This section consists of language from OMB guidance that further demarcates, expands upon, or clarifies IT authorities assigned to agencies. This language directly or indirectly tasks the CIO with duties or responsibilities pertaining to information resources and data. See sections on OMB Memoranda and OMB Circulars for more information about these forms of OMB guidance. See sections on Office of Inspector General (OIG) and Government Accountability Office (GAO) to review how compliance with policies is measured.
Agencies shall establish a comprehensive approach to improve the acquisition and management of their information resources by: performing information resources management activities in an efficient, effective, economical, secure, and privacy-enhancing manner; focusing information resources planning to support their missions; implementing an IT investment management process that links to and supports budget formulation and execution; and rethinking and restructuring the way work is performed before investing in new information systems. (OMB Circular A-130. Managing Information as a Strategic Resource. Page 4.)
Data Quality Plan
Agencies that have determined they are subject to the DATA Act reporting must develop and maintain a Data Quality Plan that considers the incremental risks to data quality in Federal spending data and any controls that would manage such risks in accordance with OMB Circular No. A-123. The purpose of the Data Quality Plan is to identify a control structure tailored to address identified risks. (OMB M-18-16. Appendix A to OMB Circular No. A-123, Management of Reporting and Data Integrity Risk. 6/6/2018. Page 4.)
Improving Data Quality
Recognizing that the value of data as a Federal asset hinges on the reliability, validity and overall quality of the data itself, and consistent with OMB Circular No. A-123, agencies should leverage existing functions within the organization that currently monitor and assess risk. (OMB M-18-16. Appendix A to OMB Circular No. A-123, Management of Reporting and Data Integrity Risk. 6/6/2018. Page 8.)
All executive agencies are required by OMB Circular No. A-123 to integrate ERM processes and internal controls and are required to include consideration of internal controls over reporting in their annual assurance statement. (Ibid)
Open Data and [Records Management Budget Estimates]
[Agency budget estimates] should reflect data sets that have been prioritized through [the] agency’s engagement with customers as specified in OMB Memorandum M-13-13, Open Data Policy –Managing Information as an Asset. [These] estimates should also reflect work necessary to meet the requirements of OMB Memorandum M-12-18, Managing Government Records Directive, OMB Circular A-130, the E-Government Act, and OMB’s guidance. Initiatives should create a customer-centered electronic presence. (OMB Circular A-11. Preparation, Submission, and Execution of the Budget. Section 31.8. 2020.)
Establish Integral Digital Governance
A strong governance structure will help agencies develop coherent priorities, set up lines of accountability, and satisfy the public’s expectation of the best possible level of service. Agencies must manage their websites and digital services not as discrete individual IT projects, but as part of a comprehensive strategy covering all their digital information and services.
Implement Information Security and Privacy Controls
FISMA and OMB Circular A-130 require each Federal Agency to develop, document, and implement an agency-wide information security program for the information and information systems that support the agency’s operations and assets, including those provided or managed by another agency, contractor, or other source. FISMA also provides for the development and maintenance of minimum controls to protect Federal information and information systems. Moreover, OMB Circular A-130 requires agencies to develop, implement, document, maintain, and oversee an agency-wide privacy program including people, processes, and technologies. Each agency-wide privacy program must implement privacy controls and verify that those controls are operating as intended and continuously monitored and assessed.
Section I: Implementation Guidance for all Agencies: All Federal agencies (CFO Act and non-CFO Act) must meet the following targets in order to begin the transition to a fully electronic government.
By 2019, Federal agencies will manage all permanent electronic records in an electronic format. By December 31, 2019, all permanent electronic records in Federal agencies will be managed electronically to the fullest extent possible for eventual transfer and accessioning by NARA in an electronic format. Federal agencies have been required to manage all (permanent and temporary) email records in an electronic format since 2016 and are expected to continue to do so.
By 2022, Federal agencies will manage all permanent records in an electronic format and with appropriate metadata. By December 31, 2022, all permanent records in Federal agencies will be managed electronically to the fullest extent possible for eventual transfer and accessioning by NARA in an electronic format. This does not apply to permanent records accessioned into NARA or transferred for storage into Federal Records Centers before December 31, 2022. After December 31, 2022, all agencies will transfer permanent records to NARA in electronic formats and with appropriate metadata, in accordance with NARA regulations and transfer guidance, except where an agency has been granted an exception under procedures to be developed by NARA under paragraph 2.2, below.
By 2022, Federal agencies will manage all temporary records in an electronic format or store them in commercial records storage facilities. By December 31, 2022, all temporary records in Federal agencies will be managed electronically to the fullest extent possible. Agencies that receive an exception under paragraph 2.2 may continue to produce and store records in analog formats, but inactive records eligible for transfer after December 31, 2022 must be stored in commercial storage facilities. This does not apply to temporary records that are transferred for temporary storage into Federal Records Centers before December 31, 2022. By December 31, 2022, all agencies must close agency-operated records storage facilities and transfer inactive, temporary records to Federal Records Centers or commercial records storage facilities. Temporary, analog records that become eligible for transfer after December 31, 2022 must be transferred to commercial storage facilities that meet NARA records storage requirements.
Federal agencies will maintain robust records management programs that comply with the Federal Records Act and its regulations. Agencies must continue the following practices to ensure agency records are appropriately retained, stored, and transferred according to their disposition schedules.
Federal Data Strategy – Purpose & Overview
[The Federal Data Strategy (Federal Data Strategy, Leveraging Data as a Strategic Asset.)] enables agencies-and Government as an enterprise to use and manage Federal data to serve the American people, including the critical twin goals of getting optimal value from our data assets and of protecting security, privacy, and confidentiality. It provides a common set of data principles and best practices in implementing data innovations that drive more value for the public. The Strategy complements statutory requirements and OMB information policy and guidance, and incorporates relevant changes proposed by agency and public comments received in response to M-19-01: Request for Agency Feedback on the Federal Data Strategy. (OMB M-19-18. Federal Data Strategy - A Framework for Consistency. 6/4/2019.) Annual Action Plans specify measurable actions to implement the practices that are the priorities for a given year, providing timelines for implementation and identification of responsible parties. Agencies implement the Federal Data Strategy by adhering to the Action Steps in yearly action plans in accordance with OMB guidance.
Freedom of Information Act (FOIA) Portal
This memorandum provides instructions for agencies’ Chief FOIA Officers on actions that agencies must take to ensure interoperability with the National FOIA Portal [foia.gov]. This memorandum is authorized and required by the FOIA Improvement Act of 2016, 5 U.S.C. § 552(m). “It requires agencies to provide information and complete necessary actions that will facilitate interoperability with the National FOIA Portal, through which a member of the public can submit a request for information to any Federal agency from angle website.” (OMB M-19-10. Guidance for Achieving Interoperability with the National Freedom of Information Act (FOIA) Portal On FOIA.gov. 2/12/2019.)
Improve Customer Service Delivery
Each CFO Act agency (“agency” or “agencies”) that directly provides significant services to individuals or to private and governmental entities will improve customer service through the following activities: