

CHAPTER 35 - COORDINATION OF FEDERAL INFORMATION POLICY

SUBCHAPTER II - INFORMATION SECURITY

-HEAD-

Sec. 3533. Authority and functions of the Director

-STATUTE-

(a) The Director shall oversee agency information security

policies and practices, by -

(1) promulgating information security standards under section

11331 of title 40;

(2) overseeing the implementation of policies, principles,

standards, and guidelines on information security;

(3) requiring agencies, consistent with the standards

promulgated under such section 11331 and the requirements of this

subchapter, to identify and provide information security

protections commensurate with the risk and magnitude of the harm

resulting from the unauthorized access, use, disclosure,

disruption, modification, or destruction of -

(A) information collected or maintained by or on behalf of an

agency; or

(B) information systems used or operated by an agency or by a

contractor of an agency or other organization on behalf of an

agency;

(4) coordinating the development of standards and guidelines

under section 20 of the National Institute of Standards and

Technology Act (15 U.S.C. 278g-3) with agencies and offices

operating or exercising control of national security systems

(including the National Security Agency) to assure, to the

maximum extent feasible, that such standards and guidelines are

complementary with standards and guidelines developed for

national security systems;

(5) overseeing agency compliance with the requirements of this

subchapter, including through any authorized action under section

11303(b)(5) of title 40, to enforce accountability for compliance

with such requirements;

(6) reviewing at least annually, and approving or disapproving,

agency information security programs required under section

3534(b);

(7) coordinating information security policies and procedures

with related information resources management policies and

procedures; and

(8) reporting to Congress no later than March 1 of each year on

agency compliance with the requirements of this subchapter,

including -

(A) a summary of the findings of evaluations required by

section 3535;

(B) significant deficiencies in agency information security

practices;

(C) planned remedial action to address such deficiencies; and

(D) a summary of, and the views of the Director on, the

report prepared by the National Institute of Standards and

Technology under section 20(d)(9) of the National Institute of

Standards and Technology Act (15 U.S.C. 278g-3).

(b) Except for the authorities described in paragraphs (4) and

(7) of subsection (a), the authorities of the Director under this

section shall not apply to national security systems.

-SOURCE-

(Added Pub. L. 107-296, title X, Sec. 1001(b)(1), Nov. 25, 2002,

116 Stat. 2261.)

-STATAMEND-

APPLICABILITY OF SECTION

This section not to apply while subchapter III of this chapter is

in effect, see section 3549 of this title.

-MISC1-

PRIOR PROVISIONS

A prior section 3533, added Pub. L. 106-398, Sec. 1 [[div. A],

title X, Sec. 1061], Oct. 30, 2000, 114 Stat. 1654, 1654A-266, set

forth authority and functions of the Director prior to the general

amendment of this subchapter by Pub. L. 107-296.

-SECREF-

SECTION REFERRED TO IN OTHER SECTIONS

This section is referred to in sections 3534, 3535 of this title.

-End-

-CITE-

44 USC Sec. 3534 01/06/03

-EXPCITE-

TITLE 44 - PUBLIC PRINTING AND DOCUMENTS

CHAPTER 35 - COORDINATION OF FEDERAL INFORMATION POLICY

SUBCHAPTER II - INFORMATION SECURITY

-HEAD-

Sec. 3534. Federal agency responsibilities

-STATUTE-

(a) The head of each agency shall -

(1) be responsible for -

(A) providing information security protections commensurate

with the risk and magnitude of the harm resulting from

unauthorized access, use, disclosure, disruption, modification,

or destruction of -

(i) information collected or maintained by or on behalf of

the agency; and

(ii) information systems used or operated by an agency or

by a contractor of an agency or other organization on behalf

of an agency;

(B) complying with the requirements of this subchapter and

related policies, procedures, standards, and guidelines,

including -

(i) information security standards promulgated by the

Director under section 11331 of title 40; and

(ii) information security standards and guidelines for

national security systems issued in accordance with law and

as directed by the President; and

(C) ensuring that information security management processes

are integrated with agency strategic and operational planning

processes;

(2) ensure that senior agency officials provide information

security for the information and information systems that support

the operations and assets under their control, including through

-

(A) assessing the risk and magnitude of the harm that could

result from the unauthorized access, use, disclosure,

disruption, modification, or destruction of such information or

information systems;

(B) determining the levels of information security

appropriate to protect such information and information systems

in accordance with standards promulgated under section 11331 of

title 40 for information security classifications and related

requirements;

(C) implementing policies and procedures to cost-effectively

reduce risks to an acceptable level; and

(D) periodically testing and evaluating information security

controls and techniques to ensure that they are effectively

implemented;

(3) delegate to the agency Chief Information Officer

established under section 3506 (or comparable official in an

agency not covered by such section) the authority to ensure

compliance with the requirements imposed on the agency under this

subchapter, including -

(A) designating a senior agency information security officer

who shall -

(i) carry out the Chief Information Officer's

responsibilities under this section;

(ii) possess professional qualifications, including

training and experience, required to administer the functions

described under this section;

(iii) have information security duties as that official's

primary duty; and

(iv) head an office with the mission and resources to

assist in ensuring agency compliance with this section;

(B) developing and maintaining an agencywide information

security program as required by subsection (b);

(C) developing and maintaining information security policies,

procedures, and control techniques to address all applicable

requirements, including those issued under section 3533 of this

title, and section 11331 of title 40;

(D) training and overseeing personnel with significant

responsibilities for information security with respect to such

responsibilities; and

(E) assisting senior agency officials concerning their

responsibilities under paragraph (2);

(4) ensure that the agency has trained personnel sufficient to

assist the agency in complying with the requirements of this

subchapter and related policies, procedures, standards, and

guidelines; and

(5) ensure that the agency Chief Information Officer, in

coordination with other senior agency officials, reports annually

to the agency head on the effectiveness of the agency information

security program, including progress of remedial actions.

(b) Each agency shall develop, document, and implement an

agencywide information security program, approved by the Director

under section 3533(a)(5), to provide information security for the

information and information systems that support the operations and

assets of the agency, including those provided or managed by

another agency, contractor, or other source, that includes -

(1) periodic assessments of the risk and magnitude of the harm

that could result from the unauthorized access, use, disclosure,

disruption, modification, or destruction of information and

information systems that support the operations and assets of the

agency;

(2) policies and procedures that -

(A) are based on the risk assessments required by paragraph

(1);

(B) cost-effectively reduce information security risks to an

acceptable level;

(C) ensure that information security is addressed throughout

the life cycle of each agency information system; and

(D) ensure compliance with -

(i) the requirements of this subchapter;

(ii) policies and procedures as may be prescribed by the

Director, and information security standards promulgated

under section 11331 of title 40;

(iii) minimally acceptable system configuration

requirements, as determined by the agency; and

(iv) any other applicable requirements, including standards

and guidelines for national security systems issued in

accordance with law and as directed by the President;

(3) subordinate plans for providing adequate information

security for networks, facilities, and systems or groups of

information systems, as appropriate;

(4) security awareness training to inform personnel, including

contractors and other users of information systems that support

the operations and assets of the agency, of -

(A) information security risks associated with their

activities; and

(B) their responsibilities in complying with agency policies

and procedures designed to reduce these risks;

(5) periodic testing and evaluation of the effectiveness of

information security policies, procedures, and practices, to be

performed with a frequency depending on risk, but no less than

annually, of which such testing -

(A) shall include testing of management, operational, and

technical controls of every information system identified in

the inventory required under section 3505(c); and

(B) may include testing relied on in a (!1) evaluation under

section 3535;

(6) a process for planning, implementing, evaluating, and

documenting remedial action to address any deficiencies in the

information security policies, procedures, and practices of the

agency;

(7) procedures for detecting, reporting, and responding to

security incidents, including -

(A) mitigating risks associated with such incidents before

substantial damage is done; and

(B) notifying and consulting with, as appropriate -

(i) law enforcement agencies and relevant Offices of

Inspector General;

(ii) an office designated by the President for any incident

involving a national security system; and

(iii) any other agency or office, in accordance with law or

as directed by the President; and

(8) plans and procedures to ensure continuity of operations for

information systems that support the operations and assets of the

agency.

(c) Each agency shall -

(1) report annually to the Director, the Committees on

Government Reform and Science of the House of Representatives,

the Committees on Governmental Affairs and Commerce, Science, and

Transportation of the Senate, the appropriate authorization and

appropriations committees of Congress, and the Comptroller

General on the adequacy and effectiveness of information security

policies, procedures, and practices, and compliance with the

requirements of this subchapter, including compliance with each

requirement of subsection (b);

(2) address the adequacy and effectiveness of information

security policies, procedures, and practices in plans and reports

relating to -

(A) annual agency budgets;

(B) information resources management under subchapter 1 (!2)

of this chapter;

(C) information technology management under subtitle III of

title 40;

(D) program performance under sections 1105 and 1115 through

1119 of title 31, and sections 2801 and 2805 of title 39;

(E) financial management under chapter 9 of title 31, and the

Chief Financial Officers Act of 1990 (31 U.S.C. 501 note;

Public Law 101-576) (and the amendments made by that Act);

(F) financial management systems under the Federal Financial

Management Improvement Act (31 U.S.C. 3512 note); and

(G) internal accounting and administrative controls under

section 3512 of title 31, United States Code,(!3) (known as the

"Federal Managers Financial Integrity Act"); and

(3) report any significant deficiency in a policy, procedure,

or practice identified under paragraph (1) or (2) -

(A) as a material weakness in reporting under section 3512 of

title 31; and

(B) if relating to financial management systems, as an

instance of a lack of substantial compliance under the Federal

Financial Management Improvement Act (31 U.S.C. 3512 note).

(d)(1) In addition to the requirements of subsection (c), each

agency, in consultation with the Director, shall include as part of

the performance plan required under section 1115 of title 31 a

description of -

(A) the time periods; and

(B) the resources, including budget, staffing, and training,

that are necessary to implement the program required under

subsection (b).

(2) The description under paragraph (1) shall be based on the

risk assessments required under subsection (b)(2)(1).

(e) Each agency shall provide the public with timely notice and

opportunities for comment on proposed information security policies

and procedures to the extent that such policies and procedures

affect communication with the public.

-SOURCE-

(Added Pub. L. 107-296, title X, Sec. 1001(b)(1), Nov. 25, 2002,

116 Stat. 2262.)

-STATAMEND-

APPLICABILITY OF SECTION

This section not to apply while subchapter III of this chapter is

in effect, see section 3549 of this title.

-REFTEXT-

REFERENCES IN TEXT

The Chief Financial Officers Act of 1990, referred to in subsec.

(c)(2)(E), is Pub. L. 101-576, Nov. 15, 1990, 104 Stat. 2838. For

complete classification of this Act to the Code, see Short Title of

1990 Amendment note set out under section 501 of Title 31, Money

and Finance, and Tables.

The Federal Financial Management Improvement Act, referred to in

subsec. (c)(2)(F), (3)(B), probably means the Federal Financial

Management Improvement Act of 1996, Pub. L. 104-208, div. A, title

I, Sec. 101(f) [title VIII], Sept. 30, 1996, 110 Stat. 3009-314,

3009-389, which is set out as a note under section 3512 of Title

31, Money and Finance. For complete classification of this Act to

the Code, see Tables.

-MISC1-

PRIOR PROVISIONS

A prior section 3534, added Pub. L. 106-398, Sec. 1 [[div. A],

title X, Sec. 1061], Oct. 30, 2000, 114 Stat. 1654, 1654A-268,

related to Federal agency responsibilities prior to the general

amendment of this subchapter by Pub. L. 107-296.

-SECREF-

SECTION REFERRED TO IN OTHER SECTIONS

This section is referred to in section 3533 of this title; title

10 section 2224; title 15 section 7406.

-FOOTNOTE-

(!1) So in original. Probably should be "an".

(!2) So in original. Probably should be "I".

(!3) So in original. The comma probably should not appear.

-End-

-CITE-

44 USC Sec. 3535 01/06/03

-EXPCITE-

TITLE 44 - PUBLIC PRINTING AND DOCUMENTS

CHAPTER 35 - COORDINATION OF FEDERAL INFORMATION POLICY

SUBCHAPTER II - INFORMATION SECURITY

-HEAD-

Sec. 3535. Annual independent evaluation

-STATUTE-

(a)(1) Each year each agency shall have performed an independent

evaluation of the information security program and practices of

that agency to determine the effectiveness of such program and

practices.

(2) Each evaluation by an agency under this section shall include

-

(A) testing of the effectiveness of information security

policies, procedures, and practices of a representative subset of

the agency's information systems;

(B) an assessment (made on the basis of the results of the

testing) of compliance with -

(i) the requirements of this subchapter; and

(ii) related information security policies, procedures,

standards, and guidelines; and

(C) separate presentations, as appropriate, regarding

information security relating to national security systems.

(b) Subject to subsection (c) -

(1) for each agency with an Inspector General appointed under

the Inspector General Act of 1978, the annual evaluation required

by this section shall be performed by the Inspector General or by

an independent external auditor, as determined by the Inspector

General of the agency; and

(2) for each agency to which paragraph (1) does not apply, the

head of the agency shall engage an independent external auditor

to perform the evaluation.

(c) For each agency operating or exercising control of a national

security system, that portion of the evaluation required by this

section directly relating to a national security system shall be

performed -

(1) only by an entity designated by the agency head; and

(2) in such a manner as to ensure appropriate protection for

information associated with any information security

vulnerability in such system commensurate with the risk and in

accordance with all applicable laws.

(d) The evaluation required by this section -

(1) shall be performed in accordance with generally accepted

government auditing standards; and

(2) may be based in whole or in part on an audit, evaluation,

or report relating to programs or practices of the applicable

agency.

(e) Each year, not later than such date established by the

Director, the head of each agency shall submit to the Director the

results of the evaluation required under this section.

(f) Agencies and evaluators shall take appropriate steps to

ensure the protection of information which, if disclosed, may

adversely affect information security. Such protections shall be

commensurate with the risk and comply with all applicable laws and

regulations.

(g)(1) The Director shall summarize the results of the

evaluations conducted under this section in the report to Congress

required under section 3533(a)(8).

(2) The Director's report to Congress under this subsection shall

summarize information regarding information security relating to

national security systems in such a manner as to ensure appropriate

protection for information associated with any information security

vulnerability in such system commensurate with the risk and in

accordance with all applicable laws.

(3) Evaluations and any other descriptions of information systems

under the authority and control of the Director of Central

Intelligence or of National Foreign Intelligence Programs systems

under the authority and control of the Secretary of Defense shall

be made available to Congress only through the appropriate

oversight committees of Congress, in accordance with applicable

laws.

(h) The Comptroller General shall periodically evaluate and

report to Congress on -

(1) the adequacy and effectiveness of agency information

security policies and practices; and

(2) implementation of the requirements of this subchapter.

-SOURCE-

(Added Pub. L. 107-296, title X, Sec. 1001(b)(1), Nov. 25, 2002,

116 Stat. 2265.)

-STATAMEND-

APPLICABILITY OF SECTION

This section not to apply while subchapter III of this chapter is

in effect, see section 3549 of this title.

-REFTEXT-

REFERENCES IN TEXT

The Inspector General Act of 1978, referred to in subsec. (b)(1),

is Pub. L. 95-452, Oct. 12, 1978, 92 Stat. 1101, as amended, which

is set out in the Appendix to Title 5, Government Organization and

Employees.

-MISC1-

PRIOR PROVISIONS

A prior section 3535, added Pub. L. 106-398, Sec. 1 [[div. A],

title X, Sec. 1061], Oct. 30, 2000, 114 Stat. 1654, 1654A-271,

related to annual independent evaluation prior to the general

amendment of this subchapter by Pub. L. 107-296.

-SECREF-

SECTION REFERRED TO IN OTHER SECTIONS

This section is referred to in sections 3533, 3534 of this title;

title 10 section 2224.

-End-

-CITE-

44 USC Sec. 3536 01/06/03

-EXPCITE-

TITLE 44 - PUBLIC PRINTING AND DOCUMENTS

CHAPTER 35 - COORDINATION OF FEDERAL INFORMATION POLICY

SUBCHAPTER II - INFORMATION SECURITY

-HEAD-

Sec. 3536. National security systems

-STATUTE-

The head of each agency operating or exercising control of a

national security system shall be responsible for ensuring that the

agency -

(1) provides information security protections commensurate with

the risk and magnitude of the harm resulting from the

unauthorized access, use, disclosure, disruption, modification,

or destruction of the information contained in such system;

(2) implements information security policies and practices as

required by standards and guidelines for national security

systems, issued in accordance with law and as directed by the

President; and

(3) complies with the requirements of this subchapter.

-SOURCE-

(Added Pub. L. 107-296, title X, Sec. 1001(b)(1), Nov. 25, 2002,

116 Stat. 2266.)

-STATAMEND-

APPLICABILITY OF SECTION

This section not to apply while subchapter III of this chapter is

in effect, see section 3549 of this title.

-MISC1-

PRIOR PROVISIONS

A prior section 3536, added Pub. L. 106-398, Sec. 1 [[div. A],

title X, Sec. 1061], Oct. 30, 2000, 114 Stat. 1654, 1654A-272;

amended Pub. L. 107-314, div. A, title X, Sec. 1052(a), Dec. 2,

2002, 116 Stat. 2648, set forth expiration date of this subchapter

prior to the general amendment of this subchapter by Pub. L.

107-296.

EFFECTIVE DATE

Section effective 60 days after Nov. 25, 2002, see section 4 of

Pub. L. 107-296, set out as a note under section 101 of Title 6,

Domestic Security.

-SECREF-

SECTION REFERRED TO IN OTHER SECTIONS

This section is referred to in title 10 section 2224a.

-End-

-CITE-

44 USC Sec. 3537 01/06/03

-EXPCITE-

TITLE 44 - PUBLIC PRINTING AND DOCUMENTS

CHAPTER 35 - COORDINATION OF FEDERAL INFORMATION POLICY

SUBCHAPTER II - INFORMATION SECURITY

-HEAD-

Sec. 3537. Authorization of appropriations

-STATUTE-

There are authorized to be appropriated to carry out the

provisions of this subchapter such sums as may be necessary for

each of fiscal years 2003 through 2007.

-SOURCE-

(Added Pub. L. 107-296, title X, Sec. 1001(b)(1), Nov. 25, 2002,

116 Stat. 2267.)

-STATAMEND-

APPLICABILITY OF SECTION

This section not to apply while subchapter III of this chapter is

in effect, see section 3549 of this title.

-End-

-CITE-

44 USC Sec. 3538 01/06/03

-EXPCITE-

TITLE 44 - PUBLIC PRINTING AND DOCUMENTS

CHAPTER 35 - COORDINATION OF FEDERAL INFORMATION POLICY

SUBCHAPTER II - INFORMATION SECURITY

-HEAD-

Sec. 3538. Effect on existing law

-STATUTE-

Nothing in this subchapter, section 11331 of title 40, or section

20 of the National Standards (!1) and Technology Act (15 U.S.C.

278g-3) may be construed as affecting the authority of the

President, the Office of Management and Budget or the Director

thereof, the National Institute of Standards and Technology, or the

head of any agency, with respect to the authorized use or

disclosure of information, including with regard to the protection

of personal privacy under section 552a of title 5, the disclosure

of information under section 552 of title 5, the management and

disposition of records under chapters 29, 31, or 33 of title 44,

the management of information resources under subchapter I of

chapter 35 of this title, or the disclosure of information to

Congress or the Comptroller General of the United States.

-SOURCE-

(Added Pub. L. 107-296, title X, Sec. 1001(b)(1), Nov. 25, 2002,

116 Stat. 2267.)

-STATAMEND-

APPLICABILITY OF SECTION

This section not to apply while subchapter III of this chapter is

in effect, see section 3549 of this title.

-FOOTNOTE-

(!1) So in original. Probably should be "National Institute of

Standards".

-End-

-CITE-

44 USC SUBCHAPTER III - INFORMATION SECURITY 01/06/03

-EXPCITE-

TITLE 44 - PUBLIC PRINTING AND DOCUMENTS

CHAPTER 35 - COORDINATION OF FEDERAL INFORMATION POLICY

SUBCHAPTER III - INFORMATION SECURITY

-HEAD-

SUBCHAPTER III - INFORMATION SECURITY

-SECREF-

SUBCHAPTER REFERRED TO IN OTHER SECTIONS

This subchapter is referred to in title 10 section 2224.

-End-

-CITE-

44 USC Sec. 3541 01/06/03

-EXPCITE-

TITLE 44 - PUBLIC PRINTING AND DOCUMENTS

CHAPTER 35 - COORDINATION OF FEDERAL INFORMATION POLICY

SUBCHAPTER III - INFORMATION SECURITY

-HEAD-

Sec. 3541. Purposes

-STATUTE-

The purposes of this subchapter are to -

(1) provide a comprehensive framework for ensuring the

effectiveness of information security controls over information

resources that support Federal operations and assets;

(2) recognize the highly networked nature of the current

Federal computing environment and provide effective

governmentwide management and oversight of the related

information security risks, including coordination of information

security efforts throughout the civilian, national security, and

law enforcement communities;

(3) provide for development and maintenance of minimum controls

required to protect Federal information and information systems;

(4) provide a mechanism for improved oversight of Federal

agency information security programs;

(5) acknowledge that commercially developed information

security products offer advanced, dynamic, robust, and effective

information security solutions, reflecting market solutions for

the protection of critical information infrastructures important

to the national defense and economic security of the nation that

are designed, built, and operated by the private sector; and

(6) recognize that the selection of specific technical hardware

and software information security solutions should be left to

individual agencies from among commercially developed products.

-SOURCE-

(Added Pub. L. 107-347, title III, Sec. 301(b)(1), Dec. 17, 2002,

116 Stat. 2946.)

-MISC1-

EFFECTIVE DATE

Pub. L. 107-347, title IV, Sec. 402(b), Dec. 17, 2002, 116 Stat.

2962, provided that: "Title III [see Short Title of 2002 Amendments

note set out under section 101 of this title] and this title

[enacting provisions set out as a note under section 3601 of this

title] shall take effect on the date of enactment of this Act [Dec.

17, 2002]."

-End-

-CITE-

44 USC Sec. 3542 01/06/03

-EXPCITE-

TITLE 44 - PUBLIC PRINTING AND DOCUMENTS

CHAPTER 35 - COORDINATION OF FEDERAL INFORMATION POLICY

SUBCHAPTER III - INFORMATION SECURITY

-HEAD-

Sec. 3542. Definitions

-STATUTE-

(a) In General. - Except as provided under subsection (b), the

definitions under section 3502 shall apply to this subchapter.

(b) Additional Definitions. - As used in this subchapter:

(1) The term "information security" means protecting

information and information systems from unauthorized access,

use, disclosure, disruption, modification, or destruction in

order to provide -

(A) integrity, which means guarding against improper

information modification or destruction, and includes ensuring

information nonrepudiation and authenticity;

(B) confidentiality, which means preserving authorized

restrictions on access and disclosure, including means for

protecting personal privacy and proprietary information; and

(C) availability, which means ensuring timely and reliable

access to and use of information.

(2)(A) The term "national security system" means any

information system (including any telecommunications system) used

or operated by an agency or by a contractor of an agency, or

other organization on behalf of an agency -

(i) the function, operation, or use of which -

(I) involves intelligence activities;

(II) involves cryptologic activities related to national

security;

(III) involves command and control of military forces;

(IV) involves equipment that is an integral part of a

weapon or weapons system; or

(V) subject to subparagraph (B), is critical to the direct

fulfillment of military or intelligence missions; or

(ii) is protected at all times by procedures established for

information that have been specifically authorized under

criteria established by an Executive order or an Act of

Congress to be kept classified in the interest of national

defense or foreign policy.

(B) Subparagraph (A)(i)(V) does not include a system that is to

be used for routine administrative and business applications

(including payroll, finance, logistics, and personnel management

applications).

(3) The term "information technology" has the meaning given

that term in section 11101 of title 40.

-SOURCE-

(Added Pub. L. 107-347, title III, Sec. 301(b)(1), Dec. 17, 2002,

116 Stat. 2947.)

-SECREF-

SECTION REFERRED TO IN OTHER SECTIONS

This section is referred to in title 15 section 278g-3; title 40

section 11331.

-End-

-CITE-

44 USC Sec. 3543 01/06/03

-EXPCITE-

TITLE 44 - PUBLIC PRINTING AND DOCUMENTS

CHAPTER 35 - COORDINATION OF FEDERAL INFORMATION POLICY

SUBCHAPTER III - INFORMATION SECURITY

-HEAD-

Sec. 3543. Authority and functions of the Director

-STATUTE-

(a) In General. - The Director shall oversee agency information

security policies and practices, including -

(1) developing and overseeing the implementation of policies,

principles, standards, and guidelines on information security,

including through ensuring timely agency adoption of and

compliance with standards promulgated under section 11331 of

title 40;

(2) requiring agencies, consistent with the standards

promulgated under such section 11331 and the requirements of this

subchapter, to identify and provide information security

protections commensurate with the risk and magnitude of the harm

resulting from the unauthorized access, use, disclosure,

disruption, modification, or destruction of -

(A) information collected or maintained by or on behalf of an

agency; or

(B) information systems used or operated by an agency or by a

contractor of an agency or other organization on behalf of an

agency;

(3) coordinating the development of standards and guidelines

under section 20 of the National Institute of Standards and

Technology Act (15 U.S.C. 278g-3) with agencies and offices

operating or exercising control of national security systems

(including the National Security Agency) to assure, to the

maximum extent feasible, that such standards and guidelines are

complementary with standards and guidelines developed for

national security systems;

(4) overseeing agency compliance with the requirements of this

subchapter, including through any authorized action under section

11303 of title 40, to enforce accountability for compliance with

such requirements;

(5) reviewing at least annually, and approving or disapproving,

agency information security programs required under section

3544(b);

(6) coordinating information security policies and procedures

with related information resources management policies and

procedures;

(7) overseeing the operation of the Federal information

security incident center required under section 3546; and

(8) reporting to Congress no later than March 1 of each year on

agency compliance with the requirements of this subchapter,

including -

(A) a summary of the findings of evaluations required by

section 3545;

(B) an assessment of the development, promulgation, and

adoption of, and compliance with, standards developed under

section 20 of the National Institute of Standards and

Technology Act (15 U.S.C. 278g-3) and promulgated under section

11331 of title 40;

(C) significant deficiencies in agency information security

practices;

(D) planned remedial action to address such deficiencies; and

(E) a summary of, and the views of the Director on, the

report prepared by the National Institute of Standards and

Technology under section 20(d)(10) of the National Institute of

Standards and Technology Act (15 U.S.C. 278g-3).

(b) National Security Systems. - Except for the authorities

described in paragraphs (4) and (8) of subsection (a), the

authorities of the Director under this section shall not apply to

national security systems.

(c) Department of Defense and Central Intelligence Agency

Systems. - (1) The authorities of the Director described in

paragraphs (1) and (2) of subsection (a) shall be delegated to the

Secretary of Defense in the case of systems described in paragraph

(2) and to the Director of Central Intelligence in the case of

systems described in paragraph (3).

(2) The systems described in this paragraph are systems that are

operated by the Department of Defense, a contractor of the

Department of Defense, or another entity on behalf of the

Department of Defense that processes any information the

unauthorized access, use, disclosure, disruption, modification, or

destruction of which would have a debilitating impact on the

mission of the Department of Defense.

(3) The systems described in this paragraph are systems that are

operated by the Central Intelligence Agency, a contractor of the

Central Intelligence Agency, or another entity on behalf of the

Central Intelligence Agency that processes any information the

unauthorized access, use, disclosure, disruption, modification, or

destruction of which would have a debilitating impact on the

mission of the Central Intelligence Agency.

-SOURCE-

(Added Pub. L. 107-347, title III, Sec. 301(b)(1), Dec. 17, 2002,

116 Stat. 2947.)

-SECREF-

SECTION REFERRED TO IN OTHER SECTIONS

This section is referred to in sections 3544, 3545 of this title;

title 40 section 11331.

-End-

-CITE-

44 USC Sec. 3544 01/06/03

-EXPCITE-

TITLE 44 - PUBLIC PRINTING AND DOCUMENTS

CHAPTER 35 - COORDINATION OF FEDERAL INFORMATION POLICY

SUBCHAPTER III - INFORMATION SECURITY

-HEAD-

Sec. 3544. Federal agency responsibilities

-STATUTE-

(a) In General. - The head of each agency shall -

(1) be responsible for -

(A) providing information security protections commensurate

with the risk and magnitude of the harm resulting from

unauthorized access, use, disclosure, disruption, modification,

or destruction of -

(i) information collected or maintained by or on behalf of

the agency; and

(ii) information systems used or operated by an agency or

by a contractor of an agency or other organization on behalf

of an agency;

(B) complying with the requirements of this subchapter and

related policies, procedures, standards, and guidelines,

including -

(i) information security standards promulgated under

section 11331 of title 40; and

(ii) information security standards and guidelines for

national security systems issued in accordance with law and

as directed by the President; and

(C) ensuring that information security management processes

are integrated with agency strategic and operational planning

processes;

(2) ensure that senior agency officials provide information

security for the information and information systems that support

the operations and assets under their control, including through

-

(A) assessing the risk and magnitude of the harm that could

result from the unauthorized access, use, disclosure,

disruption, modification, or destruction of such information or

information systems;

(B) determining the levels of information security

appropriate to protect such information and information systems

in accordance with standards promulgated under section 11331 of

title 40, for information security classifications and related

requirements;

(C) implementing policies and procedures to cost-effectively

reduce risks to an acceptable level; and

(D) periodically testing and evaluating information security

controls and techniques to ensure that they are effectively

implemented;

(3) delegate to the agency Chief Information Officer

established under section 3506 (or comparable official in an

agency not covered by such section) the authority to ensure

compliance with the requirements imposed on the agency under this

subchapter, including -

(A) designating a senior agency information security officer

who shall -

(i) carry out the Chief Information Officer's

responsibilities under this section;

(ii) possess professional qualifications, including

training and experience, required to administer the functions

described under this section;

(iii) have information security duties as that official's

primary duty; and

(iv) head an office with the mission and resources to

assist in ensuring agency compliance with this section;

(B) developing and maintaining an agencywide information

security program as required by subsection (b);

(C) developing and maintaining information security policies,

procedures, and control techniques to address all applicable

requirements, including those issued under section 3543 of this

title, and section 11331 of title 40;

(D) training and overseeing personnel with significant

responsibilities for information security with respect to such

responsibilities; and

(E) assisting senior agency officials concerning their

responsibilities under paragraph (2);

(4) ensure that the agency has trained personnel sufficient to

assist the agency in complying with the requirements of this

subchapter and related policies, procedures, standards, and

guidelines; and

(5) ensure that the agency Chief Information Officer, in

coordination with other senior agency officials, reports annually

to the agency head on the effectiveness of the agency information

security program, including progress of remedial actions.

(b) Agency Program. - Each agency shall develop, document, and

implement an agencywide information security program, approved by

the Director under section 3543(a)(5), to provide information

security for the information and information systems that support

the operations and assets of the agency, including those provided

or managed by another agency, contractor, or other source, that

includes -

(1) periodic assessments of the risk and magnitude of the harm

that could result from the unauthorized access, use, disclosure,

disruption, modification, or destruction of information and

information systems that support the operations and assets of the

agency;

(2) policies and procedures that -

(A) are based on the risk assessments required by paragraph

(1);

(B) cost-effectively reduce information security risks to an

acceptable level;

(C) ensure that information security is addressed throughout

the life cycle of each agency information system; and

(D) ensure compliance with -

(i) the requirements of this subchapter;

(ii) policies and procedures as may be prescribed by the

Director, and information security standards promulgated

under section 11331 of title 40;

(iii) minimally acceptable system configuration

requirements, as determined by the agency; and

(iv) any other applicable requirements, including standards

and guidelines for national security systems issued in

accordance with law and as directed by the President;

(3) subordinate plans for providing adequate information

security for networks, facilities, and systems or groups of

information systems, as appropriate;

(4) security awareness training to inform personnel, including

contractors and other users of information systems that support

the operations and assets of the agency, of -

(A) information security risks associated with their

activities; and

(B) their responsibilities in complying with agency policies

and procedures designed to reduce these risks;

(5) periodic testing and evaluation of the effectiveness of

information security policies, procedures, and practices, to be

performed with a frequency depending on risk, but no less than

annually, of which such testing -

(A) shall include testing of management, operational, and

technical controls of every information system identified in

the inventory required under section 3505(c); and

(B) may include testing relied on in a (!1) evaluation under

section 3545;

(6) a process for planning, implementing, evaluating, and

documenting remedial action to address any deficiencies in the

information security policies, procedures, and practices of the

agency;

(7) procedures for detecting, reporting, and responding to

security incidents, consistent with standards and guidelines

issued pursuant to section 3546(b), including -

(A) mitigating risks associated with such incidents before

substantial damage is done;

(B) notifying and consulting with the Federal information

security incident center referred to in section 3546; and

(C) notifying and consulting with, as appropriate -

(i) law enforcement agencies and relevant Offices of

Inspector General;

(ii) an office designated by the President for any incident

involving a national security system; and

(iii) any other agency or office, in accordance with law or

as directed by the President; and

(8) plans and procedures to ensure continuity of operations for

information systems that support the operations and assets of the

agency.

(c) Agency Reporting. - Each agency shall -

(1) report annually to the Director, the Committees on

Government Reform and Science of the House of Representatives,

the Committees on Governmental Affairs and Commerce, Science, and

Transportation of the Senate, the appropriate authorization and

appropriations committees of Congress, and the Comptroller

General on the adequacy and effectiveness of information security

policies, procedures, and practices, and compliance with the

requirements of this subchapter, including compliance with each

requirement of subsection (b);

(2) address the adequacy and effectiveness of information

security policies, procedures, and practices in plans and reports

relating to -

(A) annual agency budgets;

(B) information resources management under subchapter 1 (!2)

of this chapter;

(C) information technology management under subtitle III of

title 40;

(D) program performance under sections 1105 and 1115 through

1119 of title 31, and sections 2801 and 2805 of title 39;

(E) financial management under chapter 9 of title 31, and the

Chief Financial Officers Act of 1990 (31 U.S.C. 501 note;

Public Law 101-576) (and the amendments made by that Act);

(F) financial management systems under the Federal Financial

Management Improvement Act (31 U.S.C. 3512 note); and

(G) internal accounting and administrative controls under

section 3512 of title 31,(!3) (known as the "Federal Managers

Financial Integrity Act"); and

(3) report any significant deficiency in a policy, procedure,

or practice identified under paragraph (1) or (2) -

(A) as a material weakness in reporting under section 3512 of

title 31; and

(B) if relating to financial management systems, as an

instance of a lack of substantial compliance under the Federal

Financial Management Improvement Act (31 U.S.C. 3512 note).

(d) Performance Plan. - (1) In addition to the requirements of

subsection (c), each agency, in consultation with the Director,

shall include as part of the performance plan required under

section 1115 of title 31 a description of -

(A) the time periods, and

(B) the resources, including budget, staffing, and training,

that are necessary to implement the program required under

subsection (b).

(2) The description under paragraph (1) shall be based on the

risk assessments required under subsection (b)(2)(1).

(e) Public Notice and Comment. - Each agency shall provide the

public with timely notice and opportunities for comment on proposed

information security policies and procedures to the extent that

such policies and procedures affect communication with the public.

-SOURCE-

(Added Pub. L. 107-347, title III, Sec. 301(b)(1), Dec. 17, 2002,

116 Stat. 2949.)

-REFTEXT-

REFERENCES IN TEXT

The Chief Financial Officers Act of 1990, referred to in subsec.

(c)(2)(E), is Pub. L. 101-576, Nov. 15, 1990, 104 Stat. 2838. For

complete classification of this Act to the Code, see Short Title of

1990 Amendment note set out under section 501 of Title 31, Money

and Finance, and Tables.

The Federal Financial Management Improvement Act, referred to in

subsec. (c)(2)(F), (3)(B), probably means the Federal Financial

Management Improvement Act of 1996, Pub. L. 104-208, div. A, title

I, Sec. 101(f) [title VIII], Sept. 30, 1996, 110 Stat. 3009-314,

3009-389, which is set out as a note under section 3512 of Title

31, Money and Finance. For complete classification of this Act to

the Code, see Tables.

-SECREF-

SECTION REFERRED TO IN OTHER SECTIONS

This section is referred to in section 3543 of this title.

-FOOTNOTE-

(!1) So in original. Probably should be "an".

(!2) So in original. Probably should be "I".

(!3) So in original. The comma probably should not appear.

-End-

-CITE-

44 USC Sec. 3545 01/06/03

-EXPCITE-

TITLE 44 - PUBLIC PRINTING AND DOCUMENTS

CHAPTER 35 - COORDINATION OF FEDERAL INFORMATION POLICY

SUBCHAPTER III - INFORMATION SECURITY

-HEAD-

Sec. 3545. Annual independent evaluation

-STATUTE-

(a) In General. - (1) Each year each agency shall have performed

an independent evaluation of the information security program and

practices of that agency to determine the effectiveness of such

program and practices.

(2) Each evaluation under this section shall include -

(A) testing of the effectiveness of information security

policies, procedures, and practices of a representative subset of

the agency's information systems;

(B) an assessment (made on the basis of the results of the

testing) of compliance with -

(i) the requirements of this subchapter; and

(ii) related information security policies, procedures,

standards, and guidelines; and

(C) separate presentations, as appropriate, regarding

information security relating to national security systems.

(b) Independent Auditor. - Subject to subsection (c) -

(1) for each agency with an Inspector General appointed under

the Inspector General Act of 1978, the annual evaluation required

by this section shall be performed by the Inspector General or by

an independent external auditor, as determined by the Inspector

General of the agency; and

(2) for each agency to which paragraph (1) does not apply, the

head of the agency shall engage an independent external auditor

to perform the evaluation.

(c) National Security Systems. - For each agency operating or

exercising control of a national security system, that portion of

the evaluation required by this section directly relating to a

national security system shall be performed -

(1) only by an entity designated by the agency head; and

(2) in such a manner as to ensure appropriate protection for

information associated with any information security

vulnerability in such system commensurate with the risk and in

accordance with all applicable laws.

(d) Existing Evaluations. - The evaluation required by this

section may be based in whole or in part on an audit, evaluation,

or report relating to programs or practices of the applicable

agency.

(e) Agency Reporting. - (1) Each year, not later than such date

established by the Director, the head of each agency shall submit

to the Director the results of the evaluation required under this

section.

(2) To the extent an evaluation required under this section

directly relates to a national security system, the evaluation

results submitted to the Director shall contain only a summary and

assessment of that portion of the evaluation directly relating to a

national security system.

(f) Protection of Information. - Agencies and evaluators shall

take appropriate steps to ensure the protection of information

which, if disclosed, may adversely affect information security.

Such protections shall be commensurate with the risk and comply

with all applicable laws and regulations.

(g) OMB Reports to Congress. - (1) The Director shall summarize

the results of the evaluations conducted under this section in the

report to Congress required under section 3543(a)(8).

(2) The Director's report to Congress under this subsection shall

summarize information regarding information security relating to

national security systems in such a manner as to ensure appropriate

protection for information associated with any information security

vulnerability in such system commensurate with the risk and in

accordance with all applicable laws.

(3) Evaluations and any other descriptions of information systems

under the authority and control of the Director of Central

Intelligence or of National Foreign Intelligence Programs systems

under the authority and control of the Secretary of Defense shall

be made available to Congress only through the appropriate

oversight committees of Congress, in accordance with applicable

laws.

(h) Comptroller General. - The Comptroller General shall

periodically evaluate and report to Congress on -

(1) the adequacy and effectiveness of agency information

security policies and practices; and

(2) implementation of the requirements of this subchapter.

-SOURCE-

(Added Pub. L. 107-347, title III, Sec. 301(b)(1), Dec. 17, 2002,

116 Stat. 2952.)

-REFTEXT-

REFERENCES IN TEXT

The Inspector General Act of 1978, referred to in subsec. (b)(1),

is Pub. L. 95-452, Oct. 12, 1978, 92 Stat. 1101, as amended, which

is set out in the Appendix to Title 5, Government Organization and

Employees.

-SECREF-

SECTION REFERRED TO IN OTHER SECTIONS

This section is referred to in sections 3543, 3544 of this title.

-End-

-CITE-

44 USC Sec. 3546 01/06/03

-EXPCITE-

TITLE 44 - PUBLIC PRINTING AND DOCUMENTS

CHAPTER 35 - COORDINATION OF FEDERAL INFORMATION POLICY

SUBCHAPTER III - INFORMATION SECURITY

-HEAD-

Sec. 3546. Federal information security incident center

-STATUTE-

(a) In General. - The Director shall ensure the operation of a

central Federal information security incident center to -

(1) provide timely technical assistance to operators of agency

information systems regarding security incidents, including

guidance on detecting and handling information security

incidents;

(2) compile and analyze information about incidents that

threaten information security;

(3) inform operators of agency information systems about

current and potential information security threats, and

vulnerabilities; and

(4) consult with the National Institute of Standards and

Technology, agencies or offices operating or exercising control

of national security systems (including the National Security

Agency), and such other agencies or offices in accordance with

law and as directed by the President regarding information

security incidents and related matters.

(b) National Security Systems. - Each agency operating or

exercising control of a national security system shall share

information about information security incidents, threats, and

vulnerabilities with the Federal information security incident

center to the extent consistent with standards and guidelines for

national security systems, issued in accordance with law and as

directed by the President.

-SOURCE-

(Added Pub. L. 107-347, title III, Sec. 301(b)(1), Dec. 17, 2002,

116 Stat. 2954.)

-SECREF-

SECTION REFERRED TO IN OTHER SECTIONS

This section is referred to in sections 3543, 3544 of this title.

-End-

-CITE-

44 USC Sec. 3547 01/06/03

-EXPCITE-

TITLE 44 - PUBLIC PRINTING AND DOCUMENTS

CHAPTER 35 - COORDINATION OF FEDERAL INFORMATION POLICY

SUBCHAPTER III - INFORMATION SECURITY

-HEAD-

Sec. 3547. National security systems

-STATUTE-

The head of each agency operating or exercising control of a

national security system shall be responsible for ensuring that the

agency -

(1) provides information security protections commensurate with

the risk and magnitude of the harm resulting from the

unauthorized access, use, disclosure, disruption, modification,

or destruction of the information contained in such system;

(2) implements information security policies and practices as

required by standards and guidelines for national security

systems, issued in accordance with law and as directed by the

President; and

(3) complies with the requirements of this subchapter.

-SOURCE-

(Added Pub. L. 107-347, title III, Sec. 301(b)(1), Dec. 17, 2002,

116 Stat. 2954.)

-End-

-CITE-

44 USC Sec. 3548 01/06/03

-EXPCITE-

TITLE 44 - PUBLIC PRINTING AND DOCUMENTS

CHAPTER 35 - COORDINATION OF FEDERAL INFORMATION POLICY

SUBCHAPTER III - INFORMATION SECURITY

-HEAD-

Sec. 3548. Authorization of appropriations

-STATUTE-

There are authorized to be appropriated to carry out the

provisions of this subchapter such sums as may be necessary for

each of fiscal years 2003 through 2007.

-SOURCE-

(Added Pub. L. 107-347, title III, Sec. 301(b)(1), Dec. 17, 2002,

116 Stat. 2954.)

-End-

-CITE-

44 USC Sec. 3549 01/06/03

-EXPCITE-

TITLE 44 - PUBLIC PRINTING AND DOCUMENTS

CHAPTER 35 - COORDINATION OF FEDERAL INFORMATION POLICY

SUBCHAPTER III - INFORMATION SECURITY

-HEAD-

Sec. 3549. Effect on existing law

-STATUTE-

Nothing in this subchapter, section 11331 of title 40, or section

20 of the National Standards (!1) and Technology Act (15 U.S.C.

278g-3) may be construed as affecting the authority of the

President, the Office of Management and Budget or the Director

thereof, the National Institute of Standards and Technology, or the

head of any agency, with respect to the authorized use or

disclosure of information, including with regard to the protection

of personal privacy under section 552a of title 5, the disclosure

of information under section 552 of title 5, the management and

disposition of records under chapters 29, 31, or 33 of title 44,

the management of information resources under subchapter I of

chapter 35 of this title, or the disclosure of information to the

Congress or the Comptroller General of the United States. While

this subchapter is in effect, subchapter II of this chapter shall

not apply.

-SOURCE-

(Added Pub. L. 107-347, title III, Sec. 301(b)(1), Dec. 17, 2002,

116 Stat. 2955.)

-FOOTNOTE-

(!1) So in original. Probably should be "National Institute of

Standards".

-End-




Descargar
Enviado por:El remitente no desea revelar su nombre
Idioma: inglés
País: Estados Unidos

Te va a interesar