Freedom of Information Act (FOIA)

Home > Freedom of Information Act (FOIA) > FOIA Resources, Directives > NARA 101, PART 10. Information Services

NARA 101, PART 10. Information Services

ORGANIZATION

1.    Chief Information Officer (CIO)

  1. Serves as the National Archives and Records Administration’s (NARA) Chief Information Officer (CIO) and leads a NARA-wide information technology (IT) program to carry out the provisions of the Federal Information Technology Acquisition Reform Act (FITARA) of 2014, the Federal Information Security Modernization Act (FISMA) of 2014, the Information Technology Management Reform Act of 1996 (hereafter the “Clinger-Cohen Act”), and the E-Government Act of 2002.
  2. Serves as the NARA representative to the CIO Council and related committees and establishes partnerships with other Federal agencies to implement government-wide IT initiatives.
  3. Provides executive leadership in meeting customers' needs for effective, compliant IT services, solutions, and systems.
  4. Supports the Chief Innovation Officer in meeting customers’ needs for effective and innovative social media, open government, and digitization services, solutions, and systems. Supports Office of Innovation goals and projects.
  5. Advises and keeps the Archivist of the United States, Deputy Archivist, and executive teams apprised of NARA’s IT planning activities (including Enterprise Architecture and Capital Planning), and related budgetary requirements, Open Government, and IT programmatic direction from Office of Management and Budget (OMB) and of Congress, the latter especially in cooperation with NARA’s Congressional Affairs staff. Collaborates in developing strategies for presenting IT direction and budget issues to OMB, Congress, and the Government Accountability Office (GAO). Assists the Archivist and other senior managers in preparing for meetings with OMB staff and Congressional appropriations staff, and serves as a spokesperson at hearings. Provides expert testimony and answers questions for the record, as necessary.
  6. Carries out the provisions of the Paperwork Reduction Act of 1995, including directing activities involving the collection, use, and dissemination of information. 
  7. Ensures that the “open NARA” principle of seeking input and participation from stakeholders and customers (internal and external) is actively pursued, and that the input is considered in making decisions.
  8. Provides executive leadership by guiding coordination of the programs and infrastructure within the Office of the Chief Information Officer, consulting with colleague executives, the Chief of Management and Administration (CMA), the Chief Operating Officer (COO), the Chief Innovation Officer, the Deputy Archivist, and the Archivist.  Participates in internal and external customer service councils and meetings.  Establishes and manages IT governance boards and provides Executive Secretariat services to the Information Technology Steering Committee. Evaluates feedback from key subordinates and considers evaluation reports from GAO, NARA’s Inspector General (OIG), OMB, and other relevant bodies.
  9. Participates in NARA executive teams, shaping NARA’s strategic direction and producing practical and creative high-level approaches to address related matters such as: agency-wide aligned outcomes/goals and priorities, customer- and stakeholder-focused needs and expectations, internal change management, employee satisfaction, outreach and relationship-building, one-voice communication, and problem resolution.

2.    Associate CIO for Business and Investment Delivery

  1. Collaborates with Information Services divisions and staffs, establishes strategic and tactical IT plans and ensures Information Services programs manage against measurable objectives to accomplish those plans.
  2. Ensures Information Services implements OIG, GAO, and other oversight body recommendations for all relevant information resources programs.
  3.  Program Management Division
    1. Monitors and analyzes proposed and existing projects, providing oversight of various projects within the program to identify and track dependencies and issues, and achieve program goals.
    2. Identifies and implements repeatable processes and reusable components among projects within programs.
    3. Improves communication with business stakeholders, project teams, and the Office of the CIO reducing the risk of project cost and schedule overruns resulting in projects that do not adequately meet NARA’s business objectives.
    4. Manages customer expectations and service while coordinating NARA governance processes.
    5. Understands and helps define business requirements, manages NARA’s Systems Development Lifecycle (SDLC) activities for NARA’s IT system and infrastructure portfolio
  4. Investment Management Division
    1. Capital Planning and Investment Management
      1. Develops policies, standards, guidance, and processes for the selection, control, and evaluation of NARA IT investments, programs, systems, and services.
      2. Manages the execution of NARA’s IT Capital Planning and Investment Control (CPIC) policy and process.
      3. Supports business unit representatives, project managers, and other NARA staff in navigating the CPIC processes.
      4. Analyzes documentation such as business needs, business cases, project status reports, operational analysis, lessons learned, and other investment documentation.
      5. In coordination with NARA offices and IT managers, ensures that an enterprise System Inventory is in place and maintained, as per OMB Circular A-130 and 44 U.S.C. § 3505(c).
    2. Financial Management
      1. Provides financial planning and management for Information Services, including implementing, tracking, and analyzing the Information Services Fund, the IT Common Distributable (ITCD) Fund, and the Systems Common Distributable (Systems CD) Fund operating budgets as well as travel and training funds.
      2. Coordinates the development of the financial plan and budget execution processes for Information Services, including the management of spend plans for IT, and associated rates for splitting allocation costs, with NARA program and project managers, and business stakeholders.
      3. Manages and monitors budget execution of appropriated and revolving funds supporting IT operational and business systems, analyzes variances against plans, and makes necessary adjustments.
      4. Prepares NARA IT budget exhibits for OMB.  Interprets and complies with OMB guidance and data calls, such as quarterly Integrated Data Collections (IDC) and PortfolioStat reviews.
    3. Acquisitions Management
      1. Serves as technical expert for Information Services acquisitions, working closely with the Office of the Chief Acquisition Officer.
      2. Creates templates for writing statements of work (SOW) for various types of acquisition strategies.
      3. Prepares limited- and sole-source justifications for Information Services acquisitions requiring such justifications.
      4. Ensures compliance with all guidance concerning acquisition laws and regulations, policies and procedures as well as OMB guidance for the acquisition of goods and services. Implements procurement initiatives, best practices and guidance to staff regarding contracting for services, development of contracts and statements of work, and reforms/measurements for all Information Services acquisitions.
  5. Services, Compliance, and Risk Management Division
    1. Manages administrative functions for Information Services:  communications activities, correspondence tracking, scheduling of training; centralized timekeeping; executing human resources transactions, including personnel actions and reporting from NARA’s Human Resources systems; and develops internal procedures for use by managers and staff.
    2. Audits
      1. Serves as Information Services’ audit liaison and coordinates responses and action plans for OIG, GAO, and other oversight body audits and investigations.
      2. Conducts data collection, validation, data entry, and management for the audit resolution process for all audit recommendations affecting Information Services.
    3. Strategic Planning and Policy
      1. Monitors progress and reports to external organizations on NARA’s E-Government participation and internally on NARA’s Strategic and Annual Performance Plan objectives and targets.
      2. Assists the Associate CIO in establishing strategic and tactical IT plans and ensures Information Services programs manage against measurable objectives to accomplish those plans. Responds in a timely manner to internal and external reporting requirements.
      3. Serves as the Information Service’s forms and policy liaison; coordinates clearance comments on agency policies and plans, develops, and coordinates the creation and updating of NARA forms and policies promulgated in NARA’s 800 series of directives related to hardware, software, systems development, IT security, and data and voice communications.
      4. Manages a quarterly strategic reporting program with NARA program and support offices and major contractual partners of the OCIO.    
    4. Risk Management and Internal Control
      1. Develops, manages, and coordinates an organizational risk management program for Information Services; combining divisional, program, project, operational, and security risks into a holistic framework for managing risk and opportunities to agency information systems and resources.
      2. Participates in the valuation of risk impact during project reviews and baseline management, and stage gate reviews as a part of the IT governance process for a system’s development lifecycle.
      3. Performs risk assessments to ensure effective management of risk and to verify and validate risk management plans, and risk register data including identification, risk statements, risk description, risk value, and mitigation.
      4. Assesses the state of risk exposure for the Information Services through the review of risk registers, project reporting tools, and information from system portfolios and recommend risk reporting to the Office of the CIO.
      5. Exchanges risk information across NARA organizational boundaries providing an understanding of the risks and controls assessed and managed across the agency.
      6. Provides risk management input to mandatory reports required by external oversight authorities such as GAO and OMB.
      7. Ensures projects risks are integrated, managed and tracked at an enterprise level where applicable.
      8. Integrates enterprise IT risks into the NARA Enterprise Risk process and collaborates as necessary.
      9. Collaborating with the Financial Reporting and Analysis Staff, manages and reports on the administration of Information Services’ Internal Controls program.

3.    Chief Technology Officer

  1. Develops and maintains enterprise architectures (EA) for NARA; documenting, revising, updating, and submitting NARA’s EA work products to OMB and other planning agencies. 
  2. Provides guidance and technical leadership pertaining to EA; planning, design, and configuration management of all agency-wide hardware, software, database management systems; and emerging technologies.
  3. Serves as advisor to the CIO and Deputy CIO, office heads, high-level managers within NARA, and senior officials throughout the Government on NARA-related IT initiatives and issues and on setting NARA’s overall IT direction.
  4. Directs the planning, architecture, design, and configuration management of all agency-wide hardware, software, database management systems, telecommunications, data, Local Area Networks/Wide Area Networks (LAN/WAN), Cloud-based networks and systems and related equipment; approves systems development methodologies and configuration changes to NARA’s technology infrastructure.
  5. Manages NARA’s EA program, and directs the development and maintenance of NARA’s EA work products.
  6. Provides guidance and technical leadership to NARA IT managers and staff involved in the design, development, implementation, modification, maintenance, and integration of intra- and inter-agency and public access systems through which NARA administers its programs.
  7. In coordination with NARA offices, leads, plans, and coordinates organizational re-engineering from the IT perspective. Recommends strategies for IT managers in addressing NARA’s IT needs. Evaluates new information technologies for adoption by NARA and reviews existing technologies to determine continued operational capability.

4.    Deputy Chief Information Officer (DCIO)

  1. Assists the CIO in leading agency-wide IT programs and carrying out the provisions of enacted IT legislation.
  2. Leads an integrated “DevSecOps” environment consisting of the Systems Engineering, Enterprise Data Management, Development and Tools Management, Cyber Security and Information Assurance, and Service Operations Delivery divisions, to improve the development and sustainment of NARA information systems and ensure the confidentiality, reliability, and availability of NARA information resources.
  3. Systems Engineering Division
    1. Leads a multi-disciplinary effort in adopting emerging and complex technologies with significant systems engineering and development challenges into the portfolio of IT systems, applications, IT infrastructure, telecommunications, and new projects.  
    2. Analyzes and incorporates various engineering disciplines, such as performance, capacity, reliability, scalability, maintainability, and human engineering into present and future IT investment deployments. 
    3. Proposes new technology solutions for NARA to incorporate.
    4. Conducts performance and capacity testing on the existing WAN and subordinate LAN to identify and make improvements and necessary changes to the network to address network performance or the user experience.
    5. Conducts engineering reviews of Systems Development Lifecycle (SDLC) deliverables for new and existing IT systems and IT infrastructure, systems, and telecommunication requirements and designs for construction projects.
  4. Enterprise Data Management Division
    1. In coordination with NARA offices and IT management, develops and documents strategies for all data management initiatives, encompassing global data management, governance, quality, and vendor relationships across the enterprise.
    2. In coordination with NARA offices and IT management, develops and maintains enterprise data policies, including data format, standards, ownership, privacy, and security.
    3. In coordination with the CTO, researches and implements technology solutions that support internal staff data analytics needed to enable data-driven decisions.
    4. In coordination with NARA offices and IT management, researches and implements solutions for scalable external data discovery and sharing.
    5. Oversees the education of the enterprise on data management concepts, the appropriate usage of data, enterprise master data management and data quality concepts, definition and appropriateness of data management, rules on data access, and other data-related issues.
    6. Controls and improves the efficiency of processes associated with the collection, storage, and reproduction of NARA’s data.
    7. For records lifecycle data, works with IT governance boards, the Lifecycle Data Standards Board, the Office of Innovation, and appropriate offices to develop, maintain, and advocate NARA data architecture and data content and value standards and ensures appropriate guidance and training to NARA staff.
    8. For non-records lifecycle data, works with appropriate NARA offices to develop, maintain, and advocate NARA data architecture and data content and value standards and provides appropriate guidance and training to NARA staff.
    9. With the Office of Innovation, establishes, monitors, and maintains policies relating to records lifecycle processes and data. Coordinates and reviews records lifecycle process flows, workflows, data models, and business rules.
    10. In coordination with other offices, establishes standards for all activities related to the selection and use of database management systems.
  5. Development and Tools Management Division
    1. Provides oversight for system development, maintenance and enhancements of existing systems, and operations support for applications and tools at NARA.
    2. Directs and coordinates activities related to the design, development and implementation of software application systems and commercial off-the-shelf (COTS) software implementation and support.
    3. Develops and maintains an electronic records management and preservation strategy for NARA holdings.
    4. Collaborates with the Executive for Research Services, Chief Records Officer, the Chief Innovation Officer and other NARA units to provide technical assistance to Federal agencies on the management, preservation, and accessibility of electronic records.
    5. Systems Development 
      1. In coordination with NARA offices and IT managers, identifies and validates the need for development and enhancement of systems and tools. 
      2. Designs, develops, and implements new software systems, and enhances existing systems and applications.
      3. Establishes and documents programming standards for application development. 
      4. In coordination with the CIO, CTO, and IT managers, ensures that systems and applications pass through appropriate reviews, receive Authority to Operate (ATO), and are deployed following required processes.
      5. Oversees the design and development of the Electronic Records Archives (ERA) suite of systems and related applications; deploys ERA systems to NARA units and to Federal agencies for their implementation.
    6. Application Management and Support
      1. For systems with an Authority to Operate, ensures the proper operational level of performance to meet agency needs. 
      2. When required, provides expert technical support and services for deployed applications, including minor enhancements.
      3. Provides patching, code, and “bug” fixes for deployed applications.
    7. Tools Support
      1. Manages Section 508 compliance.
      2. Provides patching, code, and “bug” fixes support to the NARA community in the use of tools used across the agency.
      3. Provides development support for the customization of COTS products, and end user support for NARA-specific versions of COTS applications.
    8. Training
      1. Standardizes training approaches and activities across all projects within Information Services.
      2. Ensures that training material for all required systems, tools, procedures, and processes for Information Services are designed and produced.
      3. Develops or oversees training handouts, instructional materials, aids, and manuals.
      4. Organizes, coordinates, and holds training, using appropriate delivery strategies: self-paced, interactive over the Internet, classroom setting, and video.  
      5. Ensures that all training material is maintained and up-to-date as well as under configuration management.    
      6. Periodically evaluates ongoing training programs to ensure that they reflect any changes.
      7. Ensures appropriate training plans are addressed in contracts for delivering tools and systems to end users.
  6. Cyber Security and Information Assurance Division
    1. Chief Information Security Officer (CISO)
      1. Develops and manages an IT Security Program that includes:  
        1. Standards that meet the requirements promulgated under  40 U.S.C. § 11331, Responsibilities for Federal Information Systems Standards.
        2. Standards and guidelines for NARA IT systems issued in accordance with law and as directed by the President.  These security activities comply with applicable Federal statutes, and must align with the standards specified in the NARA IT security architecture.
        3. Management processes that are integrated with agency strategic and operational planning processes.
        4. Provision for the security of information and IT systems that support the operations and assets under their control.
        5. Provision for IT security protections commensurate with the risks and magnitude of harm that may result from unauthorized access, use, disclosure, disruption, modification, or destruction of electronic information collected or maintained by, or on behalf of, NARA; and electronic information systems used or operated by, or on behalf of, NARA.
        6. Provision for security compliance assessments for electronic information and information systems supporting the operation and assets of NARA, including those provided by or managed by another agency, contractor, or other source.  
        7. Carries out the CISO responsibilities under the Federal Information Security Modernization Act (FISMA) of 2014.
        8. Ensures the assignment of appropriate officials to security responsibilities, provides appropriate training awareness to system users, and makes recommendations to the Authorizing Official (AO) whether a system should be  Authority to Operate (ATO) before operations and periodically thereafter. 
    2. Monitoring and Engineering Branch
      1. Assures the appropriate integration of security controls as part of the systems engineering process, and provides guidance and assistance to systems owners on matters of IT security.
      2. Develops, maintains, and implements a continuous monitoring strategy that ensures enterprise-wide compliance with the IT security architecture. This includes network and endpoint monitoring, and vulnerability assessment.
      3. Ensures NARA’s services, solutions, and systems are secure and compliant while at the same time are functional and effectively meet identified customer needs.
      4. Manages the Continuous Authorization program for all IT systems.
      5. Maintains oversight of the agency’s system-level Plan of Action and Milestones (POA&M), working with the business to resolve items within established timeframes. 
      6. Develops and implements the IT Security Incident Management and Response Program.
    3. Authorization Branch
      1. Implements the NARA computer security training program for all NARA staff, volunteers, and contractors.
      2. Develops and updates IT Security policies and in conjunction with the CIO, Deputy CIO, CTO, develops the NARA-wide IT security architecture.
      3. Provides guidance, training, and support services as Information System Security Officers (ISSOs).
      4. Responds to OIG, GAO, and other oversight bodies on inquiries pertaining to computer security.
      5. Assesses the IT security program to ensure compliance with Federal law, and NARA policy, assuring the continuous improvement and maturity of the program.
  7. Service Operations Delivery Division
    1. Oversees the development, implementation, and use of IT throughout the agency, working closely with business units to assess and address business and user needs.  Areas of responsibility include the full range of information systems and telecommunications activities, including determining user requirements, recommending practical solutions, and leading the agency’s efforts to improve the effective use of technology.
    2. Develops a world-class IT operations division, working with the CTO, the Deputy CIO and CIO to transition the operational unit from a government on-premise operated infrastructure to an optimized hybrid operation, utilizing the cloud computing Infrastructure-as-a-Service (IaaS), Platform-as-a-Service (PaaS), and Software-as-a-Service (SaaS) offerings. 
    3. Assists the organization with the overall planning, organizing, and execution of all IT functions. This includes directing all IT operations to meet customer requirements as well as the support and maintenance of existing applications and development of new technical solutions.
    4. Monitors, manages, maintains, and controls IT services and IT infrastructure. Oversees IT operations execution day-to-day routine tasks related to the operation of infrastructure components and applications. 
    5. Assists the CIO and Deputy CIO in leading the agency-wide IT program and carrying out the provisions of enacted IT legislation.
    6. Ensures coordination and collaboration with NARA units to ensure solutions are innovated, analyze, and evaluate to maximize results for NARA’s customers. 
    7. Network and Cloud Services Branch
      1. Manages the operational systems within the NARA IT infrastructure, including cloud-based applications and electronic records systems at the Allegheny Ballistics Laboratory (ABL). 
      2. Ensures adequate management of the customer support services related to help desk activities for electronic records systems and NARA’s IT infrastructure, including delivery of IT support services. 
      3. Manages the NARA enterprise IT network and cloud-hosted operations to include monitoring network utilization and the status of all network devices, as well as the desktop environment to ensure performance requirements agency-wide are met.
      4. Maintains the NARANet IT infrastructure, including email, file and print, enterprise storage, and voice and data communications systems and ensures that the infrastructure conforms to all NARA policies and guidelines. 
      5. Provides Contracting Officer’s Representative (COR) and Technical Management (TM) services for operations-related contracts as necessary. 
      6. Performs security management functions in support of operations and infrastructure activities, including developing policies, processes, and procedures.
      7. Maintains life-cycle maintenance of PCs, servers, and LAN network connectivity equipment.
    8. End-User Services Branch
      1. Performs change management, configuration management, release management, risk management, and security management in support of operations and infrastructure activities, including developing policies, processes, and procedures. 
      2. Manages asset management activities with NARA Facilities and Property Management to ensure proper property accountability and reporting for all operations-related assets. 
      3. Provides COR and TM services for operations-related contracts as necessary. 
      4. Provides IT operations functions to offices for the organization’s standard hardware, software and voice/data network solutions. 

5.        Associate CIO for Product Services Delivery

  1. Project Management Division
    1. Upon approval from NARA governance boards, provides project management services for the development of IT applications, systems, and tools agency-wide.
    2. Manages project scope, cost, schedule, and risk; including milestones and system development deliverables from requirements definition, through system development, implementation, and transition to operations.
    3. Improves communication between project teams, the Office of the CIO, and business stakeholders reducing the risk of project cost and schedule overruns resulting in projects that do not adequately meet NARA’s business objectives.
    4. In coordination with the Services and Compliance Division, develops and implements the acquisition strategy.
    5. In coordination with IT managers, ensures that the NARA System Development Life Cycle (NARA 805) is updated and followed appropriately.
  2. Requirements Management Division
    1. Provides subject matter expertise in the areas of Business Case Development, Requirements Analysis, Requirements Documentation, and Requirements Management for projects in the NARA IT portfolio.
    2. Provides agency policy, standards, guidance, and templates for requirements development and management.
    3. Standardizes requirements development approaches and activities across projects in the NARA IT portfolio, including:
      1. Assists the Program and Project Management divisions with justifications for new/updated systems.
      2. Facilitates requirements elicitation discussions with stakeholders and project teams to gather stakeholder needs.
      3. Performs requirements analysis to analyze and identify gaps and areas for improvement.
      4. Develops the appropriate level of requirements documentation based on the project's approved tailoring plan (e.g., Stakeholder Requirements, System Requirements, Use Cases, User Stories.)
      5. Maintains requirements baseline and traceability matrix in QA management systems.
      6. Supports user engagement and team collaboration across all projects within the NARA IT portfolio.
  3. Quality Assurance Division
    1. Test 
      1. For all IT systems in the NARA portfolio, performs the following types of independent testing to ensure the highest standards of quality are built into software development:  Acceptance Testing, Integration Testing, Verification & Validation, End User Testing, Manual Testing, Monitor Testing activities, and Section 508 Review/Testing.
      2. Centralizes all Verification and Validation activities for NARA so that testing resources can be used most effectively.
      3. Supports all of Information Services “Agile” projects, including:  monitoring iteration/sprint level test activities, creating end-to-end acceptance test procedures, conducting exploratory testing, performing acceptance testing of new features delivered, and performing regression end-to-end testing.
      4. Participates and aids program management in moving to Agile management methodologies.
      5. Standardizes testing approaches and activities across all projects within the NARA IT portfolio, including:  developing test plans as well as related test documents; determining testing criteria; performing system testing for in-house developed projects; providing oversight on testing being performed by contractors and coordinating and supporting all end user testing activities.
    2. Configuration Management 
      1. Provides centralized configuration management (CM) services for systems in the NARA IT portfolio.
      2. Provides structure for identifying and controlling documentation, software code, interfaces, and databases to support all life-cycle phases.
      3. Supports a chosen development/maintenance methodology that fits the requirements, standards, policies, organization, and appropriate management philosophy.
      4. Standardizes CM processes to manage product information regarding system baselines, change control, tests, releases, audits.
      5. Ensures all appropriate CM standards and processes are followed throughout all life-cycle phases.  Socializes CM processes with project managers and other groups as needed.
      6. Standardizes Configuration Control approaches and activities across all projects within the NARA IT portfolio, including:  standardizing charters; overseeing CM activities performed by contractors; ensuring key stakeholders are kept informed of the progress and the state of software deployment activities.
    3. Release and Deployment
      1. Focuses on the transition of software/hardware from development to testing to deployment to eventual replacement.
      2. Identifies specific software code and/or hardware to comprise each deployment.
      3. Ensures all test cases have been identified and passed.
      4. Provides for the actual physical distribution of software code/hardware.
      5. Verifies that what was deployed was installed correctly and performs as it should.
      6. Ensures that the integrity of all contractually delivered software and hardware is preserved by controlling and managing how it is implemented. 

DELEGATION OF AUTHORITIES

Authorities Delegated to Information Services by the Archivist

6.    Information Resources Management

  1. Serves as the Chief Information Officer (CIO), responsible for carrying out the provisions of the Clinger-Cohen Act of 1996, the E-Government Act of 2002, and the Federal Information Technology Acquisition Reform Act of 2014.  This authority is retained by the Chief Information Officer and may not be re-delegated.
  2. Responsible for ensuring compliance with the requirements imposed on NARA by section 2(a) of the Federal Information Security Modernization Act (FISMA) of 2014 (44 U.S.C. 3554).  This authority is re-delegated to the Chief Information Security Officer and may not be re-delegated.  
  3. Reports annually to the officials and committees listed in 44 U.S.C. 3554(c)(1)(A) on the adequacy and effectiveness of information security policies, procedures, and practices. This authority is re-delegated to the Chief Information Security Officer and may not be re-delegated.
  4. Reports annually to the Director of OMB the results of an independent evaluation of the information security program and practices that determined the effectiveness of the program and practices (44 U.S.C. 3555(e)). This authority is re-delegated to the Chief Information Security Officer and may not be re-delegated.
  5. Responsible for management activities involving the collection, use, and dissemination of information (44 U.S.C. 3506 (c)(6)), including an annual comprehensive budget for all NARA-conducted collections of information from the public (5 CFR 1320.17), requests for emergency processing of submissions of information requests      (5 CFR 1320.13), and overall responsibility for quality, objectivity, utility, and integrity of information (PL106-554, sec. 515).  This authority is retained by the Chief Information Officer and may not be re-delegated.  Also see Chief of Management and Administration responsibilities in NARA 101, Part 12, paragraph 2.   
  6. Approve waivers for the Federal Information Processing Standards (FIPS) for computers when compliance would adversely affect NARA's mission or cause a major financial impact (PL 104-106, Section E, Information Technology Management Reform Act).  This authority is re-delegated to the Director, Service Operations Delivery Division.

7.    Federal Information Security (44 U.S.C 3554(a))

  1. Provides information security protections commensurate with the risk and magnitude of the harm resulting from unauthorized access, use, disclosure, disruption, modification, or destruction of information systems and information collected or maintained by or on behalf of NARA. This authority is re-delegated to the Deputy Chief Information Officer and is re-delegated to the Chief Information Security Officer and the Director, Services Operations Delivery Division.   
  2. Complies with the requirements of FISMA and related policies, procedures, standards, and guidelines.
  3. Ensures the integration of information security management processes with agency strategic, operational, and budgetary planning processes. This authority is re-delegated to the Associate CIO for Business and Investment Delivery. 
  4. Reports annually to the officials and committees listed in 44 U.S.C. 3554(c) on the adequacy and effectiveness of information security policies, procedures, and practices. This authority is re-delegated to the Chief Information Security Officer. 
  5. Reports annually to the Director of OMB the results of an independent evaluation of the information security program and practices that determined the effectiveness of the program and practices. This authority is re-delegated to the Chief Information Security Officer.

8.    General Administration

  1. Accept and use voluntary and uncompensated personal services for NARA       (44 U.S.C. 2105(d)).  This authority may be re-delegated to unit heads.  
  2. Accept orders from other departments, establishments, bureaus, or offices for materials, supplies, equipment, work, or service (31 U.S.C.1535).  This authority is retained by the Chief Information Officer and may not be re-delegated.
Top