Information Technology Management Reform Act of 1996, Pub. L. No. 104-106, Div. E (1996) (now redesignated as the Clinger-Cohen Act).
The Act, which repealed the Brooks Act of 1965, decentralized the authority and responsibility for the acquisition of information technology resources from GSA to the individual agencies and established important new requirements. Among these provisions is the requirement that agencies "shall determine, before making an investment in a new information system" whether the function to be supported by the system:
- Should be performed by the agency,
- Should be performed by the private sector or another agency, or
- Should be redesigned to improve its efficiency.
These points are often referred to as the “three pesky questions.”
Other important changes relate to the ways that agencies justify, budget, and manage information technology acquisitions. Agencies are required by ITMRA to:
- Use capital planning and investment control to maximize the value and assess and manage the risks of information technology acquisitions.
- Ensure that "performance measurements are prescribed for information technology used by or to be acquired for the executive agency and that the performance measurements measure how well the information technology supports programs of the executive agency."
- Use performance- and results-based management methods that focus on intended outcomes of investments in information technology and that measure actual outcomes.
- Use modular contracting, to the maximum extent practicable, for an acquisition of a major system of information technology.
- Designate Chief Information Officers (CIOs) to ensure that information technology is acquired and that information resources are managed in advance of agency mission and programs.
The effect of ITMRA is that acquisitions should be justified based on program improvement goals, budgeted for as capital investments, and measured to ensure that the goals and projected returns-on-investment are realized.
Under section 5131 of the Act, the NIST develops standards, guidelines, and associated methods and techniques for federal computer systems. Federal Information Processing Standards are developed by the NIST only when there are no existing voluntary standards to address the federal requirements for the interoperability of different systems, the portability of data and software, and computer security.