OMB is responsible for overseeing Federal agencies’ information technology practices. As a part of this core function, OMB develops and ensures implementation of policies and guidelines that drive enhanced technology performance and budgeting across the Executive Branch. The Federal CIO heads OMB’s Office of E-Government and Information Technology (E-Gov), which develops and provides direction in the use of Internet-based technologies. The two major policies and guidelines are FITARA and FISMA.
With FITARA, the Common Baseline was set forth and the role of Agency CIOs was expanded with increased responsibilities through the National Defense Authorization Act for Fiscal Year 2015. (Public Law 113-291. Sec. 831. National Defense Authorization Act for Fiscal Year 2015.) Per OMB M-15-14, the specific requirements of FITARA include:
With FISMA, information security requirements were set forth based on NIST compliance documents. (NIST. Federal Information Security Management Act (FISMA) Implementation Project.) FISMA requires annual evaluations of the information security program at each federal agency, which are reviewed by DHS and OMB, and incorporated into an annual report to Congress. FISMA states:
Each year, not later than such date established by the Director [OMB], the head of each agency shall submit to the Director [OMB] the results of [their agency’s] evaluation required under this section. (CIO Council. CISO Handbook.)