| 1. LEADERSHIP & ACCOUNTABILITY |
FITARA (CIO authority) [25] |
Establishes CIO authority over IT resources, planning, and portfolio management. Requires CIO certification of IT investments and accountability to the agency head and Congress. |
CIO |
| Clinger-Cohen Act (CIO duties) |
Defines CIO duties, including developing and maintaining enterprise architecture, capital planning, and IT management practices. |
CIO |
| Paperwork Reduction Act (agency CIO responsibilities) [8] |
Requires CIOs to oversee information resources management and compliance with OMB policies. |
CIO |
| Federal information policy (OMB/NTIS authorities) [10] |
Grants OMB authority over federal information dissemination; CIOs must align agency policies accordingly. |
CIO |
| OMB FITARA implementation guidance (M-15-14) |
Provides OMB’s framework for implementing FITARA, strengthening CIO oversight of IT investments. |
CIO |
| OMB Circular A-130 (Federal information policy) [16] |
Establishes CIO authority over IT resources, planning, and portfolio management. Requires CIO certification of IT investments and accountability to the agency head and Congress. Forms the statutory backbone for CIO leadership and measurable accountability. |
CIO, CISO, CDAO |
| 2. STRATEGIC PLANNING |
Clinger–Cohen (capital planning and IT management) |
Requires CIOs to integrate IT into capital planning and management. |
CIO |
| FITARA (planning and oversight) [25] |
Ensures CIO oversight of IT planning and portfolio decisions. |
CIO |
| OMB Circular A-11 (planning and budgeting, IT) [16] |
Directs agencies to integrate IT planning into budget submissions. |
CIO, CTO |
| Federal Zero Trust Strategy (M-22-09) |
Requires adoption of Zero Trust architecture. |
CIO, CISO |
| 3. INVESTMENT & PORTFOLIO MANAGEMENT |
FITARA (portfolio transparency and CIO review) [25] |
Mandates CIO review and transparency of IT portfolios. |
CIO |
| OMB FITARA implementation (M-15-14) |
Strengthens CIO oversight of IT investments. |
CIO |
| OMB Circular A-11, Part 6 (IT capital planning, PortfolioStat, TBM) |
Provides capital planning and PortfolioStat guidance. |
CIO, CTO |
| Government-wide Category Management |
Requires agencies to manage common IT goods/services strategically. |
CIO, CTO |
| 4. BUDGETING |
OMB Circular A-11 (IT budgeting, e.g., Exhibit 53/IT portfolio) |
Governs IT budgeting, including Exhibit 53/IT portfolio reporting. |
CIO |
| FITARA (CIO budget certification) [25] |
Requires CIO certification of IT budgets. |
CIO |
| 5. GOVERNANCE & COMPLIANCE |
FITARA (CIO authority over IT decisions) [25] |
Grants CIO authority over IT decisions. |
CIO |
| DoDI 8510.01 — Risk Management Framework for DoD IT |
Establishes RMF for DoD IT systems. |
CIO, CISO |
| DoD Zero Trust Strategy (2022) |
Requires Zero Trust adoption across DoD. |
CIO, CISO |
| 6. POLICY |
OMB Circular A-130 (information management, security, privacy) [16] |
Governs information management, security, and privacy |
CIO, CISO, CDAO |
| Paperwork Reduction Act (information collection policy) [8] |
Establishes CIO responsibility for information collection policy. |
CIO |
| Federal records management (36 CFR Subchapter B) |
Governs records management requirements. |
CIO, CDAO |
| 7. WORKFORCE |
DoDD 5144.02 (DoD CIO authorities, including workforce) |
Defines CIO responsibilities including workforce development. |
CIO |
| NICE Framework (cyber workforce taxonomy) [20] |
Provides common lexicon for cybersecurity roles. |
CIO, CISO |
| DoD Cyber Workforce Framework (DCWF) [41] |
Standardizes cyber workforce roles and qualifications. |
CIO, CISO |
| Clinger-Cohen (IT workforce development) |
Includes IT workforce development responsibilities. |
CIO |
| 8. STRATEGIC COMMUNICATIONS |
Paperwork Reduction Act (public information coordination) [8] |
Requires CIOs to coordinate public information. |
CIO |
| GPRA Modernization Act (performance reporting) [29] |
Requires performance reporting and transparency. |
CIO, CDAO |
| FOIA (public access to records) |
Mandates public access to agency records. |
CIO, CISO |
| 9. INFORMATION RESOURCES MANAGEMENT |
OMB Circular A-130 (IRM governance) [16] |
Governs IRM strategy and compliance. |
CIO |
| PRA (information lifecycle responsibilities) [8] |
Establishes CIO responsibility for IRM lifecycle. |
CIO |
| Federal records (36 CFR Subchapter B) |
Governs records management. |
CISO |
| 10. IT PERFORMANCE MANAGEMENT |
OMB Circular A-11 (performance and IT reporting) |
Requires agencies to report IT performance metrics as part of budget submissions, linking IT investments to mission outcomes. |
CIO |
| GPRA Modernization Act (performance management) [29] |
Mandates performance goals and reporting, ensuring CIOs integrate IT performance into agency accountability frameworks. |
CIO, CDAO |
| FITARA scorecard (Congressional oversight reference) |
Provides Congress with a mechanism to grade CIO empowerment, portfolio management, and modernization progress. |
CIO |
| 11. INFORMATION SECURITY & PRIVACY RISK |
FISMA (Federal Information Security Modernization Act) |
Establishes federal information security requirements, assigning CIOs responsibility for compliance and risk management. |
CIO, CISO |
| OMB M-21-31 (event logging and incident response) |
Requires agencies to implement centralized logging and incident response capabilities, strengthening accountability for cybersecurity. |
CIO, CISO |
| OMB M-22-09 (Federal Zero Trust strategy) |
Directs agencies to adopt Zero Trust architecture, reshaping IT security governance. |
CIO, CISO |
| NIST SP 800-53 Rev. 5 (security controls) |
Provides baseline security and privacy controls for federal information systems. |
CIO, CISO |
| Privacy Act [9] |
Governs collection and use of personal data by agencies, requiring CIO oversight of privacy protections. |
CIO, CISO, CDAO |
| 12. ENTERPRISE ARCHITECTURE |
Clinger-Cohen Act (developing, maintaining, and facilitating the use of EA) |
Requires CIOs to develop and maintain enterprise architecture to support IT management. |
CIO |
| FITARA (IT portfolio management and EA-related decisions) [25] |
Grants CIOs authority over IT portfolio management and EA-related decisions. |
CIO |
| OMB Circular A‑130 (requiring EA to ensure interoperability, security, and efficiency) [16] |
Requires agencies to maintain EA to ensure interoperability, security, and efficiency. |
CIO, CTO |
| OMB Circular A‑11, Part 6 (capital planning and investment control) |
Links EA to capital planning and investment control. |
CIO, CTO |
| DoD Architecture Framework (DoDAF 2.02) |
Provides standardized EA framework for DoD, ensuring interoperability and mission alignment. |
CIO, CTO |
| 13. DATA |
44 U.S.C. § 3504 (OMB information policy authority) |
Grants OMB authority over federal information policy, guiding CIOs in data governance. |
CIO, CDAO |
| Paperwork Reduction Act (agency responsibilities for CIO) [8] |
Establishes CIO responsibility for information lifecycle management. |
CIO |
| 44 U.S.C. § 3511 (data inventory and planning) |
Requires agencies to maintain comprehensive data inventories. |
CIO, CDAO |
| 44 U.S.C. § 3520 (Agency CDO roles, information dissemination) |
Establishes Chief Data Officer roles in agencies. [47] |
CDAO |
| OMB M-19-23 (open data, CDO roles under Evidence Act Phase 1) |
Implements Evidence Act, requiring agencies to designate CDOs and publish open data. |
CIO, CDAO |
| Foundations for Evidence-Based Policymaking Act |
Mandates open government data, evaluation plans, and evidence-building activities. |
CIO, CDAO |
| DoDI 8320.07 (data visibility and interoperability) |
Establishes DoD policy for data visibility and interoperability. |
CIO, CDAO |
| Federal Data Strategy (goals and action plans) [51] |
Provides government‑wide goals and action plans for data governance. |
CIO, CDAO |
| 14. ARTIFICIAL INTELLIGENCE |
Executive Order 14179 (Removing Barriers to American Leadership in Artificial Intelligence) |
Establishes Trump administration AI policy, prioritizing U.S. leadership and removing regulatory barriers. |
CIO, CDAO, CTO |
| Trump Administration AI Action Plan (accelerating innovation, building AI infrastructure) [39] |
A coordinated set of EOs under “Winning the AI Race,” focusing on innovation, infrastructure, and diplomacy. |
CIO, CDAO |
| Executive Order 14195 (Ensuring a National Policy Framework for Artificial Intelligence) |
Establishes a single federal AI regulatory standard, preempting state-level AI laws. |
CIO, CDAO |
| DoD Responsible AI Strategy & Implementation Pathway (2024) [6] |
Guides ethical AI adoption across DoD, operationalizing AI ethical principles. |
CIO, CDAO |
| NIST AI Risk Management Framework (SP 1270) |
Provides a structured approach for managing AI risks, ensuring resilience and accountability. |
CIO, CDAO |