40 U.S.C.
United States Code, 2022 Edition
Title 40 - PUBLIC BUILDINGS, PROPERTY, AND WORKS
SUBTITLE III - INFORMATION TECHNOLOGY MANAGEMENT
CHAPTER 113 - RESPONSIBILITY FOR ACQUISITIONS OF INFORMATION TECHNOLOGY
SUBCHAPTER I - DIRECTOR OF OFFICE OF MANAGEMENT AND BUDGET
Sec. 11302 - Capital planning and investment control
From the U.S. Government Publishing Office, www.gpo.gov

§11302. Capital planning and investment control

(a) Federal Information Technology.—The Director of the Office of Management and Budget shall perform the responsibilities set forth in this section in fulfilling the responsibilities under section 3504(h) of title 44.

(b) Use of Information Technology in Federal Programs.—The Director shall promote and improve the acquisition, use, security, and disposal of information technology by the Federal Government to improve the productivity, efficiency, and effectiveness of federal programs, including through dissemination of public information and the reduction of information collection burdens on the public.

(c) Use of Budget Process.—

(1) Definitions.—In this subsection:

(A) The term "covered agency" means an agency listed in section 901(b)(1) or 901(b)(2) of title 31.

(B) The term "major information technology investment" means an investment within a covered agency information technology investment portfolio that is designated by the covered agency as major, in accordance with capital planning guidance issued by the Director.

(C) The term "national security system" has the meaning provided in section 3542 of title 44.1


(2) Analyzing, tracking, and evaluating capital investments.—As part of the budget process, the Director shall develop a process for analyzing, tracking, and evaluating the risks, including information security risks, and results of all major capital investments made by an executive agency for information systems. The process shall cover the life of each system and shall include explicit criteria for analyzing the projected and actual costs, benefits, and risks, including information security risks, associated with the investments.

(3) Public availability.—

(A) In general.—The Director shall make available to the public a list of each major information technology investment, without regard to whether the investments are for new information technology acquisitions or for operations and maintenance of existing information technology, including data on cost, schedule, and performance.

(B) Agency information.—

(i) The Director shall issue guidance to each covered agency for reporting of data required by subparagraph (A) that provides a standardized data template that can be incorporated into existing, required data reporting formats and processes. Such guidance shall integrate the reporting process into current budget reporting that each covered agency provides to the Office of Management and Budget, to minimize additional workload. Such guidance shall also clearly specify that the investment evaluation required under subparagraph (C) adequately reflect the investment's cost and schedule performance and employ incremental development approaches in appropriate cases.

(ii) The Chief Information Officer of each covered agency shall provide the Director with the information described in subparagraph (A) on at least a semi-annual basis for each major information technology investment, using existing data systems and processes.


(C) Investment evaluation.—For each major information technology investment listed under subparagraph (A), the Chief Information Officer of the covered agency, in consultation with other appropriate agency officials, shall categorize the investment according to risk, in accordance with guidance issued by the Director.

(D) Continuous improvement.—If either the Director or the Chief Information Officer of a covered agency determines that the information made available from the agency's existing data systems and processes as required by subparagraph (B) is not timely and reliable, the Chief Information Officer, in consultation with the Director and the head of the agency, shall establish a program for the improvement of such data systems and processes.

(E) Waiver or limitation authority.—The applicability of subparagraph (A) may be waived or the extent of the information may be limited by the Director, if the Director determines that such a waiver or limitation is in the national security interests of the United States.

(F) Additional limitation.—The requirements of subparagraph (A) shall not apply to national security systems or to telecommunications or information technology that is fully funded by amounts made available—

(i) under the National Intelligence Program, defined by section 3(6) of the National Security Act of 1947 (50 U.S.C. 3003(6));

(ii) under the Military Intelligence Program or any successor program or programs; or

(iii) jointly under the National Intelligence Program and the Military Intelligence Program (or any successor program or programs).


(4) Risk management.—For each major information technology investment listed under paragraph (3)(A) that receives a high risk rating, as described in paragraph (3)(C), for 4 consecutive quarters—

(A) the Chief Information Officer of the covered agency and the program manager of the investment within the covered agency, in consultation with the Administrator of the Office of Electronic Government, shall conduct a review of the investment that shall identify—

(i) the root causes of the high level of risk of the investment;

(ii) the extent to which these causes can be addressed; and

(iii) the probability of future success;


(B) the Administrator of the Office of Electronic Government shall communicate the results of the review under subparagraph (A) to—

(i) the Committee on Homeland Security and Governmental Affairs and the Committee on Appropriations of the Senate;

(ii) the Committee on Oversight and Government Reform and the Committee on Appropriations of the House of Representatives; and

(iii) the committees of the Senate and the House of Representatives with primary jurisdiction over the agency;


(C) in the case of a major information technology investment of the Department of Defense, the assessment required by subparagraph (A) may be accomplished in accordance with section 2445c 1 of title 10, provided that the results of the review are provided to the Administrator of the Office of Electronic Government upon request and to the committees identified in subsection (B); and

(D) for a covered agency other than the Department of Defense, if on the date that is one year after the date of completion of the review required under subsection (A), the investment is rated as high risk under paragraph (3)(C), the Director shall deny any request for additional development, modernization, or enhancement funding for the investment until the date on which the Chief Information Officer of the covered agency determines that the root causes of the high level of risk of the investment have been addressed, and there is sufficient capability to deliver the remaining planned increments within the planned cost and schedule.


(5) Report to congress.—At the same time that the President submits the budget for a fiscal year to Congress under section 1105(a) of title 31, the Director shall submit to Congress a report on the net program performance benefits achieved as a result of major capital investments made by executive agencies for information systems and how the benefits relate to the accomplishment of the goals of the executive agencies.


(d) Information Technology Standards.—The Director shall oversee the development and implementation of standards and guidelines pertaining to federal computer systems by the Secretary of Commerce through the National Institute of Standards and Technology under section 11331 of this title 1 and section 20 of the National Institute of Standards and Technology Act (15 U.S.C. 278g–3).

(e) Designation of Executive Agents for Acquisitions.—The Director shall designate the head of one or more executive agencies, as the Director considers appropriate, as executive agent for Government-wide acquisitions of information technology.

(f) Use of Best Practices in Acquisitions.—The Director shall encourage the heads of the executive agencies to develop and use the best practices in the acquisition of information technology.

(g) Assessment of Other Models for Managing Information Technology.—On a continuing basis, the Director shall assess the experiences of executive agencies, state and local governments, international organizations, and the private sector in managing information technology.

(h) Comparison of Agency Uses of Information Technology.—The Director shall compare the performances of the executive agencies in using information technology and shall disseminate the comparisons to the heads of the executive agencies.

(i) Monitoring Training.—The Director shall monitor the development and implementation of training in information resources management for executive agency personnel.

(j) Informing Congress.—The Director shall keep Congress fully informed on the extent to which the executive agencies are improving the performance of agency programs and the accomplishment of the agency missions through the use of the best practices in information resources management.

(k) Coordination of Policy Development and Review.—The Director shall coordinate with the Office of Federal Procurement Policy the development and review by the Administrator of the Office of Information and Regulatory Affairs of policy associated with federal acquisition of information technology.

(Pub. L. 107–217, Aug. 21, 2002, 116 Stat. 1237; Pub. L. 108–458, title VIII, §8401(1), (2), Dec. 17, 2004, 118 Stat. 3869; Pub. L. 113–291, div. A, title VIII, §832, Dec. 19, 2014, 128 Stat. 3440; Pub. L. 115–88, §2, Nov. 21, 2017, 131 Stat. 1278; Pub. L. 115–91, div. A, title VIII, §819(a), Dec. 12, 2017, 131 Stat. 1464.)

Historical and Revision Notes
Revised

Section

Source (U.S. Code)Source (Statutes at Large)
11302 40:1412. Pub. L. 104–106, div. E, title LI, §5112, Feb. 10, 1996, 110 Stat. 680.

Editorial Notes

References in Text

Section 3542 of title 44, referred to in subsec. (c)(1)(C), was repealed by Pub. L. 113–283, §2(a), Dec. 18, 2014, 128 Stat. 3073. See section 3552 of Title 44, Public Printing and Documents.

Section 2445c of title 10, referred to in subsec. (c)(4)(C), was repealed by Pub. L. 114–328, div. A, title VIII, §846(1), Dec. 23, 2016, 130 Stat. 2292.

The text of section 11331 of this title, referred to in subsec. (d), was generally amended by Pub. L. 117–167, div. B, title II, §10246(f), Aug. 9, 2022, 136 Stat. 1492, so as to provide for the prescription by the Secretary of Commerce of standards and guidelines pertaining to Federal information systems.

Amendments

2017—Subsec. (c)(5). Pub. L. 115–88 and Pub. L. 115–91 amended subsec. (c) identically, striking out par. (5) relating to sunset of certain provisions. Text read as follows: "Paragraphs (1), (3), and (4) shall not be in effect on and after the date that is 5 years after the date of the enactment of the Carl Levin and Howard P. 'Buck' McKeon National Defense Authorization Act for Fiscal Year 2015."

2014—Subsec. (c). Pub. L. 113–291 added pars. (1), (3), (4), and par. (5) relating to sunset of certain provisions and redesignated former pars. (1) and (2) as par. (2) and par. (5) relating to report to Congress, respectively.

2004—Subsec. (b). Pub. L. 108–458, §8401(1), inserted "security," after "use,".

Subsec. (c)(1). Pub. L. 108–458, §8401(2), inserted ", including information security risks," after "evaluating the risks" and "costs, benefits, and risks".


Statutory Notes and Related Subsidiaries

Change of Name

Committee on Oversight and Government Reform of House of Representatives changed to Committee on Oversight and Reform of House of Representatives by House Resolution No. 6, One Hundred Sixteenth Congress, Jan. 9, 2019.

Management of Software Licenses

Pub. L. 114–210, July 29, 2016, 130 Stat. 824, provided that:

"SECTION 1. SHORT TITLE.

"This Act may be cited as the 'Making Electronic Government Accountable By Yielding Tangible Efficiencies Act of 2016' or the 'MEGABYTE Act of 2016'.

"SEC. 2. OMB DIRECTIVE ON MANAGEMENT OF SOFTWARE LICENSES.

"(a) Definition.—In this section—

"(1) the term 'Director' means the Director of the Office of Management and Budget; and

"(2) the term 'executive agency' has the meaning given that term in section 105 of title 5, United States Code.

"(b) OMB Directive.—The Director shall issue a directive to require the Chief Information Officer of each executive agency to develop a comprehensive software licensing policy, which shall—

"(1) identify clear roles, responsibilities, and central oversight authority within the executive agency for managing enterprise software license agreements and commercial software licenses; and

"(2) require the Chief Information Officer of each executive agency to—

"(A) establish a comprehensive inventory, including 80 percent of software license spending and enterprise licenses in the executive agency, by identifying and collecting information about software license agreements using automated discovery and inventory tools;

"(B) regularly track and maintain software licenses to assist the executive agency in implementing decisions throughout the software license management life cycle;

"(C) analyze software usage and other data to make cost-effective decisions;

"(D) provide training relevant to software license management;

"(E) establish goals and objectives of the software license management program of the executive agency; and

"(F) consider the software license management life cycle phases, including the requisition, reception, deployment and maintenance, retirement, and disposal phases, to implement effective decisionmaking and incorporate existing standards, processes, and metrics.

"(c) Report on Software License Management.—

"(1) In general.—Beginning in the first fiscal year beginning after the date of enactment of this Act [July 29, 2016], and in each of the following 5 fiscal years, the Chief Information Officer of each executive agency shall submit to the Director a report on the financial savings or avoidance of spending that resulted from improved software license management.

"(2) Availability.—The Director shall make each report submitted under paragraph (1) publically available."

Appropriate Use of Requirements Regarding Experience and Education of Contractor Personnel in the Procurement of Information Technology Services

Pub. L. 106–398, §1 [[div. A], title VIII, §813], Oct. 30, 2000, 114 Stat. 1654, 1654A–214, provided that:

"(a) Amendment of the Federal Acquisition Regulation.—Not later than 180 days after the date of the enactment of this Act [Oct. 30, 2000], the Federal Acquisition Regulation issued in accordance with sections 6 and 25 of the Office of Federal Procurement Policy Act ([former] 41 U.S.C. 405 and 421) [see 41 U.S.C. 1121, 1303] shall be amended to address the use, in the procurement of information technology services, of requirements regarding the experience and education of contractor personnel.

"(b) Content of Amendment.—The amendment issued pursuant to subsection (a) shall, at a minimum, provide that solicitations for the procurement of information technology services shall not set forth any minimum experience or educational requirement for proposed contractor personnel in order for a bidder to be eligible for award of a contract unless—

"(1) the contracting officer first determines that the needs of the executive agency cannot be met without any such requirement; or

"(2) the needs of the executive agency require the use of a type of contract other than a performance-based contract.

"(c) GAO Report.—Not later than one year after the date on which the regulations required by subsection (a) are published in the Federal Register, the Comptroller General shall submit to Congress an evaluation of—

"(1) executive agency compliance with the regulations; and

"(2) conformance of the regulations with existing law, together with any recommendations that the Comptroller General considers appropriate.

"(d) Definitions.—In this section:

"(1) The term 'executive agency' has the meaning given that term in section 4(1) of the Office of Federal Procurement Policy Act (former 41 U.S.C. 403(1)) [now 41 U.S.C. 133].

"(2) The term 'information technology' has the meaning given that term in section 5002(3) of the Clinger-Cohen Act of 1996 (40 U.S.C. 1401(3)) [now 40 U.S.C. 11101(6)].

"(3) The term 'performance-based', with respect to a contract, means that the contract includes the use of performance work statements that set forth contract requirements in clear, specific, and objective terms with measurable outcomes."

1 See References in Text note below.