After nearly two years and several iterations, the bill formerly known as the Federal Information Technology Acquisition and Reform Act is heading to the House floor as part of the 2015 Defense authorization bill.
The bill, which could head to the House as early as Thursday, would add additional authorities for agency chief information officers, effectively codifying the position’s oversight responsibilities for IT management and governance.
According to the text of the bill, every agency chief information officer, except for the Defense Department CIO, would have a significant role in “the decision processes for all annual and multi-year planning, programming, budgeting and executive decisions, related reporting requirements and reports related to information technology.”
Those CIOs would also lead the formulation of their agency’s IT budget and would have the final say on any IT-related contracts, as well as any moving of funds from one IT-related program to another.
Earlier drafts of FITARA included a provision that would limit an agency to one CIO position; however, the version included in the NDAA would allow the CIO of a larger agency to appoint CIOs for smaller agencies. The bill does assert that the duties of a CIO are not delegable, though. An agency CIO could only delegate approval of IT contracts or systems that are classified as nonmajor under the White House Office of Management and Budget’s guidance.
In the case of the Defense Department, the CIO would review and provide recommendations to the Defense secretary on the department’s IT budget request.
Almost none of the CIO’s additional IT authorities will apply to any telecommunications or IT funded under the National Intelligence Program or the Military Intelligence Program, the bill said.
In an effort to more effectively manage the risk of some agency IT investments, the director of OMB would make a list of each major executive branch IT investment publicly available. The information would be updated by agency CIOs semi-annually and would be categorized according to risk.
Then, every agency investment identified as high risk for four consecutive quarters would be reviewed to determine the cause of the risk or if that risk can be mitigated. If the high-risk status remained a year later, the director of OMB would be required to deny any request for additional development funding until the CIO of the agency determines the cause of the risk and establishes a plan to address it.
The provisions of the FITARA portion in the NDAA also would provide for the establishment of an annual IT portfolio review at the agency level that looks for ways to consolidate IT systems and eliminate duplicative IT investments. Agencies would be required to align the portfolios with a multiyear strategy to cut IT costs.
At the Defense Department, the portfolio management requirement would only apply to business systems within the department’s IT systems. The bill would exempt national security systems from the annual review and multiyear plan.
In another attempt to cut down on costs of IT, the bill also would codify OMB’s 2010 Federal Data Center Consolidation Initiative. The head of each agency, with the help from the CIO, would be required to submit a comprehensive inventory of the agency’s data centers to OMB. Like the IT portfolios, agencies would be required to align data center consolidation with a multiyear strategy “by which the quantitative and qualitative progress of the agency toward the goals of the FDCCI can be measured.”
The Government Accountability Office would evaluate agency progress in data center consolidation annually. Any cloud-related consolidation efforts would need to comply with Federal Risk and Authorization Management Program, and National Institute of Standards and Technology guidelines, the bill said. The director of national intelligence or the Defense Secretary would retain the authority to waive applicability of the FDCCI to any system related to national security; however, the agency must submit its reasoning to Congress.
The bill also would call for the establishment and expansion of an agency IT acquisition cadre, which involves the development of personnel assigned to IT acquisitions through a specialized Office of Personnel Management-designated career path.
In addition, the bill would mandate that the General Services Administration develop a strategic sourcing initiative to enhance acquisition governmentwide. This initiative could allow software licenses to be shared across agencies.
The original version of FITARA was released in early 2013. It was penned by Rep. Darrell Issa, R-Calif., the chairman of the House Oversight and Government Reform Committee, and co-authored by Rep. Gerry Connolly, D-Va. In an Oversight Committee hearing Wednesday morning, Connolly commended Issa for his service as the panel’s chairman and on the inclusion of FITARA in the NDAA.
“I just want to congratulate you today on the news that the FITARA legislation is in fact headed for passage both in the Senate and in the House,” Connolly said. “It was an honor collaborating with you on such an important topic, and it’s a great way to cap your career as chairman of this committee.”