1.1.2 Agency IT Authorities – Laws and Executive Orders

This section consists of IT authorities assigned to agencies in laws and executive orders which directly or indirectly task the CIO with duties or responsibilities pertaining to IT leadership and accountability. The statutory language is directly pulled from the applicable laws and executive orders. In most cases, the heads of agencies delegate all IT management responsibilities to the CIO, but some functions are explicitly assigned to more than one person (e.g. the CIO in consultation with the Chief Financial Officer (CFO)). See individual agency policies to determine how instances of dual responsibility are implemented and executed, and what tasks (if any) are required of the agency head but not delegated to the CIO.

Role
The head of each agency shall be responsible for:

Carrying out the agency’s information resources management activities to improve agency productivity, efficiency, and effectiveness; and complying with the requirements of this subchapter and related policies established by the Director.
Except as provided under subparagraph (B), the head of each agency shall designate a [CIO] who shall report directly to such agency head to carry out the responsibilities of the agency under this subchapter. (44 U.S.C. §3506. US Federal Information Policy. Federal Agency Responsibilities. Information Resources Management.)

In consultation with the [CIO] designated under paragraph (2) and the agency [CFO] (or comparable official), each agency program official shall define program information needs and develop strategies, systems, and capabilities to meet those needs. (Ibid.)

Establish a process within the office headed by the [CIO] designated under subsection (a), that is sufficiently independent of program responsibility to evaluate fairly whether proposed collections of information should be approved under this subchapter, to—review each collection of information before submission to the Director for review under this subchapter. (Ibid.)

Policy
It is the policy of the executive branch to:

Empower agency CIOs to ensure that agency IT systems are secure, efficient, accessible, and effective, and that such systems enable agencies to accomplish their missions;
Modernize IT infrastructure within the executive branch and meaningfully improve the delivery of digital services; and
Improve the management, acquisition, and oversight of Federal IT. (EO 13833. Enhancing the Effectiveness of Agency Chief Information Officers. May 2018.)

Agency-Wide IT Consolidation
The head of each covered agency shall take all necessary and appropriate action to:

Eliminate unnecessary IT management functions;
Merge or reorganize agency IT functions to promote agency-wide consolidation of the agency’s IT infrastructure, taking into account any recommendations of the relevant agency CIO; and
Increase use of industry best practices, such as the shared use of IT solutions within agencies and across the executive branch. (EO 13833. Enhancing the Effectiveness of Agency Chief Information Officers. May 2018 & EO 13781. Comprehensive Plan for Reorganizing the Executive Branch. March 2017).

Strengthening Cybersecurity
The head of each covered agency shall take all necessary and appropriate action to ensure that:

The CIO, as the principal advisor to the agency head for the management of IT resources, works closely with an integrated team of senior executives with expertise in IT, security, budgeting, acquisition, law, privacy, and human resources to implement appropriate risk management measures; and
The agency prioritizes procurement of shared IT services, including modern email and other cloud-based services, where possible and to the extent permitted by law. (EO 13833. Enhancing the Effectiveness of Agency Chief Information Officers. May 2018 & EO 13800. Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure. May 2017.)

Knowledge and Skills Standards for IT Personnel

The CIO assesses and advises the agency head regarding knowledge and skill standards established for agency IT personnel;
Ensures that the established knowledge and skill standards are included in the performance standards and reflected in the performance evaluations of all component CIOs and that the CIO is responsible for that portion of the evaluation; and
Ensures all component CIOs apply those standards within their own components. (OPM. Announcing Government-wide Direct Hire Appointing Authorities. 10/11/2018.)

CIO Hiring Authorities
As directed in EO 13833, OPM and the Chief Human Capital Officer Council published guidance delegating to the head of each covered agency authority to determine whether there is a severe shortage of candidates, or that a critical hiring need exists, for IT positions at the agency. (OPM. Delegation of Direct-Hire Appointing Authority for IT Positions. 4/5/2019.) This direct hire authority (DHA) expands agencies' ability to maximize DHA for meeting critical IT hiring challenges beyond the Government-wide DHA for IT, which is limited to IT positions related to information security.

Governance
Wherever appropriate and consistent with applicable law, the head of each covered agency shall ensure that the CIO shall be a member of any investment or related board of the agency with purview over IT, or any board responsible for setting agency-wide IT standards. The head of each covered agency shall also, as appropriate and consistent with applicable law, direct the CIO to chair any such board. To the extent any such board operates through member votes, the head of each covered agency shall also, as appropriate and consistent with applicable law, direct the CIO to fulfill the role of voting member. (EO 13833. Enhancing the Effectiveness of Agency Chief Information Officers. May 2018.)