(a) Division A, Section 101(h), Title VI, Section 622 of the Omnibus Appropriations and Authorization Act for Fiscal Year 1999 (Pub. L. 105-277) requires that agencies may not use appropriated funds to acquire information technology that does not comply with 39.106, unless the agency’s Chief Information Officer determines that noncompliance with 39.106 is necessary to the function and operation of the agency or the acquisition is required by a contract in effect before October 21, 1998. The Chief Information Officer must send to the Office of Management and Budget a copy of all waivers for forwarding to Congress.
(1) In acquiring information technology, agencies shall identify their requirements pursuant to-
(i) OMB Circular A-130, including consideration of security of resources, protection of privacy, national security and emergency preparedness, accommodations for individuals with disabilities, and energy efficiency; and
(ii) Standards for environmental assessment of personal computer products (see 23.705).
(2) When developing an acquisition strategy, contracting officers should consider the rapidly changing nature of information technology through market research (see Part 10) and the application of technology refreshment techniques.
(b) Agencies must follow OMB Circular A-127, Financial Management Systems, when acquiring financial management systems. Agencies may acquire only core financial management software certified by the Joint Financial Management Improvement Program.
(c) In acquiring information technology, agencies shall include the appropriate information technology security policies and requirements, including use of common security configurations available from the National Institute of Standards and Technology’s website at http://checklists.nist.gov . Agency contracting officers should consult with the requiring official to ensure the appropriate standards are incorporated.
(d) When acquiring information technology using Internet Protocol, agencies must include the appropriate Internet Protocol compliance requirements in accordance with 11.002(g).