TREASURY DIRECTIVE 81-12

DATE: March 16, 2026

SUBJECT: Treasury Software Repositories

  1. PURPOSE.  This Directive outlines roles and responsibilities related to the development and management of custom-developed code within the Department of the Treasury (Treasury) in accordance with the requirements of the Source code Harmonization and Reuse in Information Technology (“SHARE IT”) Act (44 USC 3501). It also authorizes the issuance of Treasury Directive Publication (TD P) 81-12.

  2. SCOPE.  This Directive applies to all bureaus, offices, and organizations in Treasury, excluding the Offices of Inspector General. The provisions of this Directive shall not be construed to interfere with or impede the authorities or independence of the Offices of Inspector General. Terms used herein and not otherwise defined shall have the meanings ascribed to such terms in the SHARE It Act. For purposes of this Directive, “source code” or “code artifacts” also include

    1. Custom-developed software code for agency missions, services, or internal operations (whether developed by federal staff or by vendors on the Treasury’s behalf),
    2. Configuration scripts, build tools, and infrastructure-as-code repositories that automate deployment or manage environments,
    3. Documentation, schemas, data models, and related artifacts necessary to build, test, or deploy the software (as referenced in the SHARE IT Act’s definition of “technical components” of code).

    The Directive shall not apply to (i) classified source code or source code developed primarily for use in a national security system (as defined in 40 USC 11103), (ii) classified source code or source code developed primarily for use in a national security system (as defined in 40 USC 11103) or by part of an agency that is an element of the intelligence community (as defined in 50 U.S.C. 3003(4), and (iii) source code the disclosure of which is exempt under the Freedom of Information Act (5 USC 552(b)).

  3. POLICY.  The Department of the Treasury shall manage source code in a secure, standardized, and centralized manner. All bureaus and offices must maintain non-sensitive source code in a commercial cloud repository in accordance with TD P 81-12. Source code must be maintained in a documented and operable state, free of embedded credentials or sensitive operational data, to ensure authorized Treasury personnel can securely access, maintain, and deploy systems. Bureaus and offices are responsible for enforcing source code hygiene and appropriate sensitivity classification to support enterprise security and continuity of operations. Sensitivity designation does not in itself exempt source code from centralized repository requirements. Exclusions will be granted per the exemptions mentioned above and any other discretionary exemptions will be considered only when the Treasury CIO determines, in consultation with the Office and General Counsel and Federal Privacy Council, that required security controls cannot be met within the designated repository environment. Compliance with this Directive is mandatory.
  4. RESPONSIBILITIES.
    1. The Treasury Assistant Secretary for Management (ASM) serves as the senior Department official responsible for reviewing and approving changes to policy to assess the impact of any changes on Treasury resources.
    2. The Chief Information Officer is responsible for:
      1. 1) Establishing implementation standards set forth in this Directive and Publication;
      2. 2) Overseeing Department-wide compliance with this Directive;
      3. 3) Determining acceptable repository platforms and granting deviations on a case-by-case basis; and,
      4. 4) Leading enterprise coordination through the Treasury CIO Council.
    3. The Senior Procurement Executive, in coordination with Bureau and Office procurement leads, is responsible for ensuring acquisition policies and contracts incorporate requirements for source code ownership, centralized repository management, and operability consistent with this Directive and TD P 81-12.
    4. Bureau and Office CIOs are responsible for:
      1. 1) Ensuring all source code under their purview is maintained in approved repositories in accordance with this Directive and TD P 81-12;
      2. 2) Enforcing source code hygiene and sensitivity classification requirements; and,
      3. 3) Certifying compliance and coordinating any required deviation requests with the Department CIO.
  5. PROCEDURES. Please see TD P 81-12 for additional procedural information.
  6. AUTHORITIES.
    1. Public Law 118-187, Source Code Harmonization and Reuse in Information Technology Act.
    2. OMB Guidance issued pursuant to Section 3(d)(3) of the SHARE It Act.
    3. Treasury Order 101-05, “Reporting Relationships and Supervision of Officials, Offices and Bureaus, and Delegation of Certain Authority in the Department of the Treasury.”
    4. Treasury Order 102-10, "Designation of Chief Information Officer for the Department of the Treasury.”
  7. OFFICE OF PRIMARY INTEREST.  Office of the Deputy Assistant Secretary for Information Systems and Chief Information Officer, Office of the Procurement Executive (OPE), and Office of the Assistant Secretary for Management.

 

/S/
Sam Corcos
Deputy Assistant Secretary for Information Systems & Chief Information Officer