US
Us Congress House Bill HB5218

Us Congress 2023-2024 Regular Session

Us Congress House Bill HB5218 Compare Versions

Only one version of the bill is available at this time.
OldNewDifferences
11 I
22 118THCONGRESS
33 1
44 STSESSION H. R. 5218
55 To amend the Carl Levin and Howard P. ‘‘Buck’’ McKeon National Defense
66 Authorization Act for Fiscal Year 2015 to modify requirements relating
77 to data centers of certain Federal agencies, and for other purposes.
88 IN THE HOUSE OF REPRESENTATIVES
99 AUGUST15, 2023
1010 Mr. N
1111 EGUSE(for himself and Mr. LALOTA) introduced the following bill;
1212 which was referred to the Committee on Oversight and Accountability
1313 A BILL
1414 To amend the Carl Levin and Howard P. ‘‘Buck’’ McKeon
1515 National Defense Authorization Act for Fiscal Year 2015
1616 to modify requirements relating to data centers of certain
1717 Federal agencies, and for other purposes.
1818 Be it enacted by the Senate and House of Representa-1
1919 tives of the United States of America in Congress assembled, 2
2020 SECTION 1. SHORT TITLE. 3
2121 This Act may be cited as the ‘‘Federal Data Center 4
2222 Enhancement Act of 2023’’. 5
2323 SEC. 2. FEDERAL DATA CENTER CONSOLIDATION INITIA-6
2424 TIVE AMENDMENTS. 7
2525 (a) F
2626 INDINGS.—Congress finds the following: 8
2727 VerDate Sep 11 2014 00:14 Aug 23, 2023 Jkt 039200 PO 00000 Frm 00001 Fmt 6652 Sfmt 6201 E:\BILLS\H5218.IH H5218
2828 kjohnson on DSK79L0C42PROD with BILLS 2
2929 •HR 5218 IH
3030 (1) The statutory authorization for the Federal 1
3131 Data Center Optimization Initiative under section 2
3232 834 of the Carl Levin and Howard P. ‘‘Buck’’ 3
3333 McKeon National Defense Authorization Act for 4
3434 Fiscal Year 2015 (44 U.S.C. 3601 note; Public Law 5
3535 113–291) expires at the end of fiscal year 2022. 6
3636 (2) The expiration of the authorization de-7
3737 scribed in paragraph (1) presents Congress with an 8
3838 opportunity to review the objectives of the Federal 9
3939 Data Center Optimization Initiative to ensure that 10
4040 the initiative is meeting the current needs of the 11
4141 Federal Government. 12
4242 (3) The initial focus of the Federal Data Center 13
4343 Optimization Initiative, which was to consolidate 14
4444 data centers and create new efficiencies, has resulted 15
4545 in, since 2010— 16
4646 (A) the consolidation of more than 6,000 17
4747 Federal data centers; and 18
4848 (B) cost savings and avoidance of 19
4949 $5,800,000,000. 20
5050 (4) The need of the Federal Government for ac-21
5151 cess to data and data processing systems has evolved 22
5252 since the date of enactment in 2014 of subtitle D of 23
5353 title VIII of the Carl Levin and Howard P. ‘‘Buck’’ 24
5454 VerDate Sep 11 2014 00:14 Aug 23, 2023 Jkt 039200 PO 00000 Frm 00002 Fmt 6652 Sfmt 6201 E:\BILLS\H5218.IH H5218
5555 kjohnson on DSK79L0C42PROD with BILLS 3
5656 •HR 5218 IH
5757 McKeon National Defense Authorization Act for 1
5858 Fiscal Year 2015. 2
5959 (5) Federal agencies and employees involved in 3
6060 mission critical functions increasingly need reliable 4
6161 access to secure, reliable, sustainable, and protected 5
6262 facilities to house mission critical data and data op-6
6363 erations to meet the immediate needs of the people 7
6464 of the United States. 8
6565 (6) As of the date of enactment of this Act, 9
6666 there is a growing need for Federal agencies to use 10
6767 data centers and cloud applications that meet high 11
6868 standards for cybersecurity, resiliency, availability, 12
6969 and sustainability. 13
7070 (b) M
7171 INIMUMREQUIREMENTS FOR NEWDATACEN-14
7272 TERS.—Section 834 of the Carl Levin and Howard P. 15
7373 ‘‘Buck’’ McKeon National Defense Authorization Act for 16
7474 Fiscal Year 2015 (44 U.S.C. 3601 note; Public Law 113– 17
7575 291) is amended— 18
7676 (1) in subsection (a), by striking paragraphs 19
7777 (3) and (4) and inserting the following: 20
7878 ‘‘(3) N
7979 EW DATA CENTER.—The term ‘new data 21
8080 center’ means— 22
8181 ‘‘(A)(i) a data center or a portion thereof 23
8282 that is owned, operated, or maintained by a 24
8383 covered agency; or 25
8484 VerDate Sep 11 2014 00:14 Aug 23, 2023 Jkt 039200 PO 00000 Frm 00003 Fmt 6652 Sfmt 6201 E:\BILLS\H5218.IH H5218
8585 kjohnson on DSK79L0C42PROD with BILLS 4
8686 •HR 5218 IH
8787 ‘‘(ii) to the extent practicable, a data cen-1
8888 ter or portion thereof— 2
8989 ‘‘(I) that is owned, operated, or main-3
9090 tained by a contractor on behalf of a cov-4
9191 ered agency on the date on which the con-5
9292 tract between the covered agency and the 6
9393 contractor expires; and 7
9494 ‘‘(II) with respect to which the cov-8
9595 ered agency extends the contract, or enters 9
9696 into a new contract, with the contractor; 10
9797 and 11
9898 ‘‘(B) on or after the date that is 180 days 12
9999 after the date of enactment of the Federal Data 13
100100 Center Enhancement Act of 2023, a data cen-14
101101 ter or portion thereof that is— 15
102102 ‘‘(i) established; or 16
103103 ‘‘(ii) substantially upgraded or ex-17
104104 panded.’’; 18
105105 (2) by striking subsection (b) and inserting the 19
106106 following: 20
107107 ‘‘(b) M
108108 INIMUMREQUIREMENTS FOR NEWDATA 21
109109 C
110110 ENTERS.— 22
111111 ‘‘(1) I
112112 N GENERAL.—Not later than 180 days 23
113113 after the date of enactment of the Federal Data 24
114114 Center Enhancement Act of 2023, the Administrator 25
115115 VerDate Sep 11 2014 00:14 Aug 23, 2023 Jkt 039200 PO 00000 Frm 00004 Fmt 6652 Sfmt 6201 E:\BILLS\H5218.IH H5218
116116 kjohnson on DSK79L0C42PROD with BILLS 5
117117 •HR 5218 IH
118118 shall establish minimum requirements for new data 1
119119 centers in consultation with the Administrator of 2
120120 General Services and the Federal Chief Information 3
121121 Officers Council. 4
122122 ‘‘(2) C
123123 ONTENTS.— 5
124124 ‘‘(A) I
125125 N GENERAL.—The minimum re-6
126126 quirements established under paragraph (1) 7
127127 shall include requirements relating to— 8
128128 ‘‘(i) the availability of new data cen-9
129129 ters; 10
130130 ‘‘(ii) the use of new data centers; 11
131131 ‘‘(iii) the use of sustainable energy 12
132132 sources; 13
133133 ‘‘(iv) uptime percentage; 14
134134 ‘‘(v) protections against power fail-15
135135 ures, including on-site energy generation 16
136136 and access to multiple transmission paths; 17
137137 ‘‘(vi) protections against physical in-18
138138 trusions and natural disasters; 19
139139 ‘‘(vii) information security protections 20
140140 required by subchapter II of chapter 35 of 21
141141 title 44, United States Code, and other ap-22
142142 plicable law and policy; and 23
143143 ‘‘(viii) any other requirements the Ad-24
144144 ministrator determines appropriate. 25
145145 VerDate Sep 11 2014 00:14 Aug 23, 2023 Jkt 039200 PO 00000 Frm 00005 Fmt 6652 Sfmt 6201 E:\BILLS\H5218.IH H5218
146146 kjohnson on DSK79L0C42PROD with BILLS 6
147147 •HR 5218 IH
148148 ‘‘(B) CONSULTATION.—In establishing the 1
149149 requirements described in subparagraph 2
150150 (A)(vii), the Administrator shall consult with 3
151151 the Director of the Cybersecurity and Infra-4
152152 structure Security Agency and the National 5
153153 Cyber Director. 6
154154 ‘‘(3) I
155155 NCORPORATION OF MINIMUM REQUIRE -7
156156 MENTS INTO CURRENT DATA CENTERS .—As soon as 8
157157 practicable, and in any case not later than 90 days 9
158158 after the Administrator establishes the minimum re-10
159159 quirements pursuant to paragraph (1), the Adminis-11
160160 trator shall issue guidance to ensure, as appropriate, 12
161161 that covered agencies incorporate the minimum re-13
162162 quirements established under that paragraph into 14
163163 the operations of any data center of a covered agen-15
164164 cy existing as of the date of enactment of the Fed-16
165165 eral Data Center Enhancement Act of 2023. 17
166166 ‘‘(4) R
167167 EVIEW OF REQUIREMENTS .—The Admin-18
168168 istrator, in consultation with the Administrator of 19
169169 General Services and the Federal Chief Information 20
170170 Officers Council, shall review, update, and modify 21
171171 the minimum requirements established under para-22
172172 graph (1), as necessary. 23
173173 ‘‘(5) R
174174 EPORT ON NEW DATA CENTERS .—During 24
175175 the development and planning lifecycle of a new data 25
176176 VerDate Sep 11 2014 00:14 Aug 23, 2023 Jkt 039200 PO 00000 Frm 00006 Fmt 6652 Sfmt 6201 E:\BILLS\H5218.IH H5218
177177 kjohnson on DSK79L0C42PROD with BILLS 7
178178 •HR 5218 IH
179179 center, if the head of a covered agency determines 1
180180 that the covered agency is likely to make a manage-2
181181 ment or financial decision relating to any data cen-3
182182 ter, the head of the covered agency shall— 4
183183 ‘‘(A) notify— 5
184184 ‘‘(i) the Administrator; 6
185185 ‘‘(ii) Committee on Homeland Secu-7
186186 rity and Governmental Affairs of the Sen-8
187187 ate; and 9
188188 ‘‘(iii) Committee on Oversight and Ac-10
189189 countability of the House of Representa-11
190190 tives; and 12
191191 ‘‘(B) describe in the notification with suffi-13
192192 cient detail how the covered agency intends to 14
193193 comply with the minimum requirements estab-15
194194 lished under paragraph (1). 16
195195 ‘‘(6) U
196196 SE OF TECHNOLOGY .—In determining 17
197197 whether to establish or continue to operate an exist-18
198198 ing data center, the head of a covered agency shall— 19
199199 ‘‘(A) regularly assess the application port-20
200200 folio of the covered agency and ensure that each 21
201201 at-risk legacy application is updated, replaced, 22
202202 or modernized, as appropriate, to take advan-23
203203 tage of modern technologies; and 24
204204 VerDate Sep 11 2014 00:14 Aug 23, 2023 Jkt 039200 PO 00000 Frm 00007 Fmt 6652 Sfmt 6201 E:\BILLS\H5218.IH H5218
205205 kjohnson on DSK79L0C42PROD with BILLS 8
206206 •HR 5218 IH
207207 ‘‘(B) prioritize and, to the greatest extent 1
208208 possible, leverage commercial cloud environ-2
209209 ments rather than acquiring, overseeing, or 3
210210 managing custom data center infrastructure. 4
211211 ‘‘(7) P
212212 UBLIC WEBSITE.— 5
213213 ‘‘(A) I
214214 N GENERAL.—The Administrator 6
215215 shall maintain a public-facing website that in-7
216216 cludes information, data, and explanatory state-8
217217 ments relating to the compliance of covered 9
218218 agencies with the requirements of this section. 10
219219 ‘‘(B) P
220220 ROCESSES AND PROCEDURES .—In 11
221221 maintaining the website described in subpara-12
222222 graph (A), the Administrator shall— 13
223223 ‘‘(i) ensure covered agencies regularly, 14
224224 and not less frequently than biannually, 15
225225 update the information, data, and explana-16
226226 tory statements posed on the website, pur-17
227227 suant to guidance issued by the Adminis-18
228228 trator, relating to any new data centers 19
229229 and, as appropriate, each existing data 20
230230 center of the covered agency; and 21
231231 ‘‘(ii) ensure that all information, data, 22
232232 and explanatory statements on the website 23
233233 are maintained as open Government data 24
234234 assets.’’; and 25
235235 VerDate Sep 11 2014 00:14 Aug 23, 2023 Jkt 039200 PO 00000 Frm 00008 Fmt 6652 Sfmt 6201 E:\BILLS\H5218.IH H5218
236236 kjohnson on DSK79L0C42PROD with BILLS 9
237237 •HR 5218 IH
238238 (3) in subsection (c), by striking paragraph (1) 1
239239 and inserting the following: 2
240240 ‘‘(1) I
241241 N GENERAL.—The head of a covered 3
242242 agency shall oversee and manage the data center 4
243243 portfolio and the information technology strategy of 5
244244 the covered agency in accordance with Federal cy-6
245245 bersecurity guidelines and directives, including— 7
246246 ‘‘(A) information security standards and 8
247247 guidelines promulgated by the Director of the 9
248248 National Institute of Standards and Tech-10
249249 nology; 11
250250 ‘‘(B) applicable requirements and guidance 12
251251 issued by the Director of the Office of Manage-13
252252 ment and Budget pursuant to section 3614 of 14
253253 title 44, United States Code; and 15
254254 ‘‘(C) directives issued by the Secretary of 16
255255 Homeland Security under section 3553 of title 17
256256 44, United States Code.’’. 18
257257 (c) E
258258 XTENSION OFSUNSET.—Section 834(e) of the 19
259259 Carl Levin and Howard P. ‘‘Buck’’ McKeon National De-20
260260 fense Authorization Act for Fiscal Year 2015 (44 U.S.C. 21
261261 3601 note; Public Law 113–291) is amended by striking 22
262262 ‘‘2022’’ and inserting ‘‘2026’’. 23
263263 (d) GAO R
264264 EVIEW.—Not later than 1 year after the 24
265265 date of the enactment of this Act, and annually thereafter, 25
266266 VerDate Sep 11 2014 00:14 Aug 23, 2023 Jkt 039200 PO 00000 Frm 00009 Fmt 6652 Sfmt 6201 E:\BILLS\H5218.IH H5218
267267 kjohnson on DSK79L0C42PROD with BILLS 10
268268 •HR 5218 IH
269269 the Comptroller General of the United States shall review, 1
270270 verify, and audit the compliance of covered agencies with 2
271271 the minimum requirements established pursuant to section 3
272272 834(b)(1) of the Carl Levin and Howard P. ‘‘Buck’’ 4
273273 McKeon National Defense Authorization Act for Fiscal 5
274274 Year 2015 (44 U.S.C. 3601 note; Public Law 113–291) 6
275275 for new data centers and subsection (b)(3) of that Act for 7
276276 existing data centers, as appropriate. 8
277277 Æ
278278 VerDate Sep 11 2014 00:14 Aug 23, 2023 Jkt 039200 PO 00000 Frm 00010 Fmt 6652 Sfmt 6301 E:\BILLS\H5218.IH H5218
279279 kjohnson on DSK79L0C42PROD with BILLS