114 STAT. 1654A-268 PUBLIC LAW 106-398 —APPENDIX "(C) section 5131 of the Clinger-Cohen Act of 1996 (40 U.S.C. 1441); "(D) sections 5 and 6 of the Computer Security Act of 1987 (40 U.S.C. 1441 note; Public Law 100-235; 101 Stat. 1729); and "(E) related information management laws; and "(6) take any authorized action under section 5113(b)(5) of the Clinger-Cohen Act of 1996 (40 U.S.C. 1413(b)(5)) that the Director considers appropriate, including any action involving the budgetary process or appropriations management process, to enforce accountability of the head of an agency for information resources management, including the requirements of this subchapter, and for the investments made by the agency in information technology, including— "(A) recommending a reduction or an increase in any amount for information resources that the head of the agency proposes for the budget submitted to Congress under section 1105(a) of title 31; "(B) reducing or otherwise adjusting apportionments and reapportionments of appropriations for information resources; and "(C) using other authorized administrative controls over appropriations to restrict the availability of funds for information resources. "(c) The authorities of the Director under this section (other than the authority described in subsection (b)(6))— "(1) shall be delegated to the Secretary of Defense, the Director of Central Intelligence, and another agency head as designated by the President in the case of systems described under subparagraphs (A) and (B) of section 3532(b)(2); "(2) shall be delegated to the Secretary of Defense in the case of systems described under subparagraph (C) of section 3532(b)(2) that are operated by the Department of Defense, a contractor of the Department of Defense, or another entity on behalf of the Department of Defense; and "(3) in the case of all other Federal information systems, may be delegated only to the Deputy Director for Management of the Office of Management and Budget. "§ 3534. Federal agency responsibilities "(a) The head of each agency shall— "(1) be responsible for— - J "(A) adequately ensuring the integrity, confidentiality, authenticity, availability, and nonrepudiation of information and information systems supporting agency operations and assets; "(B) developing and implementing information security policies, procedures, and control techniques sufficient to afford security protections commensurate with the risk and magnitude of the harm resulting from unauthorized disclosure, disruption, modification, or destruction of information collected or maintained by or for the agency; and "(C) ensuring that the agency's information security plan is practiced throughout the life cycle of each agency system; "(2) ensure that appropriate senior agency officials are responsible for—
�
