The CCA generated a number of significant changes in the roles and responsibilities of various Federal agencies in managing acquisition of IT. It elevated overall responsibility to the Director of the Office of Management and Budget (White House). OMB set forth guidelines that must be followed by agencies.
At the agency level, IT management must be integrated into procurement, and procurement of Commercial-off-the-shelf technology was encouraged. CCA required each agency to name a Chief Information Officer (CIO) with the responsibility of "developing, maintaining, and facilitating the implementation of a sound and integrated information technology architecture". The CIO is tasked with advising the agency director and senior staff on all IT issues.
Since these rules went into effect, the agency CIOs also have worked together to form the Federal CIO Council. Initially an informal group, the council's existence became codified into law by Congress in the [E-Government Act of 2002]. Official duties for the council include developing recommendations for government information technology management policies, procedures, and standards; identifying opportunities to share information resources; and assessing and addressing the needs of the Federal Government's IT workforce.
In general, National Security Systems (NSS), as defined in the E-Government Act of 2002, are exempt from the Act. However, there are specific exceptions to this exemption regarding: 1) capital planning and investment control (CPIC); 2) performance- and results-based management; agency Chief Information Officer (CIO) responsibilities; and 4) accountability.
In the Department of Defense, the Assistant Secretary of Defense for Networks & Information Integration (or ASD(NII)) has been designated as the DoD Chief Information Officer and provides management and oversight of all DoD information technology, including national security systems.