7.1 Roles and Responsibilities
The Federal Information Technology Acquisition Reform Act (FITARA)32 creates clear responsibilities for agency CIOs related to IT investments and planning, as well as requiring that agency CIOs be involved in the IT acquisition process. OMB’s FITARA implementation guidance33 established a “common baseline” for roles, responsibilities, and authorities of the agency CIO and the roles of other applicable Senior Agency Officials in managing IT as a strategic resource. Accordingly, agency heads must ensure that CIOs and Senior Agency Officials,34 including CAOs, are positioned with the responsibility and authority necessary to implement the requirements of this policy. As appropriate, Senior Agency Officials should also work with the agency’s public affairs staff, open government staff, web manager or digital strategist, program owners, and other leadership to properly identify, publish, and collaborate with communities on their OSS projects.
Moreover, in support of the objectives and requirements of this policy, agencies should strengthen internal capacity to efficiently and securely deliver OSS as part of regular operations. Additional information on this topic will be provided on Code.gov.
7.2 Code Inventories and Discovery
Inventories are a means of discovering information such as the functionality and location of potentially reusable or releasable custom-developed code. Within 120 days of the publication date of this policy, each agency must update—and thereafter keep up to date—its inventory of agency information resources to include an enterprise code inventory that lists custom-developed code for or by the agency after the publication of this policy. Each agency’s inventory will be reflected on Code.gov. The inventory will indicate whether the code is available for Federal reuse, is available publicly as OSS, or cannot be made available due to a specific exception listed in this policy. Agencies shall fill out this information based on a metadata schema that OMB will provide on Code.gov.
Within 90 days of the publication date of this policy, the Administration will launch https://www.code.gov,35 an online collection of tools, best practices, and schemas to help agencies implement this policy. The website will include additional materials such as definitions, evaluation metrics, checklists, case studies, and model contract language—with the goal of enabling collaboration across the Federal Government and advancing the Government’s partnership with the public.
Additionally, Code.gov will serve as the primary discoverability portal for custom-developed code intended both for Government-wide reuse and for release as OSS. Note that Code.gov is not intended to house the custom-developed code itself; rather, it is intended to serve as a tool for discovering custom-developed code that may be available for Government-wide reuse or as OSS, and to provide transparency into custom-developed code that is developed using Federal funds. This discoverability portal will be publically accessible and searchable via a variety of fields and constraints, such as the name of the project, its intended use, and the agency releasing the source code. Code.gov will evolve over time as a community resource to facilitate the adoption of good custom source code development, sharing, and reuse practices.
7.4 Code Repositories
Accessible, buildable, version-controlled repositories for the storage, discussion, and modification of custom-developed code are critical to both the Government-wide reuse and OSS pilot program sections of this policy. Agencies should utilize existing code repositories and common third-party repository platforms as necessary in order to satisfy the requirements of this policy.36 Code.gov will contain additional information on this topic.
Licensing is a critical component of OSS and can affect how the source code can be used and modified. Accordingly, when agencies release custom-developed code as OSS, they shall append appropriate OSS licenses to the source code. Additional information on licensing will be available on Code.gov.
7.6 Agency Policy
Within 90 days of the publication date of this policy, each agency’s CIO—in consultation with the agency’s CAO—shall develop an agency-wide policy that addresses the requirements of this document. For example, the policy should address how the agency will ensure that an appropriate alternatives analysis has been conducted before considering the acquisition of an existing commercial solution or a custom-developed solution. In accordance with OMB guidance,37 these policies will be posted publicly. Moreover, within 90 days of the publication date of this policy, each agency’s CIO office must correct or amend any policies that are inconsistent with the requirements of this document, including the correction of policies that automatically treat OSS as noncommercial software.
7.7 Accountability Mechanisms
Progress on agency implementation of this policy will be primarily assessed by OMB through an analysis of each agency’s internal Government repositories, public OSS repositories, and code inventories on Code.gov, as well as data obtained through the quarterly Integrated Data Collection (IDC), quarterly PortfolioStat sessions, the IT Dashboard, and additional mechanisms to be provided via Code.gov.38
- 32 FITARA was codified as part of the National Defense Authorization Act for Fiscal Year 2015 (Title VIII, Subtitle D, H.R. 3979); accessible at https://www.congress.gov/bill/113th-congress/house-bill/3979. ↩
- 33 M-15-14: Management and Oversight of Federal Information Technology, Office of Mgmt. & Budget, Exec. Office of the President, June 10, 2015. https://www.whitehouse.gov/sites/default/files/omb/memoranda/2015/m-15-14.pdf. ↩
- 34 Senior Agency Officials include positions that may include the Chief Acquisition Officer, Chief Operating Officer, Chief Financial Officer, Chief Technology Officer, Chief Data Officer, Senior Agency Official for Privacy, Chief Information Security Officer, and Program Manager. ↩
- 35 Code.gov will be modeled after Data.gov (https://www.data.gov) and Project Open Data (https://project-open-data.cio.gov/). ↩
- 36 Covered agencies should ensure access to these services. See M-10-23: Guidance for Agency Use of Third-Party Websites and Applications, Office of Mgmt. & Budget, Exec. Office of the President, June 25, 2010. https://www.whitehouse.gov/sites/default/files/omb/assets/memoranda_2010/m10-23.pdf. ↩
- 37 See M-15-14: Management and Oversight of Federal Information Technology, Office of Mgmt. & Budget, Exec. Office of the President, June 10, 2015. https://www.whitehouse.gov/sites/default/files/omb/memoranda/2015/m-15-14.pdf. This requires that IT policies be posted publicly at https://[agency].gov/digitalstrategy, and included as a downloadable dataset in the agency’s Public Data Listing. ↩
- 38 PortfolioStat is the core oversight tool used by OFCIO to improve both the efficiency and effectiveness of Federal IT. PortfolioStat’s principle objectives are to serve as an overview of each agency’s portfolio of IT investments and to oversee execution of OFCIO and OMB-wide policy. For information on the IT Dashboard, see https://itdashboard.gov/. ↩