TREASURY DIRECTIVE 81-11

DATE: January 17, 2025

SUBJECT: Treasury Chief Information Officer Review and Approval of Information Technology Acquisitions

  1. PURPOSE.  This Directive establishes the policies and assigns responsibilities for enhancing the transparency, risk management, and alignment to OCIO goals, with which Treasury procures Information Technology (IT) resources (e.g., applications, services, software, or hardware). This Directive authorizes the issuance of Treasury Directive Publication (TD P) 81-11, “Treasury Chief Information Officer Review and Approval of Technology Acquisitions”. Additional memorandums, or other authoritative guidance may be generated under the authority of this Directive in the future.
  2. SCOPE.  This Directive applies to all bureaus, offices, and organizations in the Department of the Treasury, including the Offices of Inspector General. The provisions of this Directive shall not be construed to interfere with or impede the authorities or independence of the Offices of Inspector General.
  3. POLICY.  It is the policy of the Department of the Treasury to procure and manage IT such that:
    1. The Treasury CIO (or their designee where applicable) shall review and approve all IT acquisitions executed during each fiscal year.
    2. The Treasury CIO will determine which types of acquisition reviews can be delegated to a Bureau CIO and will document this in the form of a delegation memorandum or other appropriate format. This authority, when granted, may not be further delegated without a formal memorandum signed by both the applicable Bureau CIO and the Treasury CIO.
    3. Treasury CIO delegations may be reviewed on a routine or ad hoc basis,and may be assigned or rescinded at any time based upon the level of compliance, mission needs, or other circumstances deemed relevant by the Treasury CIO.
    4. In cases where the review and approval of IT acquisitions is delegated to Bureau CIOs, the results of those reviews will be documented and submitted to the CIO using a process defined by the CIO.
    5. Shared services and enterprise contracts will be utilized to meet mission requirements, thereby improving efficiency and effectiveness of IT service delivery, and consolidates the range of security vulnerabilities and Departmental attack surface vulnerability. When an existing shared service or enterprise contract is determined unsuitable for satisfying the needs of a Bureau or Office, a waiver will be submitted by said Bureau or Office to the Treasury CIO with the full alternative IT project package. All alternative IT solutions are subject to review by the Treasury OCIO.
    6. The Treasury CIO may choose to highlight and ask for further data on certain planned IT acquisitions, as part of the Capital Planning and Investment Policy (CPIC) annual review process, for which the Bureau of Office shall comply.
    7. The Treasury CIO will aggregate IT acquisition-related data from internal and external sources to facilitate the review and approval processes of IT projects. This includes requesting data from Bureaus to assess the degree to which any delegated approvals are compliant with the CIO’s approved acquisition strategies.
  4. RESPONSIBILITIES.  For additional roles and responsibilities please refer to TD P 81-01.
    1. The Treasury CIO will:
      1. 1) establish and oversee an IT Acquisition review and approval program including a mechanism and process by which all IT acquisition reviews will be tracked and recorded;
      2. 2) review, assess, and make decisions about the pursuit of IT acquisitions as they arise throughout the fiscal year for the entirety of the Department;
      3. 3) establish an office or designate a staff representative(s) to assist with administration of the program, facilitation of submissions, and compliance;
      4. 4) publish and maintain a catalog of available shared services and enterprise contract vehicles;
      5. 5) report on the efficacy and impact of the IT acquisition review and approval process; and,
      6. 6) maintain a record of results of all reviews and waivers issued.
    2. Bureau CIOs will:
      1. 1) issue Bureau-level communications informing staff about the required OCIO IT acquisition reviews, including the criteria for Bureau level reviews/approvals;
      2. 2) review IT acquisitions to ensure compliance with Treasury OCIO policies and procedures;
      3. 3) actively ensure compliance with this Directive and associated policies and guidance, to include the use of shared services and enterprise contracts;
      4. 4) scrutinize and track requests for waivers to use alternatives when Treasury shared services or enterprise vehicles exist; and,
      5. 5) designate a representative(s) (e.g., Bureau/Office Submitter) to liaise with the Treasury OCIO IT acquisition review office or designees.
    3. Bureau/Office Submitters will:
      1. 1) provide notifications and briefing materials to the OCIO or OCIO representative for acquisitions that meet the criteria for Treasury CIO approval using the Treasury OCIO established mechanism and process(es);
      2. 2) promptly notify the OCIO or OCIO representative of any significant change to the scope, estimated cost, and/or timeline of an acquisition previously reviewed and approved by the CIO;
      3. 3) verify compliance with OCIO policies and requirements, including usage of shared services and/or enterprise contracts or the existing waiver process;
      4. 4) submit IT acquisitions that meet the criteria for Bureau CIO approval through the Treasury OCIO established mechanism using the established process(es); and
      5. 5) provide documents to the OCIO or OCIO representative that were a part of any other review performed for the IT project, but not included with the submission meeting the criteria for review by the Bureau CIO.
  5. AUTHORITIES.
    1. Treasury Order 101-05, “Reporting Relationships and Supervision of Officials, Offices and Bureaus, and Delegation of Certain Authority in the Department of the Treasury.”
    2. Treasury Order 102-10, "Designation of Chief Information Officer for the Department of the Treasury.”
    3. 40 USC Chapter 113, Subchapters II and III (11311, et seq. and 11331).
    4. 44 USC Chapters 35 and 36 (3501, et seq. and 3601, et seq.).
    5. Public Law 107-347, E-Government Act of 2002, as amended.
    6. OMB Circular A-130, Management of Federal Information Resources.
    7. OMB Circular A-11, Preparation, Submission, and Execution of the Budget.
    8. The enhanced Chief Information Officer management responsibilities designated in Executive Order 13833 “Enhancing the Effectiveness of Agency Chief Information Officers”, dated May 15, 2018
    9. Public Law 115-336, 21st Century Integrated Digital Experience Act (IDEA), Section 6.
    10. Public Law 115-91, National Defense Authorization Act for Fiscal Year 2018, Title X, Subtitle G (§§ 1076 through 1078) – Modernizing Government Technology Act.
    11. Public Law 115-435, Foundations for Evidence-Based Policymaking Act of 2018, Title II – Open Government Data Act.
    12. The mandates regarding modernizing federal cybersecurity capabilities as designated in Executive Order 14028 “Improving the Nation’s Cybersecurity,” dated May 12, 2021.
  6. OFFICE OF PRIMARY INTEREST.  Office of the Deputy Assistant Secretary for Information Systems and Chief Information Officer, Office of the Assistant Secretary for Management.

 

/S/
Aditi Hardikar
Assistant Secretary for Management