House Passes Legislation Strengthening Role of Federal CIO

House Passes Legislation Strengthening Role of Federal CIO

The Federal CIO Authorization Act of 2018 creates a more direct IT reporting structure for CIO and CISO.

The U.S. House of Representatives passed a bill on Nov. 30 that would ultimately streamline IT reporting and processes for the federal chief information officer and chief information security officer, and elevate the role of the CIO as the overseer of the government’s digital infrastructure.

The Federal CIO Authorization Act of 2018 was introduced by the House IT Subcommittee Chair Rep. Will Hurd, R-Texas, and Ranking Member Rep. Robin Kelly, D-Illinois, in September. Though it still has to make its way through the U.S. Senate and to the president’s desk, this puts the IT reporting of the federal CIO (currently Suzette Kent) and CISO (currently Grant Schneider) one step closer to becoming more structured.

According to the legislation, changes specify changing previous terms like “administrator” to federal CIO or federal CISO, providing a clear and straightforward authorization for whoever holds the current position.

The bill also defines IT reporting structures by naming the federal CIO’s role as a presidential appointee who directly reports to the director of the Office of Management and Budget, the federal CISO as the presidential appointee reporting to the federal CIO, and renames the Office of E-Government as the Office of the Federal CIO.

Plus, the act directs and gives the authority to the federal CIO “to submit a proposal to congress for consolidation and streamlining IT across federal agencies,” elevating the role and its subsequent authorities.

“This bill helps keep the vast information stored by the federal government secure from hackers by making clear that the Federal CIO is in charge of the security of our data across the government,” Hurd said in the press release.

In fact, the House IT Subcommittee has focused on reauthorizing and restructuring the roles of all CIOs in federal government in its ongoing efforts to modernize government IT.

The Federal Information Technology Acquisition Reform Act includes “agency CIO authority enhancement” as a measurable category, part of the overall FITARA grade given to the 24 Chief Financial Officers Act agencies. FITARA, introduced by the House Oversight and Government Reform Committee and enacted in 2014, is used to score government agencies on their IT modernization efforts.

Proper IT and IT spending reporting reduces agencies’ overall scores, and is something the subcommittee has been pushing. “One area where we’ve increased pressure is the continued lack of a direct reporting structure from the [chief information officer] to the agency head,” Hurd said in the May 23 Oversight and Government Reform IT Subcommittee FITARA hearing about the most recent scores.

For those agencies that haven’t yet adjusted the reporting structure, Hurd directed them to President Donald Trump’s executive order from May enhancing the CIO’s position, especially as it pertains to CIO’s lack of IT budget authority.

So, the subcommittee's efforts to enhance and align the role and reporting of the federal CIO and CISO properly follows suit with the bipartisan effort to modernize the government’s overall IT infrastructure.