(1) establish goals for improving the efficiency and effectiveness of agency operations and, as appropriate, the delivery of services to the public through the effective use of information technology;

(2) prepare an annual report, to be included in the executive agency's budget submission to Congress, on the progress in achieving the goals;

(3) ensure that performance measurements—

(A) are prescribed for information technology used by, or to be acquired for, the executive agency; and

(B) measure how well the information technology supports programs of the executive agency;

(4) where comparable processes and organizations in the public or private sectors exist, quantitatively benchmark agency process performance against those processes in terms of cost, speed, productivity, and quality of outputs and outcomes; (5) analyze the missions of the executive agency and, based on the analysis, revise the executive agency's mission-related processes and administrative processes as appropriate before making significant investments in information technology to be used in support of the performance of those missions; and

(6) ensure that the information security policies, procedures, and practices of the executive agency are adequate.

§ 11314. Authority to acquire and manage information technology

(a) IN GENERAL.-The authority of the head of an executive agency to acquire information technology includes—

(1) acquiring information technology as authorized by law; (2) making a contract that provides for multiagency acquisitions of information technology in accordance with guidance issued by the Director of the Office of Management and Budget; and

(3) if the Director finds that it would be advantageous for the Federal Government to do so, making a multiagency contract for procurement of commercial items of information technology that requires each executive agency covered by the contract, when procuring those items, to procure the items under that contract or to justify an alternative procurement of the items. (b) FTS 2000 PROGRAM.-The Administrator of General Services shall continue to manage the FTS 2000 program, and to coordinate the follow-on to that program, for and with the advice of the heads of executive agencies.

§ 11315. Agency Chief Information Officer

(a) DEFINITION.-In this section, the term "information technology architecture", with respect to an executive agency, means an integrated framework for evolving or maintaining existing information technology and acquiring new information technology to achieve the agency's strategic goals and information resources management goals.

(b) GENERAL RESPONSIBILITIES.-The Chief Information Officer of an executive agency is responsible for—

(1) providing advice and other assistance to the head of the executive agency and other senior management personnel of

the executive agency to ensure that information technology is acquired and information resources are managed for the executive agency in a manner that implements the policies and procedures of this subtitle, consistent with chapter 35 of title 44 and the priorities established by the head of the executive

agency;

(2) developing, maintaining, and facilitating the implementation of a sound and integrated information technology architecture for the executive agency; and

(3) promoting the effective and efficient design and operation of all major information resources management processes for the executive agency, including improvements to work processes of the executive agency.

(c) DUTIES AND QUALIFICATIONS.-The Chief Information Officer of an agency listed in section 901(b) of title 31

(1) has information resources management duties as that official's primary duty;

(2) monitors the performance of information technology programs of the agency, evaluates the performance of those programs on the basis of the applicable performance measurements, and advises the head of the agency regarding whether to continue, modify, or terminate a program or project; and

(3) annually, as part of the strategic planning and performance evaluation process required (subject to section 1117 of title 31) under section 306 of title 5 and sections 1105(a)(28), 1115-1117, and 9703 (as added by section 5(a) of the Government Performance and Results Act of 1993 (Public Law 10362, 107 Stat. 289)) of title 31—

(A) assesses the requirements established for agency personnel regarding knowledge and skill in information resources management and the adequacy of those_requirements for facilitating the achievement of the performance goals established for information resources management;

(B) assesses the extent to which the positions and personnel at the executive level of the agency and the positions and personnel at management level of the agency below the executive level meet those requirements;

(C) develops strategies and specific plans for hiring, training, and professional development to rectify any deficiency in meeting those requirements; and

(D) reports to the head of the agency on the progress made in improving information resources management capability.

§ 11316. Accountability

The head of each executive agency, in consultation with the Chief Information Officer and the Chief Financial Officer of that executive agency (or, in the case of an executive agency without a chief financial officer, any comparable official), shall establish policies and procedures to ensure that

(1) the accounting, financial, asset management, and other information systems of the executive agency are designed, developed, maintained, and used effectively to provide financial or program performance data for financial statements of the executive agency;

(2) financial and related program performance data are provided on a reliable, consistent, and timely basis to executive agency financial management systems; and

(3) financial statements support

(A) assessments and revisions of mission-related processes and administrative processes of the executive agency; and

(B) measurement of the performance of investments made by the agency in information systems.

§ 11317. Significant deviations

The head of each executive agency shall identify in the strategic information resources management plan required under section 3506(b)(2) of title 44 any major information technology acquisition program, or any phase or increment of that program, that has significantly deviated from the cost, performance, or schedule goals established for the program.

§ 11318. Interagency support

The head of an executive agency may use amounts available to the agency for oversight, acquisition, and procurement of information technology to support jointly with other executive agencies the activities of interagency groups that are established to advise the Director of the Office of Management and Budget in carrying out the Director's responsibilities under this chapter. The use of those amounts for that purpose is subject to requirements and limitations on uses and amounts that the Director may prescribe. The Director shall prescribe the requirements and limitations during the Director's review of the executive agency's proposed budget submitted to the Director by the head of the executive agency for purposes of section 1105 of title 31.

SUBCHAPTER III-OTHER RESPONSIBILITIES

§ 11331. Responsibilities for Federal information systems standards

(a) DEFINITION.-In this section, the term "information security" has the meaning given that term in section 3532(b)(1) of title 44.

(b) REQUIREMENT TO PRESCRIBE STANDARDS.

(1) IN GENERAL.

(A) REQUIREMENT.-Except as provided under paragraph (2), the Director of the Office of Management and Budget shall, on the basis of proposed standards developed by the National Institute of Standards and Technology pursuant to paragraphs (2) and (3) of section 20(a) of the National Institute of Standards and Technology Act (15 U.S.C. 278g-3(a)) and in consultation with the Secretary of Homeland Security, promulgate information security standards pertaining to Federal information systems.

(B) REQUIRED STANDARDS.-Standards promulgated under subparagraph (A) shall include

(i) standards that provide minimum information security requirements as determined under section

20(b) of the National Institute of Standards and Technology Act (15 U.S.C. 278g-3(b)); and

(ii) such standards that are otherwise necessary to improve the efficiency of operation or security of Federal information systems.

(C) REQUIRED STANDARDS BINDING.-Information security standards described under subparagraph (B) shall be compulsory and binding.

(2) STANDARDS AND GUIDELINES FOR NATIONAL SECURITY SYSTEMS. Standards and guidelines for national security systems, as defined under section 3532(3) of title 44, shall be developed, promulgated, enforced, and overseen as otherwise authorized by law and as directed by the President.

(c) APPLICATION OF MORE STRINGENT STANDARDS.-The head of an agency may employ standards for the cost-effective information security for all operations and assets within or under the supervision of that agency that are more stringent than the standards promulgated by the Director under this section, if such standards—

Sec.

(1) contain, at a minimum, the provisions of those applicable standards made compulsory and binding by the Director; and

(2) are otherwise consistent with policies and guidelines issued under section 3533 of title 44.

(d) REQUIREMENTS REGARDING DECISIONS BY DIRECTOR.

(1) DEADLINE.-The decision regarding the promulgation of any standard by the Director under subsection (b) shall occur not later than 6 months after the submission of the proposed standard to the Director by the National Institute of Standards and Technology, as provided under section 20 of the National Institute of Standards and Technology Act (15 U.S.C. 278g-3).

(2) NOTICE AND COMMENT.-A decision by the Director to significantly modify, or not promulgate, a proposed standard submitted to the Director by the National Institute of Standards and Technology, as provided under section 20 of the National Institute of Standards and Technology Act (15 U.S.C. 278g-3), shall be made after the public is given an opportunity to comment on the Director's proposed decision.

CHAPTER 115-INFORMATION TECHNOLOGY
ACQUISITION PILOT PROGRAM

SUBCHAPTER I-CONDUCT OF PILOT PROGRAM

SUBCHAPTER I-CONDUCT OF PILOT PROGRAM6

§ 11501. Authority to conduct pilot program

(a) IN GENERAL.

(1) PURPOSE.-In consultation with the Administrator for the Office of Information and Regulatory Affairs, the Administrator for Federal Procurement Policy may conduct a pilot program pursuant to the requirements of section 11521 of this title to test alternative approaches for the acquisition of information technology by executive agencies.

(2) MULTIAGENCY, MULTI-ACTIVITY CONDUCT OF EACH PROGRAM.-Except as otherwise provided in this chapter, the pilot program conducted under this chapter shall be carried out in not more than two procuring activities in each of the executive agencies that are designated by the Administrator for Federal Procurement Policy in accordance with this chapter to carry out the pilot program. With the approval of the Administrator for Federal Procurement Policy, the head of each designated executive agency shall select the procuring activities of the executive agency that are to participate in the test and shall designate a procurement testing official who shall be responsible for the conduct and evaluation of the pilot program within the executive agency.

(b) LIMITATION ON AMOUNT.-The total amount obligated for contracts entered into under the pilot program conducted under this chapter may not exceed $750,000,000. The Administrator for Federal Procurement Policy shall monitor those contracts and ensure that contracts are not entered into in violation of this subsection. (c) PERIOD OF PROGRAMS.—

(1) IN GENERAL.—Subject to paragraph (2), the pilot program may be carried out under this chapter for the period, not in excess of five years, the Administrator for Federal Procurement Policy determines is sufficient to establish reliable results.

(2) CONTINUING VALIDITY OF CONTRACTS.—A contract entered into under the pilot program before the expiration of that program remains in effect according to the terms of the contract after the expiration of the program.

§ 11502. Evaluation criteria and plans

(a) MEASURABLE TEST CRITERIA.-To the maximum extent practicable, the head of each executive agency conducting the pilot program under section 11501 of this title shall establish measurable criteria for evaluating the effects of the procedures or techniques to be tested under the program.

(b) TEST PLAN.-Before the pilot program may be conducted under section 11501 of this title, the Administrator for Federal Procurement Policy shall submit to Congress a detailed test plan for the program, including a detailed description of the procedures to be used and a list of regulations that are to be waived.

6 Amendments to this subchapter made by section 210(h) of Public Law 107-347 (116 Stat. 2938) were not executable because of similar amendments made by section 825(b)(2)(A) of Public Law 107-314 (116 Stat. 2615).