Office of the Federal Chief Information
Officer

Information technology (IT) advancements have been at the center of a transformation in how the private sector operates—and revolutionized the efficiency, convenience, and effectiveness with which it serves its customers. The Federal Government largely has missed out on that transformation due to poor management of technology investments, with IT projects too often costing hundreds of millions of dollars more than they should, taking years longer than necessary to deploy, and delivering technologies that are obsolete by the time they are completed. We are working to close the resulting gap between the best performing private sector organizations and the federal government.

The Office of the Federal Chief Information Officer (OFCIO), also known as the Office of E-Government and Information Technology (E-Gov), is headed by the Federal Government’s Chief Information Officer (CIO) and develops and provides direction in the use of Internet-based technologies to make it easier for citizens and businesses to interact with the Federal Government, save taxpayer dollars, and streamline citizen participation.

Reports and Documents

Memoranda | Circulars | Strategies and Guides | Reports | Archive

Resources

Background and Resources | Federal Enterprise Architecture | Archive

---

Memoranda

A complete list of OMB memoranda is available for your review on the WhiteHouse.gov site. Listed here are recent OFCIO memoranda.

• M-24-18 Advancing the Responsible Acquisition of Artificial Intelligence in Government (October 3, 2024) (36 Pages, 448 KB)
• M-24-15 Modernizing the Federal Risk and Authorization Management Program (FedRAMP) (July 25, 2024) (21 pages, 329 KB)
• M-24-14 Administration Cybersecurity Priorities for the FY 2026 Budget (July 10, 2024) (5 Pages, 122 KB)
• M-24-10 Advancing Governance, Innovation, and Risk Management for Agency Use of Artificial Intelligence (March 28, 2024) (34 pages, 498 KB)
  • Note: This policy underwent a public comment period from November 2-December 5, 2023. OMB’s explanation and response to public input can be found here and the public comment draft can be found here.
• M-24-08 Strengthening Digital Accessibility and the Management of Section 508 of the Rehabilitation Act (digital) (December 21, 2023) (17 Pages, 264 KB)
• M-24-04 Fiscal Year 2024 Guidance on Federal Information Security and Privacy Management Requirements (December 4, 2023) (18 Pages, 359 KB)
• (DRAFT) M-24-XX Modernizing the Federal Risk Authorization Management Program (FedRAMP) (October 27, 2023) (17 Pages, 353 KB)
  • Note: This is a proposed policy currently undergoing public comment until November 27, 2023. Please visit https://www.cio.gov/policies-and-priorities/fedramp/ for additional information.
• M-23-22 Delivering a Digital-First Public Experience (Digital) (September 22, 2023) (32 Pages, 215 KB)
• M-23-18 Administration Cybersecurity Priorities for the FY 2025 Budget (June 27, 2023) (5 Pages, 579 KB)
• M-23-16-Update-to-M-22-18-Enhancing-Software-Security (June 9, 2023) (5 Pages, 277 KB)
• M-23-13 “No TikTok on Government Devices” Implementation Guidance (February 27, 2023) (4 Pages, 281 KB)
• M-23-10 The Registration and Use of .gov Domains in the Federal Government (February 8, 2023) (3 Pages, 96 KB)
• M-23-07 Electronic Records (December 23, 2022) (3 Pages, 325 KB)
• M-23-03 FY23 FISMA Guidance (December 2, 2022) (17 Pages, 240 KB)
  • Note: This policy has been rescinded by M-24-04 Fiscal Year 2024 FISMA Guidance, issued December 4, 2023.
• M-23-02 Migrating to Post-Quantum Cryptography (November 18, 2022) (8 Pages, 113 KB)
• M-22-18 Enhancing the Security of the Software Supply Chain through Secure Software Development Practices (September 14, 2022) (8 Pages, 397 KB)
• M-22-16 Administration Cybersecurity Priorities for the FY 2024 Budget (July 22, 2022) (5 Pages, 372 KB)
• M-22-09 Moving the U.S. Government Toward Zero Trust Cybersecurity Principles (January 26, 2022) (29 Pages, 913 KB)
• M-22-05 Fiscal Year 2021-2022 Guidance on Federal Information Security and Privacy Management Requirements (December 6, 2021) (15 Pages, 234 KB)
• M-22-01 Improving Detection of Cybersecurity Vulnerabilities and Incidents on Federal Government Systems through Endpoint Detection and Response (October 8, 2021) (3 Pages, 157 KB)
• M-21-31 Improving the Federal Government’s Investigative and Remediation Capabilities Related to Cybersecurity Incident (August 27, 2021) (44 Pages, 1,601 KB)
• M-21-30 Protecting Critical Software Through Enhanced Security Measures (August 10, 2021) (4 Pages, 715 KB)
• Security Authorization of Information Systems in Cloud Computing Environments (December 8, 2011) (7 Pages, 203 KB)

Back to top

---

Circulars

A complete list of OMB circulars is available for your review on the WhiteHouse.gov site. Listed here are circulars related to OFCIO initiatives and policy.

• OMB Circular A-16 – Coordination of Geographic Information, and Related Spatial Data Activities
• OMB Circular A-11 – Preparation, Submission and Execution of the Budget
• OMB Circular A-130 – Management of Federal Information Resources

Back to top

---

Strategies and Guides

• Federal Information Technology Operating Plan (June 2022) (12 Pages, 606 KB)
• FY 22 IT Budget – Capital Planning Guidance (November 16, 2020) (58 pages, 1,333 KB)
• FY 21 IT Budget – Capital Planning Guidance (June 28, 2019) (107 pages, 2.01 MB) This document provides reporting requirements for an agency’s IT Investment Portfolio.
• Federal Cloud Computing Strategy (June 24, 2019) (17 pages, 3,086 KB)
• FY 20 IT Budget – Capital Planning Guidance (June 29, 2018) (116 pages, 2.09 MB) This document provides reporting requirements for an agency’s IT Investment Portfolio.
• FY 19 IT Budget – Capital Planning Guidance (August 1, 2017) (126 pages, 1.34 MB) This document provides reporting requirements for an agency’s IT Investment Portfolio.
• FY 18 IT Budget – Capital Planning Guidance (June 30, 2016) (78 pages, 1.48 MB) This document provides reporting requirements for an agency’s IT Investment Portfolio
• FY 18 IT Budget – Capital Planning Guidance without appendices
  • Appendix A. Legal Regulatory Authorities
  • Appendix B. Coding Instructions for Shared Services Investments
  • Appendix C. Definitions
  • Appendix D. IT Security Capability Definitions
  • FY 17 IT Budget – Capital Planning Guidance (June 22, 2015) (45 pages, 1,042 KB) This document provides reporting requirements for an agency’s IT Investment Portfolio.

Strategies and Guides Archive

Back to top

---

Reports

• Report on Post-Quantum Cryptography (July 29, 2024) (16 Pages, 1 MB)
• 2023 FISMA Report to Congress (June 7, 2024) (37 Pages, 1 MB)
• 2022 FISMA Report to Congress (May 1, 2023) (34 Pages, 622 KB)
• FY 2021 FISMA Report to Congress (September 14, 2022) (50 Pages, 1,363 KB)
• FY 2020 FISMA Report to Congress (May 21, 2021, 457KB)
• FY 2019 FISMA Report to Congress (May 27, 2020, 11,236 KB)
• FY 2018 FISMA Report to Congress (August 2019, 3.8 MB)
• Cybersecurity Risk Determination Report (May 2018, 772 KB)
• FY 2017 FISMA Report to Congress (March 2018, 3 MB)
• FY 2016 Annual Report to Congress E-Government Act Implementation (August 2017, 418 KB)
• FY 2015 Annual Report to Congress: E-Government Act Implementation (June 17, 2016, 665 KB)
• 2016 Annual Report to Congress: Federal Information Security Modernization Act (March 18, 2016) (95 pages, 2.3 MB)
• 2015 Annual Report to Congress: Federal Information Security Modernization Act (February 27, 2015) (100 pages, 2.57 MB)

Report Archive

Back to top

---

Resources

Background Laws/Resources

• National Defense Authorization Act (NDAA) for FY 2015 (see Title VIII, Subtitle D for the Federal Information Technology Acquisition Reform Act (FITARA)

• Federal Information Security Modernization Act of 2014
• The E-Government Act of 2002
• Federal Information Security Management Act of 2002

• Government Paperwork Elimination Act of 1998 (GPEA)
• Clinger-Cohen Act of 1996
• Federal Acquisition Streamlining Act of 1994, Title V (FASA V)
• Government Performance Results Act of 1993 (GPRA)
• Federal Enterprise Architecture
• CIO Council Website

Back to top

---

Federal Enterprise Architecture

Guidance

The Common Approach to Federal Enterprise Architecture (May 2, 2012) (PDF, 1.9 MB)
Federal Enterprise Architecture Framework version 2 (January 29, 2013) (PDF, 9.3 MB)

FEA Reference Models

Business Reference Model version 3.1 (May 15, 2013) (PDF, 0.2 MB)
Business Reference Model version 3.1 Taxonomy (May 15, 2013) (PDF, 1.0 MB)
Performance Reference Model version 3 (August 3, 2012) (xlsx, 0.1 MB)

Management Tools

IT Dashboard – Your window into the Federal IT portfolio

Communities

Reference model maintenance process – Update FEA Reference Models

Back to top