What does the Clinger-Cohen Act of 1996 require?

The question calls for understanding how IT governance is handled in federal agencies. The Clinger-Cohen Act of 1996 established a disciplined Capital Planning and Investment Control process to manage IT resources. Agencies must justify, plan, acquire, use, maintain, and dispose of IT investments through CPIC and ensure these investments align with the agency’s enterprise architecture planning. This alignment helps ensure IT projects support mission needs, are coordinated across the organization, and are subject to proper oversight and accountability. The act is tied to guidance like OMB Circular A-130, which details how information resource management, CPIC, and enterprise architecture should be implemented. The other options aren’t requirements of this act—there’s no blanket mandate for cloud migration within five years, universal encryption of all data at rest, or annual independent security audits under Clinger-Cohen.