1. Purpose. This Secretary's Order (Order) updates the delegation of authority and assignment of responsibilities to the Chief Information Officer (CIO) for implementation of the Federal Information Technology Acquisition Reform Act of 2014 (FITARA), the Federal Information Security Modernization Act of 2014 (FISMA), the Modernizing Government Technology (MGT) Act, the E-Government Act of 2002, the Clinger-Cohen Act of 1996 (also known as the Information Technology (IT) Management Reform Act of 1996), and the Paperwork Reduction Act of 1995 (PRA).
2. Authority and Directives Affected.
A. Authorities. This Order is established pursuant to the following authorities.
1. Public Law 85-67, Title I, 71 Stat. 210 (June 29, 1957), as amended.
2. Public Law 99-619, Reorganization Plan Number 6.
3. Public Law 104-13, the Paperwork Reduction Act (PRA).
4. Public Law 104-106, The Clinger-Cohen Act.
5. Public Law 104-231, The Electronic Freedom of Information Act Amendments (E-FOIA).
6. Public Law 106-554, Consolidated Appropriations Act, 2001, Section 1(a) (incorporating Section 515 of H.R. 5658, the Treasury and General Government Appropriations Act).
7. Public Law 107-347, The E-Government Act of 2002 [Sections 101, 202-204, 206-212, 214, 301, 302 & 305].
8. Public Law 113-235, FITARA of 2014; and Public Law 115-88, the FITARA Enhancement Act of 2017.
9. Public Law 113-283, the FISMA of 2014.
10. Public Law 115-91, the MGT Act, 131 Stat. 1332.
11. 5 U.S.C. 301, 552(g), 3701-3707 & 5315 (2018).
12. 29 U.S.C. 551 & 563 (2018).
13. 40 U.S.C. 11312-11319 & 11331.
14. 41 U.S.C. 266a.
15. 44 U.S.C. 3505-3506, 3553-3554, 3603 & 3606.
16. OMB Circular A-130, Managing Information as a Strategic Resource (2016).
17. OMB Memorandum M-15-14, Management and Oversight of Federal Information Technology (2015).
B. Directives Affected.
1. This Order does not affect the authorities and responsibilities assigned by any other Secretary's Order, unless otherwise expressly provided in this or another Order.
2. This Secretary's Order replaces the previous Secretary's Order 06-2020 regarding CIO responsibilities, and as such, Secretary's Order 06-2020 is cancelled.
3. Background. This Order replaces Secretary's Order 06-2020, which delegated authority and assigned responsibility for implementation of FITARA, FISMA, MGT Act, PRA, Clinger-Cohen Act, and E-Government Act. This Order further implements guidance provided by OMB in Memorandum M-15-14 that, in situations where “the CIO and other management officials report to a COO, Undersecretary for Management, Assistant Secretary for Administration, or similar management executive, the CIO shall have direct access to the agency head ( i.e., the Secretary, or Deputy Secretary serving on the Secretary's behalf) regarding programs that include information technology”.
4. Reporting Authority. The CIO has direct access to, and authority for direct contact with, the Secretary for any matters the CIO deems necessary to carry out the responsibilities of this Secretary's Order.
5. Assignment of Responsibilities to the CIO.
A. The Clinger-Cohen Act established the position of the CIO with information resource management duties as their primary duty. The CIO performs the responsibilities set forth below.
1. Ensure compliance by all DOL agencies with the prompt, efficient, and effective implementation of IRM responsibilities and reduction of information collection burdens on the public.
2. Provide advice and assistance to the Secretary and other DOL senior management personnel to ensure IT is acquired, and information resources are managed, effectively and efficiently.
3. Perform strategic planning for all IT management functions including developing, updating, and maintaining the DOL IT strategic plan.
4. Establish, implement, and ensure compliance with the DOL information security program.
5. Develop, facilitate, and maintain the implementation of the enterprise architecture for DOL.
6. Promote the effective and efficient design and operation of all major IRM processes for DOL, including improvements to work processes of the Department.
7. Monitor and evaluate the performance of IT programs of DOL based on applicable performance measurements, and advise the Secretary of Labor and other senior management personnel regarding whether to continue, modify, or terminate a program or project.
8. Annually, in consultation with DOL agencies and as part of the strategic planning and performance evaluation process, assess the requirements established for DOL personnel regarding knowledge and skill in IRM, develop plans for hiring and training aimed at meeting those requirements, and report to the Secretary on the progress made in improving IRM capability.
9. Serve as a member of the executive branch Chief Information Officers Council, participate in its functions, and monitor the Department's implementation of IT standards.
10. Perform any additional duties which are assigned to the CIO by applicable law, including OMB regulations and circulars.
B. FITARA, the FITARA Enhancement Act of 2017, and the MGT Act further enhanced the responsibilities of the CIO in the following areas as defined below.
1. Resources, Planning and Portfolio Management. It is the responsibility of the CIO to:
a. Have a significant role in the decision processes for all annual and multiyear planning, programming, budgeting, and execution decisions, related reporting requirements, and reports related to IT;
b. Have a significant role in the management, governance, and oversight processes related to IT;
c. Review and approve the IT budget request;
d. Certify IT investments are adequately implementing incremental development, as defined in capital planning guidance issued by the Office of Management and Budget (OMB);
e. Review and approve any contract or other agreement for IT or IT services. Governance process can be used to approve contracts or other agreements as long as the CIO is a full participant in the governance processes; and
f. Review and approve the reprogramming of funds for IT.
2. Agency Risk Management Information. It is the responsibility of the CIO to:
a. Provide the Director of OMB with a list of each major IT investment on at least a semiannual basis, using existing data systems and processes;
b. Categorize each major IT investment according to risk, in consultation with other appropriate agency officials; and
c. Conduct a review of the investment to identify the root causes of the high level of risk, the extent to which these causes have been addressed, and the probability of future success for each major IT investment receiving a high risk rating.
3. Information Technology Portfolio, Program and Resource Reviews. It is the responsibility of the CIO to:
a. Identify or develop ways to increase the efficiency and effectiveness of the IT investments;
b. Identify or develop opportunities to consolidate the acquisition and management of IT services, and increase the use of shared-service delivery models;
c. Identify potential duplication, waste, and cost savings, and develop plans for actions to optimize the IT portfolio, programs, and resources;
d. Develop ways to better align the IT portfolio, programs, and financial resources to any multi-year funding requirements or strategic plans required by law; and
e. Conduct an annual review of the IT portfolio.
4. Government-wide Data Center Consolidation and Optimization Metrics. It is the responsibility of the CIO to:
a. Assist the Secretary in the submission to the Federal CIO in the Office of the Federal Chief Information Officer (formerly the Administrator of the Office of Electronic Government and Information Technology), and OMB, a comprehensive inventory of the data centers owned, operated, or maintained by or on behalf of the agency and a multi-year strategy to achieve the consolidation and optimization of the data centers inventoried;
b. Submit a statement to the Federal CIO stating whether the agency has complied with the requirements and make the statement publicly available. If the agency has not complied with the requirements, the CIO must submit a statement to the Federal CIO explaining the reasons for not complying with such requirements; and
c. Provide updates to the Federal CIO on a quarterly basis regarding the completion of activities by the agency; all progress of the agency towards meeting the Government-wide data center consolidation and optimization metrics; and the actual cost savings and other improvements realized through the implementation of the strategy of the agency.
5. Technology Modernization Fund. It is the responsibility of the CIO to evaluate applications for funding from the Technology Modernization Fund including a strong business case, technical design, consideration of commercial off-the-shelf products and services, procurement strategy (including adequate use of rapid, iterative software development practices), and program management.
6. Delegation of Authorities and Assignment of Responsibilities.
A. Subject to the Reservation of Authority in section VII of this Order, the following duties assigned by the PRA, E-FOIA, and related legislation, and OMB guidance to the Secretary are hereby delegated to the CIO.
1. Establish a process, sufficiently independent of DOL program agencies, to evaluate whether proposed collections of information should be approved under the PRA.
2. Coordinate with DOL agencies to ensure proposed collections of information covered by the PRA are published in the Federal Register .
3. Coordinate with DOL agencies to ensure they provide notice and an opportunity to comment on any collections of information contained within notices of proposed rulemaking published in the Federal Register .
4. Certify for each collection of information submitted to OMB for review the DOL program agency has fully complied with all PRA provisions.
5. Coordinate with DOL agencies to prepare and maintain an annual inventory of the DOL's major information systems.
6. Maintain a leadership role in overseeing the implementation of DOL's guidelines on information quality matters consistent with the Department's Information Quality Guidelines, and be responsible for the annual Data Quality report to the Director of OMB.
B. Subject to the Reservation of Authority in section VII of this Order, the following duties assigned by the Clinger-Cohen Act and related OMB guidance to the Secretary are hereby delegated to the CIO.
1. Design, implement, and maintain DOL's process for maximizing the value and assessing and managing the risks of IT acquisitions to:
a. Provide for the selection of IT investments to be made by DOL, the management of such investments, and the evaluation of the results of such investments;
b. Be integrated with the processes for making budget, financial, and program management decisions within DOL;
c. Include minimum criteria to be applied in considering whether to undertake a particular investment in information systems;
d. Provide for identifying information systems investments resulting in shared benefits or costs for other Federal agencies or State or local governments;
e. Provide for identifying quantifiable measurements for determining the net benefits and risks for a proposed investment; and
f. Provide the means for DOL senior management personnel to obtain timely information regarding the progress of an investment in an information system.
2. Institutionalize performance-based and results-based management for IT in coordination with the Office of the Chief Financial Officer, the Office of the Assistant Secretary for Administration and Management (OASAM), other DOL agencies, and other DOL governance structures ( e.g., Working Capital Fund).
3. Review and approve the acquisition of IT for DOL and, in accordance with guidance issued by OMB, the award of contracts that provide for multi-agency acquisitions of information technology.
4. Monitor the Department's compliance with the policies, procedures, and guidance in OMB Circular A-130 (or equivalent guidance), recommend or take appropriate corrective action in instances of failures to comply and, as required by Circular A-130, report to the OMB Director.
C. Subject to the Reservation of Authority in section VII of this Order, the following duties assigned by the MGT Act to the Secretary are hereby delegated to the CIO.
1. Establish an information technology system modernization and working capital fund for necessary expenses as described in paragraph 3 of the MGT Act.
2. Prioritize funds within the IT working capital fund to be used initially for cost savings activities.
3. Reprogram and transfer any amounts saved as a direct result of the cost savings activities for deposit into the IT working capital fund, consistent with paragraph (2)(A) of the MGT Act.
D. Subject to the Reservation of Authority in section VII of this Order, the following duties assigned by the E-Government Act of 2002 to the Secretary are hereby delegated to the CIO.
1. Consider the impact of Departmental E-Government policies and programs on persons without access to the internet and work with all DOL agencies to ensure, to the extent practicable, the availability of government information and services is not diminished for individuals who lack access to the internet.
2. Submit annually to the OMB Director of the E-Government Status Report required by Section 202 of the E-Government Act.
3. Ensure the Department's methods for use and acceptance of electronic signatures are compatible with the relevant policies and procedures issued by the OMB Director.
4. Work with the Office of Public Affairs and the Office of the Solicitor to ensure a publicly accessible DOL website includes all required information.
5. Coordinate with the Office of the Assistant Secretary for Policy to ensure the Department implements electronic rulemaking submissions and electronic dockets.
6. Oversee the Department's preparation of privacy impact assessments; ensure privacy impact assessments are provided to OMB for each information system for which funding is requested; and ensure, if practicable and appropriate, DOL privacy impact assessments are made available to the public.
7. Establish and operate IT training programs and encourage DOL employee participation in such programs.
8. Establish a system for appropriately sharing OMB and DOL policies, guidance, standards and other communications relating to IT and IRM.
9. Ensure the Department develops performance measures demonstrating how electronic government enables progress toward DOL objectives, strategic goals, and statutory mandates.
10. Ensure the Department is in compliance with Section 508 of the Rehabilitation Act of 1974 (29 U.S.C. 794d).
11. Ensure the Department complies with all OMB policies relating to the categorization of information.
12. Ensure that privacy notices posted on DOL websites comply with OMB guidance (see Section 208(c) of the E-Government Act).
13. Ensure the Department, consistent with guidance developed by the National Archivist, adopts policies and procedures to effectively and comprehensively fulfill its records management responsibilities with respect to DOL information on the internet and other electronic records.
E. Subject to the Reservation of Authority in section VII of this Order, the following duties assigned by FISMA to the Secretary are hereby delegated to the CIO.
1. Designate a senior Department official who will report to the CIO and have responsibility for Department-wide information security as their primary duty.
2. Ensure the Department has trained personnel sufficient to assist in complying with the requirements of FISMA and related policies, procedures, standards, and guidelines.
3. Ensure the Department's information security management processes are integrated into its strategic and operational planning processes.
4. Prepare the Department's annual report to the Congress and Comptroller General on compliance with FISMA, as required by Section 3544(c) of the E-Government Act.
5. Ensure the adequacy and effectiveness of information security policies, procedures, and practices are addressed in plans and reports relating to the Department's annual budget; information resources management; IT management; program performance under the Government Performance Results Act; financial management and financial management systems; and internal accounting and administrative controls.
6. Ensure any significant deficiency in information security policies, practices or procedures is reported as a material weakness under Section 3512 of Title 31 of the U.S. Code and, if related to financial management systems, as an instance of a lack of substantial compliance under the Federal Financial Management Improvement Act.
7. Ensure the Department's annual performance plan includes a description of the time periods, budget resources, staffing and training necessary to implement the Department's information security program.
8. Ensure the public receives timely notice and opportunity for comment on proposed information security policies and procedures affecting communication with the public.
9. Cooperate with the Office of Inspector General on the annual independent evaluation of the Department's information security program and practices, and ensure the evaluation is submitted to OMB.
10. Provide information security protections commensurate with the risk and magnitude of the harm resulting from unauthorized access, use, disclosure, disruption, modification, or destruction of information and information systems.
11. Comply with the requirements of FISMA and related OMB policies and NIST procedures, standards, and guidelines.
12. Report annually to the OMB Director, the Comptroller General of the United States, and selected congressional committees on the adequacy and effectiveness of agency information security policies and procedures.
F. In addition to the above duties specifically assigned by the PRA, the Clinger-Cohen Act, and the E-Government Act, the CIO is delegated the following authority and assigned the following responsibilities, subject to the Reservation of Authority in section VII.
1. The CIO will act as the Department's spokesperson on all matters relating to Departmental IRM and IT management.
2. The CIO will ensure the DOL is responsive to the needs of employees who require adaptive technologies and will represent the Department on GSA's Section 508 Committee.
3. The CIO will ensure continuous modernization of Departmental communications and processes through adoption of new technologies, and ensure maximum appropriate use of web technologies and electronic mail.
4. The CIO will perform any other related duties which are assigned by the Secretary.
G. The Solicitor of Labor. The Solicitor of Labor is delegated authority and assigned responsibility for providing legal advice and counsel to the Department and agencies relating to the administration and implementation of this Order and the statutory provisions, regulations, and Executive Orders listed above, including without limitation, providing counsel to the Secretary, ASAM, CIO, Agency Heads, managers, and supervisors. The Solicitor of Labor shall have responsibility for legal advice and assistance through opinions and interpretations of applicable laws and regulations. The bringing of, and defense against, legal proceedings under the authorities cited herein, the representation of the Department, the Secretary, and other officials of the Department, and determinations of whether such proceedings or representations are appropriate in a given case, are delegated exclusively to the Solicitor.
7. Reservations of Authority.
A. The submission of reports and recommendations to the President and Congress concerning the administration of the statutory provisions and Executive Orders listed above is reserved to the Secretary.
B. No delegation of authority or assignment of responsibility under this Order will be deemed to affect the Secretary's authority to continue to exercise or further delegate such authority or responsibility.
8. Effective Date. This Order is effective immediately.
Martin J. Walsh,
Secretary of Labor.
[FR Doc. 2022-23503 Filed 10-27-22; 8:45 am]
BILLING CODE 4510-04-P