40 U.S. Code § 11315 - Agency Chief Information Officer
Historical and Revision Notes
Source (U.S. Code)
Source (Statutes at Large)
Pub. L. 104–106, div. E, title LI, § 5125(b)–(d), Feb. 10, 1996, 110 Stat. 685.
In subsection (c)(3), before subclause (A), the reference to 31:1105(a)(29) is changed to 1105(a)(28) because of the redesignation of 1105(a)(29) as 1105(a)(28) by section 4(1) of the Act of October 11, 1996, (Public Law 104–287, 110 Stat. 3388). The words “as added by section 5(a) of the Government Performance and Results Act of 1993 (Public Law 103–62, 107 Stat. 289)” are added for clarity because there is another 31:9703.
2004—Subsec. (b)(2). Pub. L. 108–458 inserted “, secure,” after “sound”.
Ex. Ord. No. 13833, May 15, 2018, 83 F.R. 23345, provided:
By the authority vested in me as President by the Constitution and the laws of the United States of America, it is hereby ordered as follows:
Section 1. Purpose. The Federal Government spends more than $90 billion annually on information technology (IT). The vast majority of this sum is consumed in maintaining legacy IT infrastructure that is often ineffective and more costly than modern technologies. Modern IT systems would enable agencies to reduce costs, mitigate cybersecurity risks, and deliver improved services to the American people. While the recently enacted Modernizing Government Technology Act [probably means subtitle G of title X of div. A of Pub. L. 115–91, set out as a note under section 11301 of this title] will provide needed financial resources to help transition agencies to more effective, efficient, and secure technologies, more can be done to improve management of IT resources. Department and agency (agency) Chief Information Officers (CIOs) generally do not have adequate visibility into, or control over, their agencies’ IT resources, resulting in duplication, waste, and poor service delivery. Enhancing the effectiveness of agency CIOs will better position agencies to modernize their IT systems, execute IT programs more efficiently, reduce cybersecurity risks, and serve the American people well.
Sec. 2. Policy. It is the policy of the executive branch to:
(a) empower agency CIOs to ensure that agency IT systems are secure, efficient, accessible, and effective, and that such systems enable agencies to accomplish their missions;
(b) modernize IT infrastructure within the executive branch and meaningfully improve the delivery of digital services; and
(c) improve the management, acquisition, and oversight of Federal IT.
Sec. 3. Definitions. For purposes of this order:
(a) the term “covered agency” means an agency listed in 31 U.S.C. 901(b), other than the Department of Defense or any agency considered to be an “independent regulatory agency” as defined in 44 U.S.C. 3502(5);
(b) the term “information technology” has the meaning given that term in 40 U.S.C. 11101(6);
(c) the term “Chief Information Officer” or “CIO” means the individual within a covered agency as described in 40 U.S.C. 11315;
(d) the term “component Chief Information Officer” or “component CIO” means an individual in a covered agency, other than the CIO referred to in subsection (c) of this section, who has the title Chief Information Officer, or who functions in the capacity of a CIO, and has IT management authorities over a component of the agency similar to those the CIO has over the entire agency;
(e) the term “IT position” means a position within the job family standard for the Information Technology Management Series, GS–2210, as defined by the Office of Personnel Management (OPM) in the Handbook of Occupational Groups and Families and related guidance.
Sec. 4. Emphasizing Chief Information Officer Duties and Responsibilities. The head of each covered agency shall take all necessary and appropriate action to ensure that:
(a) consistent with 44 U.S.C. 3506(a)(2), the CIO of the covered agency reports directly to the agency head, such that the CIO has direct access to the agency head regarding all programs that include IT;
(b) consistent with 40 U.S.C. 11315(b), and to promote the effective, efficient, and secure use of IT to accomplish the agency’s mission, the CIO serves as the primary strategic advisor to the agency head concerning the use of IT;
(c) consistent with 40 U.S.C. 11319(b)(1)(A), the CIO has a significant role, including, as appropriate, as lead advisor, in all annual and multi-year planning, programming, budgeting, and execution decisions, as well as in all management, governance, and oversight processes related to IT; and
(d) consistent with 40 U.S.C. 11319(b)(2) and other applicable law, the CIO of the covered agency approves the appointment of any component CIO in that agency.
Sec. 5. Agency-wide IT Consolidation. Consistent with the purposes of Executive Order 13781 of March 13, 2017 (Comprehensive Plan for Reorganizing the Executive Branch) [82 F.R. 13959], the head of each covered agency shall take all necessary and appropriate action to:
(a) eliminate unnecessary IT management functions;
(b) merge or reorganize agency IT functions to promote agency-wide consolidation of the agency’s IT infrastructure, taking into account any recommendations of the relevant agency CIO; and
(c) increase use of industry best practices, such as the shared use of IT solutions within agencies and across the executive branch.
Sec. 6. Strengthening Cybersecurity. Consistent with the purposes of Executive Order 13800 of May 11, 2017 (Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure) [6 U.S.C. note prec. 1500], the head of each covered agency shall take all necessary and appropriate action to ensure that:
(a) the CIO, as the principal advisor to the agency head for the management of IT resources, works closely with an integrated team of senior executives with expertise in IT, security, budgeting, acquisition, law, privacy, and human resources to implement appropriate risk management measures; and
(b) the agency prioritizes procurement of shared IT services, including modern email and other cloud-based services, where possible and to the extent permitted by law.
Sec. 7. Knowledge and Skill Standards for IT Personnel. The head of each covered agency shall take all necessary and appropriate action to ensure that:
(a) consistent with 40 U.S.C. 11315(c)(3), the CIO assesses and advises the agency head regarding knowledge and skill standards established for agency IT personnel;
(b) the established knowledge and skill standards are included in the performance standards and reflected in the performance evaluations of all component CIOs, and that the CIO is responsible for that portion of the evaluation; and
(c) all component CIOs apply those standards within their own components.
Sec. 8. Chief Information Officer Role on IT Governance Boards. Wherever appropriate and consistent with applicable law, the head of each covered agency shall ensure that the CIO shall be a member of any investment or related board of the agency with purview over IT, or any board responsible for setting agency-wide IT standards. The head of each covered agency shall also, as appropriate and consistent with applicable law, direct the CIO to chair any such board. To the extent any such board operates through member votes, the head of each covered agency shall also, as appropriate and consistent with applicable law, direct the CIO to fulfill the role of voting member.
Sec. 9. Chief Information Officer Hiring Authorities. The Director of OPM (Director) shall publish a proposed rule delegating to the head of each covered agency authority to determine whether there is a severe shortage of candidates (or, with respect to the Department of Veterans Affairs, that there exists a severe shortage of highly qualified candidates), or that a critical hiring need exists, for IT positions at the covered agency pursuant to 5 U.S.C. 3304(a)(3), under criteria established by OPM.
(a) Such proposed rule shall provide that, upon an affirmative determination by the head of a covered agency that there is a severe shortage of candidates (or, with respect to the Department of Veterans Affairs, that there exists a severe shortage of highly qualified candidates), or that a critical hiring need exists for IT positions, under the criteria established by OPM, the Director shall, within 30 days, grant that agency direct hiring authority for IT positions.
(b) Such proposed rule shall further provide that employees hired using this authority may not be transferred to positions that are not IT positions; that the employees shall initially be given term appointments not to exceed 4 years; and that the terms of such employees may be extended up to 4 additional years at the discretion of the hiring agency.
(c) The Director shall submit the proposed rule for publication within 30 days of the date of this order [May 15, 2018].
Sec. 10. Guidance. The Director of the Office of Management and Budget shall amend or replace relevant guidance, as appropriate, to agencies to reflect the requirements of this order.
Sec. 11. General Provisions. (a) Nothing in this order shall be construed to impair or otherwise affect:
(i) the authority granted by law to an executive department or agency, or the head thereof; or
(ii) the functions of the Director of the Office of Management and Budget relating to budgetary, administrative, or legislative proposals.
(b) This order shall be implemented consistent with applicable law and subject to the availability of appropriations.
(c) This order is not intended to, and does not, create any right or benefit, substantive or procedural, enforceable at law or in equity by any party against the United States, its departments, agencies, or entities, its officers, employees, or agents, or any other person.