Secretary's Order 03-2022-Delegation of Authorities and Assignment of Responsibilities to the Chief Information Officer

Issuing agencies

Full Text

<html>
<head>
<title>Federal Register, Volume 87 Issue 208 (Friday, October 28, 2022)</title>
</head>
<body><pre>
[Federal Register Volume 87, Number 208 (Friday, October 28, 2022)]
[Notices]
[Pages 65254-65257]
From the Federal Register Online via the Government Publishing Office [<a href="http://www.gpo.gov">www.gpo.gov</a>]
[FR Doc No: 2022-23503]


=======================================================================
-----------------------------------------------------------------------

DEPARTMENT OF LABOR


Secretary's Order 03-2022--Delegation of Authorities and 
Assignment of Responsibilities to the Chief Information Officer

    1. Purpose. This Secretary's Order (Order) updates the delegation 
of authority and assignment of responsibilities to the Chief 
Information Officer (CIO) for implementation of the Federal Information 
Technology Acquisition Reform Act of 2014 (FITARA), the Federal 
Information Security Modernization Act of 2014 (FISMA), the Modernizing 
Government Technology (MGT) Act, the E-Government Act of 2002, the 
Clinger-Cohen Act of 1996 (also known as the Information Technology 
(IT) Management Reform Act of 1996), and the Paperwork Reduction Act of 
1995 (PRA).
    2. Authority and Directives Affected.
    A. Authorities. This Order is established pursuant to the following 
authorities.
    1. Public Law 85-67, Title I, 71 Stat. 210 (June 29, 1957), as 
amended.
    2. Public Law 99-619, Reorganization Plan Number 6.
    3. Public Law 104-13, the Paperwork Reduction Act (PRA).
    4. Public Law 104-106, The Clinger-Cohen Act.
    5. Public Law 104-231, The Electronic Freedom of Information Act 
Amendments (E-FOIA).
    6. Public Law 106-554, Consolidated Appropriations Act, 2001, 
Section 1(a) (incorporating Section 515 of H.R. 5658, the Treasury and 
General Government Appropriations Act).
    7. Public Law 107-347, The E-Government Act of 2002 [Sections 101, 
202-204, 206-212, 214, 301, 302 & 305].
    8. Public Law 113-235, FITARA of 2014; and Public Law 115-88, the 
FITARA Enhancement Act of 2017.
    9. Public Law 113-283, the FISMA of 2014.
    10. Public Law 115-91, the MGT Act, 131 Stat. 1332.
    11. 5 U.S.C. 301, 552(g), 3701-3707 & 5315 (2018).
    12. 29 U.S.C. 551 & 563 (2018).
    13. 40 U.S.C. 11312-11319 & 11331.
    14. 41 U.S.C. 266a.
    15. 44 U.S.C. 3505-3506, 3553-3554, 3603 & 3606.
    16. OMB Circular A-130, Managing Information as a Strategic 
Resource (2016).
    17. OMB Memorandum M-15-14, Management and Oversight of Federal 
Information Technology (2015).
    B. Directives Affected.
    1. This Order does not affect the authorities and responsibilities 
assigned by any other Secretary's Order, unless otherwise expressly 
provided in this or another Order.
    2. This Secretary's Order replaces the previous Secretary's Order 
06-2020 regarding CIO responsibilities, and as such, Secretary's Order 
06-2020 is cancelled.
    3. Background. This Order replaces Secretary's Order 06-2020, which 
delegated authority and assigned responsibility for implementation of 
FITARA, FISMA, MGT Act, PRA, Clinger-Cohen Act, and E-Government Act. 
This Order further implements guidance provided by OMB in Memorandum M-
15-14 that, in situations where ``the CIO and other management 
officials report to a COO, Undersecretary for Management, Assistant 
Secretary for Administration, or similar management executive, the CIO 
shall have direct access to the agency head (i.e., the Secretary, or 
Deputy Secretary serving on the Secretary's behalf) regarding programs 
that include information technology''.
    4. Reporting Authority. The CIO has direct access to, and authority 
for direct contact with, the Secretary for any matters the CIO deems 
necessary to carry out the responsibilities of this Secretary's Order.
    5. Assignment of Responsibilities to the CIO.
    A. The Clinger-Cohen Act established the position of the CIO with 
information resource management duties as their primary duty. The CIO 
performs the responsibilities set forth below.
    1. Ensure compliance by all DOL agencies with the prompt, 
efficient, and effective implementation of IRM responsibilities and 
reduction of information collection burdens on the public.
    2. Provide advice and assistance to the Secretary and other DOL 
senior management personnel to ensure IT is acquired, and information 
resources are managed, effectively and efficiently.
    3. Perform strategic planning for all IT management functions 
including developing, updating, and maintaining the DOL IT strategic 
plan.
    4. Establish, implement, and ensure compliance with the DOL 
information security program.
    5. Develop, facilitate, and maintain the implementation of the 
enterprise architecture for DOL.
    6. Promote the effective and efficient design and operation of all 
major IRM processes for DOL, including improvements to work processes 
of the Department.
    7. Monitor and evaluate the performance of IT programs of DOL based 
on applicable performance measurements, and advise the Secretary of 
Labor and other senior management personnel regarding whether to 
continue, modify, or terminate a program or project.
    8. Annually, in consultation with DOL agencies and as part of the 
strategic planning and performance evaluation process, assess the 
requirements established for DOL personnel regarding knowledge and 
skill in IRM, develop plans for hiring and training aimed at meeting 
those requirements, and report to the Secretary on the progress made in 
improving IRM capability.
    9. Serve as a member of the executive branch Chief Information 
Officers Council, participate in its functions, and monitor the 
Department's implementation of IT standards.
    10. Perform any additional duties which are assigned to the CIO by 
applicable law, including OMB regulations and circulars.
    B. FITARA, the FITARA Enhancement Act of 2017, and the MGT Act 
further enhanced the responsibilities of the CIO in the following areas 
as defined below.
    1. Resources, Planning and Portfolio Management. It is the 
responsibility of the CIO to:
    a. Have a significant role in the decision processes for all annual 
and multiyear planning, programming, budgeting, and execution 
decisions, related reporting requirements, and reports related to IT;
    b. Have a significant role in the management, governance, and 
oversight processes related to IT;
    c. Review and approve the IT budget request;
    d. Certify IT investments are adequately implementing incremental 
development, as defined in capital

[[Page 65255]]

planning guidance issued by the Office of Management and Budget (OMB);
    e. Review and approve any contract or other agreement for IT or IT 
services. Governance process can be used to approve contracts or other 
agreements as long as the CIO is a full participant in the governance 
processes; and
    f. Review and approve the reprogramming of funds for IT.
    2. Agency Risk Management Information. It is the responsibility of 
the CIO to:
    a. Provide the Director of OMB with a list of each major IT 
investment on at least a semiannual basis, using existing data systems 
and processes;
    b. Categorize each major IT investment according to risk, in 
consultation with other appropriate agency officials; and
    c. Conduct a review of the investment to identify the root causes 
of the high level of risk, the extent to which these causes have been 
addressed, and the probability of future success for each major IT 
investment receiving a high risk rating.
    3. Information Technology Portfolio, Program and Resource Reviews. 
It is the responsibility of the CIO to:
    a. Identify or develop ways to increase the efficiency and 
effectiveness of the IT investments;
    b. Identify or develop opportunities to consolidate the acquisition 
and management of IT services, and increase the use of shared-service 
delivery models;
    c. Identify potential duplication, waste, and cost savings, and 
develop plans for actions to optimize the IT portfolio, programs, and 
resources;
    d. Develop ways to better align the IT portfolio, programs, and 
financial resources to any multi-year funding requirements or strategic 
plans required by law; and
    e. Conduct an annual review of the IT portfolio.
    4. Government-wide Data Center Consolidation and Optimization 
Metrics. It is the responsibility of the CIO to:
    a. Assist the Secretary in the submission to the Federal CIO in the 
Office of the Federal Chief Information Officer (formerly the 
Administrator of the Office of Electronic Government and Information 
Technology), and OMB, a comprehensive inventory of the data centers 
owned, operated, or maintained by or on behalf of the agency and a 
multi-year strategy to achieve the consolidation and optimization of 
the data centers inventoried;
    b. Submit a statement to the Federal CIO stating whether the agency 
has complied with the requirements and make the statement publicly 
available. If the agency has not complied with the requirements, the 
CIO must submit a statement to the Federal CIO explaining the reasons 
for not complying with such requirements; and
    c. Provide updates to the Federal CIO on a quarterly basis 
regarding the completion of activities by the agency; all progress of 
the agency towards meeting the Government-wide data center 
consolidation and optimization metrics; and the actual cost savings and 
other improvements realized through the implementation of the strategy 
of the agency.
    5. Technology Modernization Fund. It is the responsibility of the 
CIO to evaluate applications for funding from the Technology 
Modernization Fund including a strong business case, technical design, 
consideration of commercial off-the-shelf products and services, 
procurement strategy (including adequate use of rapid, iterative 
software development practices), and program management.
    6. Delegation of Authorities and Assignment of Responsibilities.
    A. Subject to the Reservation of Authority in section VII of this 
Order, the following duties assigned by the PRA, E-FOIA, and related 
legislation, and OMB guidance to the Secretary are hereby delegated to 
the CIO.
    1. Establish a process, sufficiently independent of DOL program 
agencies, to evaluate whether proposed collections of information 
should be approved under the PRA.
    2. Coordinate with DOL agencies to ensure proposed collections of 
information covered by the PRA are published in the Federal Register.
    3. Coordinate with DOL agencies to ensure they provide notice and 
an opportunity to comment on any collections of information contained 
within notices of proposed rulemaking published in the Federal 
Register.
    4. Certify for each collection of information submitted to OMB for 
review the DOL program agency has fully complied with all PRA 
provisions.
    5. Coordinate with DOL agencies to prepare and maintain an annual 
inventory of the DOL's major information systems.
    6. Maintain a leadership role in overseeing the implementation of 
DOL's guidelines on information quality matters consistent with the 
Department's Information Quality Guidelines, and be responsible for the 
annual Data Quality report to the Director of OMB.
    B. Subject to the Reservation of Authority in section VII of this 
Order, the following duties assigned by the Clinger-Cohen Act and 
related OMB guidance to the Secretary are hereby delegated to the CIO.
    1. Design, implement, and maintain DOL's process for maximizing the 
value and assessing and managing the risks of IT acquisitions to:
    a. Provide for the selection of IT investments to be made by DOL, 
the management of such investments, and the evaluation of the results 
of such investments;
    b. Be integrated with the processes for making budget, financial, 
and program management decisions within DOL;
    c. Include minimum criteria to be applied in considering whether to 
undertake a particular investment in information systems;
    d. Provide for identifying information systems investments 
resulting in shared benefits or costs for other Federal agencies or 
State or local governments;
    e. Provide for identifying quantifiable measurements for 
determining the net benefits and risks for a proposed investment; and
    f. Provide the means for DOL senior management personnel to obtain 
timely information regarding the progress of an investment in an 
information system.
    2. Institutionalize performance-based and results-based management 
for IT in coordination with the Office of the Chief Financial Officer, 
the Office of the Assistant Secretary for Administration and Management 
(OASAM), other DOL agencies, and other DOL governance structures (e.g., 
Working Capital Fund).
    3. Review and approve the acquisition of IT for DOL and, in 
accordance with guidance issued by OMB, the award of contracts that 
provide for multi-agency acquisitions of information technology.
    4. Monitor the Department's compliance with the policies, 
procedures, and guidance in OMB Circular A-130 (or equivalent 
guidance), recommend or take appropriate corrective action in instances 
of failures to comply and, as required by Circular A-130, report to the 
OMB Director.
    C. Subject to the Reservation of Authority in section VII of this 
Order, the following duties assigned by the MGT Act to the Secretary 
are hereby delegated to the CIO.
    1. Establish an information technology system modernization and 
working capital fund for necessary expenses as described in paragraph 3 
of the MGT Act.
    2. Prioritize funds within the IT working capital fund to be used 
initially for cost savings activities.
    3. Reprogram and transfer any amounts saved as a direct result of 
the cost savings activities for deposit into

[[Page 65256]]

the IT working capital fund, consistent with paragraph (2)(A) of the 
MGT Act.
    D. Subject to the Reservation of Authority in section VII of this 
Order, the following duties assigned by the E-Government Act of 2002 to 
the Secretary are hereby delegated to the CIO.
    1. Consider the impact of Departmental E-Government policies and 
programs on persons without access to the internet and work with all 
DOL agencies to ensure, to the extent practicable, the availability of 
government information and services is not diminished for individuals 
who lack access to the internet.
    2. Submit annually to the OMB Director of the E-Government Status 
Report required by Section 202 of the E-Government Act.
    3. Ensure the Department's methods for use and acceptance of 
electronic signatures are compatible with the relevant policies and 
procedures issued by the OMB Director.
    4. Work with the Office of Public Affairs and the Office of the 
Solicitor to ensure a publicly accessible DOL website includes all 
required information.
    5. Coordinate with the Office of the Assistant Secretary for Policy 
to ensure the Department implements electronic rulemaking submissions 
and electronic dockets.
    6. Oversee the Department's preparation of privacy impact 
assessments; ensure privacy impact assessments are provided to OMB for 
each information system for which funding is requested; and ensure, if 
practicable and appropriate, DOL privacy impact assessments are made 
available to the public.
    7. Establish and operate IT training programs and encourage DOL 
employee participation in such programs.
    8. Establish a system for appropriately sharing OMB and DOL 
policies, guidance, standards and other communications relating to IT 
and IRM.
    9. Ensure the Department develops performance measures 
demonstrating how electronic government enables progress toward DOL 
objectives, strategic goals, and statutory mandates.
    10. Ensure the Department is in compliance with Section 508 of the 
Rehabilitation Act of 1974 (29 U.S.C. 794d).
    11. Ensure the Department complies with all OMB policies relating 
to the categorization of information.
    12. Ensure that privacy notices posted on DOL websites comply with 
OMB guidance (see Section 208(c) of the E-Government Act).
    13. Ensure the Department, consistent with guidance developed by 
the National Archivist, adopts policies and procedures to effectively 
and comprehensively fulfill its records management responsibilities 
with respect to DOL information on the internet and other electronic 
records.
    E. Subject to the Reservation of Authority in section VII of this 
Order, the following duties assigned by FISMA to the Secretary are 
hereby delegated to the CIO.
    1. Designate a senior Department official who will report to the 
CIO and have responsibility for Department-wide information security as 
their primary duty.
    2. Ensure the Department has trained personnel sufficient to assist 
in complying with the requirements of FISMA and related policies, 
procedures, standards, and guidelines.
    3. Ensure the Department's information security management 
processes are integrated into its strategic and operational planning 
processes.
    4. Prepare the Department's annual report to the Congress and 
Comptroller General on compliance with FISMA, as required by Section 
3544(c) of the E-Government Act.
    5. Ensure the adequacy and effectiveness of information security 
policies, procedures, and practices are addressed in plans and reports 
relating to the Department's annual budget; information resources 
management; IT management; program performance under the Government 
Performance Results Act; financial management and financial management 
systems; and internal accounting and administrative controls.
    6. Ensure any significant deficiency in information security 
policies, practices or procedures is reported as a material weakness 
under Section 3512 of Title 31 of the U.S. Code and, if related to 
financial management systems, as an instance of a lack of substantial 
compliance under the Federal Financial Management Improvement Act.
    7. Ensure the Department's annual performance plan includes a 
description of the time periods, budget resources, staffing and 
training necessary to implement the Department's information security 
program.
    8. Ensure the public receives timely notice and opportunity for 
comment on proposed information security policies and procedures 
affecting communication with the public.
    9. Cooperate with the Office of Inspector General on the annual 
independent evaluation of the Department's information security program 
and practices, and ensure the evaluation is submitted to OMB.
    10. Provide information security protections commensurate with the 
risk and magnitude of the harm resulting from unauthorized access, use, 
disclosure, disruption, modification, or destruction of information and 
information systems.
    11. Comply with the requirements of FISMA and related OMB policies 
and NIST procedures, standards, and guidelines.
    12. Report annually to the OMB Director, the Comptroller General of 
the United States, and selected congressional committees on the 
adequacy and effectiveness of agency information security policies and 
procedures.
    F. In addition to the above duties specifically assigned by the 
PRA, the Clinger-Cohen Act, and the E-Government Act, the CIO is 
delegated the following authority and assigned the following 
responsibilities, subject to the Reservation of Authority in section 
VII.
    1. The CIO will act as the Department's spokesperson on all matters 
relating to Departmental IRM and IT management.
    2. The CIO will ensure the DOL is responsive to the needs of 
employees who require adaptive technologies and will represent the 
Department on GSA's Section 508 Committee.
    3. The CIO will ensure continuous modernization of Departmental 
communications and processes through adoption of new technologies, and 
ensure maximum appropriate use of web technologies and electronic mail.
    4. The CIO will perform any other related duties which are assigned 
by the Secretary.
    G. The Solicitor of Labor. The Solicitor of Labor is delegated 
authority and assigned responsibility for providing legal advice and 
counsel to the Department and agencies relating to the administration 
and implementation of this Order and the statutory provisions, 
regulations, and Executive Orders listed above, including without 
limitation, providing counsel to the Secretary, ASAM, CIO, Agency 
Heads, managers, and supervisors. The Solicitor of Labor shall have 
responsibility for legal advice and assistance through opinions and 
interpretations of applicable laws and regulations. The bringing of, 
and defense against, legal proceedings under the authorities cited 
herein, the representation of the Department, the Secretary, and other 
officials of the Department, and determinations of whether such 
proceedings or representations are appropriate in a given case, are 
delegated exclusively to the Solicitor.

[[Page 65257]]

    7. Reservations of Authority.
    A. The submission of reports and recommendations to the President 
and Congress concerning the administration of the statutory provisions 
and Executive Orders listed above is reserved to the Secretary.
    B. No delegation of authority or assignment of responsibility under 
this Order will be deemed to affect the Secretary's authority to 
continue to exercise or further delegate such authority or 
responsibility.
    8. Effective Date. This Order is effective immediately.

Martin J. Walsh,
Secretary of Labor.
[FR Doc. 2022-23503 Filed 10-27-22; 8:45 am]
BILLING CODE 4510-04-P


</pre></body>
</html>