| 1 | 1 | | I |
|---|
| 2 | 2 | | 119THCONGRESS |
|---|
| 3 | 3 | | 1 |
|---|
| 4 | 4 | | STSESSION H. R. 2417 |
|---|
| 5 | 5 | | To improve the visibility, accountability, and oversight of agency software |
|---|
| 6 | 6 | | asset management practices, and for other purposes. |
|---|
| 7 | 7 | | IN THE HOUSE OF REPRESENTATIVES |
|---|
| 8 | 8 | | MARCH27, 2025 |
|---|
| 9 | 9 | | Mr. C |
|---|
| 10 | 10 | | ONNOLLY(for himself, Mr. FALLON, Mrs. MCCLAINDELANEY, and Ms. |
|---|
| 11 | 11 | | M |
|---|
| 12 | 12 | | ACE) introduced the following bill; which was referred to the Committee |
|---|
| 13 | 13 | | on Oversight and Government Reform |
|---|
| 14 | 14 | | A BILL |
|---|
| 15 | 15 | | To improve the visibility, accountability, and oversight of |
|---|
| 16 | 16 | | agency software asset management practices, and for |
|---|
| 17 | 17 | | other purposes. |
|---|
| 18 | 18 | | Be it enacted by the Senate and House of Representa-1 |
|---|
| 19 | 19 | | tives of the United States of America in Congress assembled, 2 |
|---|
| 20 | 20 | | SECTION 1. SHORT TITLE. 3 |
|---|
| 21 | 21 | | This Act may be cited as the ‘‘Strengthening Agency 4 |
|---|
| 22 | 22 | | Management and Oversight of Software Assets Act’’. 5 |
|---|
| 23 | 23 | | SEC. 2. DEFINITIONS. 6 |
|---|
| 24 | 24 | | In this Act: 7 |
|---|
| 25 | 25 | | VerDate Sep 11 2014 23:17 Apr 02, 2025 Jkt 059200 PO 00000 Frm 00001 Fmt 6652 Sfmt 6201 E:\BILLS\H2417.IH H2417 |
|---|
| 26 | 26 | | kjohnson on DSK7ZCZBW3PROD with $$_JOB 2 |
|---|
| 27 | 27 | | •HR 2417 IH |
|---|
| 28 | 28 | | (1) ADMINISTRATOR.—The term ‘‘Adminis-1 |
|---|
| 29 | 29 | | trator’’ means the Administrator of General Serv-2 |
|---|
| 30 | 30 | | ices. 3 |
|---|
| 31 | 31 | | (2) A |
|---|
| 32 | 32 | | GENCY.—The term ‘‘agency’’ has the 4 |
|---|
| 33 | 33 | | meaning given that term in section 3502 of title 44, 5 |
|---|
| 34 | 34 | | United States Code, except that such term does not 6 |
|---|
| 35 | 35 | | include an element of the intelligence community. 7 |
|---|
| 36 | 36 | | (3) C |
|---|
| 37 | 37 | | LOUD COMPUTING .—The term ‘‘cloud 8 |
|---|
| 38 | 38 | | computing’’ has the meaning given the term in Spe-9 |
|---|
| 39 | 39 | | cial Publication 800–145 of the National Institute of 10 |
|---|
| 40 | 40 | | Standards and Technology, or any successor docu-11 |
|---|
| 41 | 41 | | ment. 12 |
|---|
| 42 | 42 | | (4) C |
|---|
| 43 | 43 | | LOUD SERVICE PROVIDER .—The term 13 |
|---|
| 44 | 44 | | ‘‘cloud service provider’’ has the meaning given the 14 |
|---|
| 45 | 45 | | term in section 3607(b) of title 44, United States 15 |
|---|
| 46 | 46 | | Code. 16 |
|---|
| 47 | 47 | | (5) C |
|---|
| 48 | 48 | | OMPREHENSIVE ASSESSMENT .—The term 17 |
|---|
| 49 | 49 | | ‘‘comprehensive assessment’’ means a comprehensive 18 |
|---|
| 50 | 50 | | assessment conducted pursuant to section 3(a). 19 |
|---|
| 51 | 51 | | (6) D |
|---|
| 52 | 52 | | IRECTOR.—The term ‘‘Director’’ means 20 |
|---|
| 53 | 53 | | the Director of the Office of Management and Budg-21 |
|---|
| 54 | 54 | | et. 22 |
|---|
| 55 | 55 | | (7) I |
|---|
| 56 | 56 | | NTELLIGENCE COMMUNITY .—The term 23 |
|---|
| 57 | 57 | | ‘‘intelligence community’’ has the meaning given the 24 |
|---|
| 58 | 58 | | VerDate Sep 11 2014 23:17 Apr 02, 2025 Jkt 059200 PO 00000 Frm 00002 Fmt 6652 Sfmt 6201 E:\BILLS\H2417.IH H2417 |
|---|
| 59 | 59 | | kjohnson on DSK7ZCZBW3PROD with $$_JOB 3 |
|---|
| 60 | 60 | | •HR 2417 IH |
|---|
| 61 | 61 | | term in section 3 of the National Security Act of 1 |
|---|
| 62 | 62 | | 1947 (50 U.S.C. 3003). 2 |
|---|
| 63 | 63 | | (8) P |
|---|
| 64 | 64 | | LAN.—The term ‘‘plan’’ means the plan 3 |
|---|
| 65 | 65 | | developed by a Chief Information Officer, or equiva-4 |
|---|
| 66 | 66 | | lent official, pursuant to section 4(a). 5 |
|---|
| 67 | 67 | | (9) S |
|---|
| 68 | 68 | | OFTWARE ENTITLEMENT .—The term 6 |
|---|
| 69 | 69 | | ‘‘software entitlement’’ means any software that— 7 |
|---|
| 70 | 70 | | (A) has been purchased, leased, or licensed 8 |
|---|
| 71 | 71 | | by or billed to an agency under any contract or 9 |
|---|
| 72 | 72 | | other business arrangement; and 10 |
|---|
| 73 | 73 | | (B) is subject to use limitations. 11 |
|---|
| 74 | 74 | | (10) S |
|---|
| 75 | 75 | | OFTWARE INVENTORY .—The term ‘‘soft-12 |
|---|
| 76 | 76 | | ware inventory’’ means the software inventory of an 13 |
|---|
| 77 | 77 | | agency required pursuant to— 14 |
|---|
| 78 | 78 | | (A) section 2(b)(2)(A) of the Making Elec-15 |
|---|
| 79 | 79 | | tronic Government Accountable By Yielding 16 |
|---|
| 80 | 80 | | Tangible Efficiencies Act of 2016 (40 U.S.C. 17 |
|---|
| 81 | 81 | | 11302 note; Public Law 114–210); or 18 |
|---|
| 82 | 82 | | (B) subsequent guidance issued by the Di-19 |
|---|
| 83 | 83 | | rector pursuant to that Act. 20 |
|---|
| 84 | 84 | | SEC. 3. SOFTWARE INVENTORY UPDATE AND EXPANSION. 21 |
|---|
| 85 | 85 | | (a) I |
|---|
| 86 | 86 | | NGENERAL.—As soon as practicable, and not 22 |
|---|
| 87 | 87 | | later than 18 months after the date of enactment of this 23 |
|---|
| 88 | 88 | | Act, the Chief Information Officer of each agency, in con-24 |
|---|
| 89 | 89 | | sultation with the Chief Financial Officer, the Chief Ac-25 |
|---|
| 90 | 90 | | VerDate Sep 11 2014 23:17 Apr 02, 2025 Jkt 059200 PO 00000 Frm 00003 Fmt 6652 Sfmt 6201 E:\BILLS\H2417.IH H2417 |
|---|
| 91 | 91 | | kjohnson on DSK7ZCZBW3PROD with $$_JOB 4 |
|---|
| 92 | 92 | | •HR 2417 IH |
|---|
| 93 | 93 | | quisition Officer, the Chief Data Officer, and General 1 |
|---|
| 94 | 94 | | Counsel of the agency, or the equivalent officials of the 2 |
|---|
| 95 | 95 | | agency, shall complete a comprehensive assessment of the 3 |
|---|
| 96 | 96 | | software paid for by, in use at, or deployed throughout 4 |
|---|
| 97 | 97 | | the agency, which shall include— 5 |
|---|
| 98 | 98 | | (1) the current software inventory of the agen-6 |
|---|
| 99 | 99 | | cy, including software entitlements, contracts and 7 |
|---|
| 100 | 100 | | other agreements or arrangements of the agency, 8 |
|---|
| 101 | 101 | | and a list of the largest software entitlements of the 9 |
|---|
| 102 | 102 | | agency separated by provider and category of soft-10 |
|---|
| 103 | 103 | | ware; 11 |
|---|
| 104 | 104 | | (2) a comprehensive, detailed accounting of— 12 |
|---|
| 105 | 105 | | (A) any software used by or deployed with-13 |
|---|
| 106 | 106 | | in the agency, including software developed or 14 |
|---|
| 107 | 107 | | built by the agency, or by another agency for 15 |
|---|
| 108 | 108 | | use by the agency, including shared services, as 16 |
|---|
| 109 | 109 | | of the date of the comprehensive assessment, 17 |
|---|
| 110 | 110 | | including, to the extent identifiable, the con-18 |
|---|
| 111 | 111 | | tracts and other agreements or arrangements 19 |
|---|
| 112 | 112 | | used by the agency to acquire, build, deploy, or 20 |
|---|
| 113 | 113 | | use such software; 21 |
|---|
| 114 | 114 | | (B) information and data on software enti-22 |
|---|
| 115 | 115 | | tlements, which shall include information on 23 |
|---|
| 116 | 116 | | any additional fees or costs, including fees or 24 |
|---|
| 117 | 117 | | costs for the use of cloud services, that are not 25 |
|---|
| 118 | 118 | | VerDate Sep 11 2014 23:17 Apr 02, 2025 Jkt 059200 PO 00000 Frm 00004 Fmt 6652 Sfmt 6201 E:\BILLS\H2417.IH H2417 |
|---|
| 119 | 119 | | kjohnson on DSK7ZCZBW3PROD with $$_JOB 5 |
|---|
| 120 | 120 | | •HR 2417 IH |
|---|
| 121 | 121 | | included in the initial costs of the contract, 1 |
|---|
| 122 | 122 | | agreement, or arrangement— 2 |
|---|
| 123 | 123 | | (i) for which the agency pays; 3 |
|---|
| 124 | 124 | | (ii) that are not deployed or in use by 4 |
|---|
| 125 | 125 | | the agency; and 5 |
|---|
| 126 | 126 | | (iii) that are billed to the agency 6 |
|---|
| 127 | 127 | | under any contract or business arrange-7 |
|---|
| 128 | 128 | | ment that creates duplication, or are other-8 |
|---|
| 129 | 129 | | wise determined to be unnecessary by the 9 |
|---|
| 130 | 130 | | Chief Information Officer of the agency, or 10 |
|---|
| 131 | 131 | | the equivalent official, in the deployment 11 |
|---|
| 132 | 132 | | or use by the agency; and 12 |
|---|
| 133 | 133 | | (C) the extent— 13 |
|---|
| 134 | 134 | | (i) to which any software paid for, in 14 |
|---|
| 135 | 135 | | use, or deployed throughout the agency is 15 |
|---|
| 136 | 136 | | interoperable; and 16 |
|---|
| 137 | 137 | | (ii) of the efforts of the agency to im-17 |
|---|
| 138 | 138 | | prove interoperability of software assets 18 |
|---|
| 139 | 139 | | throughout the agency enterprise; 19 |
|---|
| 140 | 140 | | (3) a categorization of software entitlements of 20 |
|---|
| 141 | 141 | | the agency by cost, volume, and type of software; 21 |
|---|
| 142 | 142 | | (4) a list of any provisions in the software enti-22 |
|---|
| 143 | 143 | | tlements of the agency that may restrict how the 23 |
|---|
| 144 | 144 | | software can be deployed, accessed, or used, includ-24 |
|---|
| 145 | 145 | | ing any such restrictions on desktop or server hard-25 |
|---|
| 146 | 146 | | VerDate Sep 11 2014 23:17 Apr 02, 2025 Jkt 059200 PO 00000 Frm 00005 Fmt 6652 Sfmt 6201 E:\BILLS\H2417.IH H2417 |
|---|
| 147 | 147 | | kjohnson on DSK7ZCZBW3PROD with $$_JOB 6 |
|---|
| 148 | 148 | | •HR 2417 IH |
|---|
| 149 | 149 | | ware, through a cloud service provider, or on data 1 |
|---|
| 150 | 150 | | ownership or access; and 2 |
|---|
| 151 | 151 | | (5) an analysis addressing— 3 |
|---|
| 152 | 152 | | (A) the accuracy and completeness of the 4 |
|---|
| 153 | 153 | | comprehensive assessment; 5 |
|---|
| 154 | 154 | | (B) agency management of and compliance 6 |
|---|
| 155 | 155 | | with all contracts or other agreements or ar-7 |
|---|
| 156 | 156 | | rangements that include or reference software 8 |
|---|
| 157 | 157 | | entitlements or software management within 9 |
|---|
| 158 | 158 | | the agency; 10 |
|---|
| 159 | 159 | | (C) the extent to which the agency accu-11 |
|---|
| 160 | 160 | | rately captures the total cost of software enti-12 |
|---|
| 161 | 161 | | tlements and related costs, including the total 13 |
|---|
| 162 | 162 | | cost of upgrades over the life of a contract, 14 |
|---|
| 163 | 163 | | cloud usage costs, and any other cost associated 15 |
|---|
| 164 | 164 | | with the maintenance or servicing of contracts; 16 |
|---|
| 165 | 165 | | and 17 |
|---|
| 166 | 166 | | (D) compliance with software license man-18 |
|---|
| 167 | 167 | | agement policies of the agency. 19 |
|---|
| 168 | 168 | | (b) C |
|---|
| 169 | 169 | | ONTRACTSUPPORT.— 20 |
|---|
| 170 | 170 | | (1) A |
|---|
| 171 | 171 | | UTHORITY.—The head of an agency may 21 |
|---|
| 172 | 172 | | enter into 1 or more contracts to support the re-22 |
|---|
| 173 | 173 | | quirements of subsection (a). 23 |
|---|
| 174 | 174 | | (2) N |
|---|
| 175 | 175 | | O CONFLICT OF INTEREST .—Contracts 24 |
|---|
| 176 | 176 | | under paragraph (1) shall not include contractors 25 |
|---|
| 177 | 177 | | VerDate Sep 11 2014 23:17 Apr 02, 2025 Jkt 059200 PO 00000 Frm 00006 Fmt 6652 Sfmt 6201 E:\BILLS\H2417.IH H2417 |
|---|
| 178 | 178 | | kjohnson on DSK7ZCZBW3PROD with $$_JOB 7 |
|---|
| 179 | 179 | | •HR 2417 IH |
|---|
| 180 | 180 | | with organizational conflicts of interest, within the 1 |
|---|
| 181 | 181 | | meaning given that term under subpart 9.5 of the 2 |
|---|
| 182 | 182 | | Federal Acquisition Regulation. 3 |
|---|
| 183 | 183 | | (3) O |
|---|
| 184 | 184 | | PERATIONAL INDEPENDENCE .—Over the 4 |
|---|
| 185 | 185 | | course of a comprehensive assessment, contractors 5 |
|---|
| 186 | 186 | | hired pursuant to paragraph (1) shall maintain oper-6 |
|---|
| 187 | 187 | | ational independence from the integration, manage-7 |
|---|
| 188 | 188 | | ment, and operations of the software inventory and 8 |
|---|
| 189 | 189 | | software entitlements of the agency. 9 |
|---|
| 190 | 190 | | (c) S |
|---|
| 191 | 191 | | UBMISSION.—On the date on which the Chief In-10 |
|---|
| 192 | 192 | | formation Officer, Chief Financial Officer, Chief Acquisi-11 |
|---|
| 193 | 193 | | tion Officer, the Chief Data Officer, and General Counsel 12 |
|---|
| 194 | 194 | | of an agency, or the equivalent officials of the agency, 13 |
|---|
| 195 | 195 | | complete the comprehensive assessment, the Chief Infor-14 |
|---|
| 196 | 196 | | mation Officer shall submit the comprehensive assessment 15 |
|---|
| 197 | 197 | | to the head of the agency. 16 |
|---|
| 198 | 198 | | (d) S |
|---|
| 199 | 199 | | UBSEQUENTSUBMISSION.—Not later than 30 17 |
|---|
| 200 | 200 | | days after the date on which the head of an agency re-18 |
|---|
| 201 | 201 | | ceives the comprehensive assessment under subsection (c), 19 |
|---|
| 202 | 202 | | the head of the agency shall submit the comprehensive as-20 |
|---|
| 203 | 203 | | sessment to— 21 |
|---|
| 204 | 204 | | (1) the Director; 22 |
|---|
| 205 | 205 | | (2) the Administrator; 23 |
|---|
| 206 | 206 | | (3) the Comptroller General of the United 24 |
|---|
| 207 | 207 | | States; 25 |
|---|
| 208 | 208 | | VerDate Sep 11 2014 23:17 Apr 02, 2025 Jkt 059200 PO 00000 Frm 00007 Fmt 6652 Sfmt 6201 E:\BILLS\H2417.IH H2417 |
|---|
| 209 | 209 | | kjohnson on DSK7ZCZBW3PROD with $$_JOB 8 |
|---|
| 210 | 210 | | •HR 2417 IH |
|---|
| 211 | 211 | | (4) the Committee on Homeland Security and 1 |
|---|
| 212 | 212 | | Governmental Affairs of the Senate; and 2 |
|---|
| 213 | 213 | | (5) the Committee on Oversight and Account-3 |
|---|
| 214 | 214 | | ability of the House of Representatives. 4 |
|---|
| 215 | 215 | | (e) C |
|---|
| 216 | 216 | | ONSULTATION.—In order to ensure the utility 5 |
|---|
| 217 | 217 | | and standardization of the comprehensive assessment of 6 |
|---|
| 218 | 218 | | each agency, including to support the development of each 7 |
|---|
| 219 | 219 | | plan and the report required under section 4(e)(2), the 8 |
|---|
| 220 | 220 | | Director, in consultation with the Administrator, shall 9 |
|---|
| 221 | 221 | | share information, best practices, and recommendations 10 |
|---|
| 222 | 222 | | relating to the activities performed in the course of a com-11 |
|---|
| 223 | 223 | | prehensive assessment of an agency. 12 |
|---|
| 224 | 224 | | (f) I |
|---|
| 225 | 225 | | NTELLIGENCECOMMUNITY.—For each element 13 |
|---|
| 226 | 226 | | of the intelligence community, a comprehensive assess-14 |
|---|
| 227 | 227 | | ment described under subsection (a) shall be— 15 |
|---|
| 228 | 228 | | (1) conducted separately; 16 |
|---|
| 229 | 229 | | (2) performed only by an entity designated by 17 |
|---|
| 230 | 230 | | the head of the element of the intelligence commu-18 |
|---|
| 231 | 231 | | nity, in accordance with appropriate applicable laws; 19 |
|---|
| 232 | 232 | | (3) performed in such a manner as to ensure 20 |
|---|
| 233 | 233 | | appropriate protection of information which, if dis-21 |
|---|
| 234 | 234 | | closed, may adversely affect national security; and 22 |
|---|
| 235 | 235 | | (4) submitted in summary form, not later than 23 |
|---|
| 236 | 236 | | 30 days after the date on which the head of the ele-24 |
|---|
| 237 | 237 | | ment of the intelligence community receives the as-25 |
|---|
| 238 | 238 | | VerDate Sep 11 2014 23:17 Apr 02, 2025 Jkt 059200 PO 00000 Frm 00008 Fmt 6652 Sfmt 6201 E:\BILLS\H2417.IH H2417 |
|---|
| 239 | 239 | | kjohnson on DSK7ZCZBW3PROD with $$_JOB 9 |
|---|
| 240 | 240 | | •HR 2417 IH |
|---|
| 241 | 241 | | sessment, by the head of the element of the intel-1 |
|---|
| 242 | 242 | | ligence community to— 2 |
|---|
| 243 | 243 | | (A) the Director; 3 |
|---|
| 244 | 244 | | (B) the Select Committee on Intelligence 4 |
|---|
| 245 | 245 | | of the Senate; and 5 |
|---|
| 246 | 246 | | (C) the Permanent Select Committee on 6 |
|---|
| 247 | 247 | | Intelligence of the House of Representatives. 7 |
|---|
| 248 | 248 | | SEC. 4. SOFTWARE MODERNIZATION PLANNING AT AGEN-8 |
|---|
| 249 | 249 | | CIES. 9 |
|---|
| 250 | 250 | | (a) I |
|---|
| 251 | 251 | | NGENERAL.—The Chief Information Officer of 10 |
|---|
| 252 | 252 | | each agency, in consultation with the Chief Financial Offi-11 |
|---|
| 253 | 253 | | cer, the Chief Acquisition Officer, the Chief Data Officer, 12 |
|---|
| 254 | 254 | | and the General Counsel of the agency, or the equivalent 13 |
|---|
| 255 | 255 | | officials of the agency, shall use the information developed 14 |
|---|
| 256 | 256 | | pursuant to the comprehensive assessment of the agency 15 |
|---|
| 257 | 257 | | to develop a plan for the agency— 16 |
|---|
| 258 | 258 | | (1) to consolidate software entitlements of the 17 |
|---|
| 259 | 259 | | agency; 18 |
|---|
| 260 | 260 | | (2) to ensure that, in order to improve the per-19 |
|---|
| 261 | 261 | | formance of, and reduce unnecessary costs to, the 20 |
|---|
| 262 | 262 | | agency, the Chief Information Officer, Chief Data 21 |
|---|
| 263 | 263 | | Officer, and Chief Acquisition Officer of the agency, 22 |
|---|
| 264 | 264 | | or the equivalent officers, develop criteria and proce-23 |
|---|
| 265 | 265 | | dures for how the agency will adopt cost-effective ac-24 |
|---|
| 266 | 266 | | quisition strategies, including enterprise licensing, 25 |
|---|
| 267 | 267 | | VerDate Sep 11 2014 23:17 Apr 02, 2025 Jkt 059200 PO 00000 Frm 00009 Fmt 6652 Sfmt 6201 E:\BILLS\H2417.IH H2417 |
|---|
| 268 | 268 | | kjohnson on DSK7ZCZBW3PROD with $$_JOB 10 |
|---|
| 269 | 269 | | •HR 2417 IH |
|---|
| 270 | 270 | | across the agency that reduce costs, eliminate excess 1 |
|---|
| 271 | 271 | | licenses, and improve performance; and 2 |
|---|
| 272 | 272 | | (3) to restrict the ability of a bureau, program, 3 |
|---|
| 273 | 273 | | component, or operational entity within the agency 4 |
|---|
| 274 | 274 | | to acquire, use, develop, or otherwise leverage any 5 |
|---|
| 275 | 275 | | software entitlement (or portion thereof) without the 6 |
|---|
| 276 | 276 | | approval of the Chief Information Officer of the 7 |
|---|
| 277 | 277 | | agency, in consultation with the Chief Acquisition 8 |
|---|
| 278 | 278 | | Officer of the agency, or the equivalent officers of 9 |
|---|
| 279 | 279 | | the agency. 10 |
|---|
| 280 | 280 | | (b) P |
|---|
| 281 | 281 | | LANREQUIREMENTS.—The plan of an agency 11 |
|---|
| 282 | 282 | | shall— 12 |
|---|
| 283 | 283 | | (1) include a detailed strategy for— 13 |
|---|
| 284 | 284 | | (A) the remediation of any software asset 14 |
|---|
| 285 | 285 | | management deficiencies found during the com-15 |
|---|
| 286 | 286 | | prehensive assessment of the agency; 16 |
|---|
| 287 | 287 | | (B) the ongoing maintenance of software 17 |
|---|
| 288 | 288 | | asset management upon the completion of the 18 |
|---|
| 289 | 289 | | remediation; 19 |
|---|
| 290 | 290 | | (C) automation of software license man-20 |
|---|
| 291 | 291 | | agement processes and incorporation of dis-21 |
|---|
| 292 | 292 | | covery tools across the agency; 22 |
|---|
| 293 | 293 | | (D) ensuring that officers and employees 23 |
|---|
| 294 | 294 | | of the agency are adequately trained in the poli-24 |
|---|
| 295 | 295 | | cies, procedures, rules, regulations, and guid-25 |
|---|
| 296 | 296 | | VerDate Sep 11 2014 23:17 Apr 02, 2025 Jkt 059200 PO 00000 Frm 00010 Fmt 6652 Sfmt 6201 E:\BILLS\H2417.IH H2417 |
|---|
| 297 | 297 | | kjohnson on DSK7ZCZBW3PROD with $$_JOB 11 |
|---|
| 298 | 298 | | •HR 2417 IH |
|---|
| 299 | 299 | | ance relating to the software acquisition and 1 |
|---|
| 300 | 300 | | development of the agency before entering into 2 |
|---|
| 301 | 301 | | any agreement relating to any software entitle-3 |
|---|
| 302 | 302 | | ment (or portion thereof) for the agency, in-4 |
|---|
| 303 | 303 | | cluding training on— 5 |
|---|
| 304 | 304 | | (i) negotiating options within con-6 |
|---|
| 305 | 305 | | tracts to address and minimize provisions 7 |
|---|
| 306 | 306 | | that restrict how the agency may deploy, 8 |
|---|
| 307 | 307 | | access, or use the software, including re-9 |
|---|
| 308 | 308 | | strictions on deployment, access, or use on 10 |
|---|
| 309 | 309 | | desktop or server hardware and restric-11 |
|---|
| 310 | 310 | | tions on data ownership or access; 12 |
|---|
| 311 | 311 | | (ii) the differences between acquiring 13 |
|---|
| 312 | 312 | | commercial software products and services 14 |
|---|
| 313 | 313 | | and acquiring or building custom software; 15 |
|---|
| 314 | 314 | | and 16 |
|---|
| 315 | 315 | | (iii) determining the costs of different 17 |
|---|
| 316 | 316 | | types of licenses and options for adjusting 18 |
|---|
| 317 | 317 | | licenses to meet increasing or decreasing 19 |
|---|
| 318 | 318 | | demand; and 20 |
|---|
| 319 | 319 | | (E) maximizing the effectiveness of soft-21 |
|---|
| 320 | 320 | | ware deployed by the agency, including, to the 22 |
|---|
| 321 | 321 | | extent practicable, leveraging technologies 23 |
|---|
| 322 | 322 | | that— 24 |
|---|
| 323 | 323 | | VerDate Sep 11 2014 23:17 Apr 02, 2025 Jkt 059200 PO 00000 Frm 00011 Fmt 6652 Sfmt 6201 E:\BILLS\H2417.IH H2417 |
|---|
| 324 | 324 | | kjohnson on DSK7ZCZBW3PROD with $$_JOB 12 |
|---|
| 325 | 325 | | •HR 2417 IH |
|---|
| 326 | 326 | | (i) measure actual software usage via 1 |
|---|
| 327 | 327 | | analytics that can identify inefficiencies to 2 |
|---|
| 328 | 328 | | assist in rationalizing software spending; 3 |
|---|
| 329 | 329 | | (ii) allow for segmentation of the user 4 |
|---|
| 330 | 330 | | base; 5 |
|---|
| 331 | 331 | | (iii) support effective governance and 6 |
|---|
| 332 | 332 | | compliance in the use of software; and 7 |
|---|
| 333 | 333 | | (iv) support interoperable capabilities 8 |
|---|
| 334 | 334 | | between software; 9 |
|---|
| 335 | 335 | | (2) identify categories of software the agency 10 |
|---|
| 336 | 336 | | could prioritize for conversion to more cost-effective 11 |
|---|
| 337 | 337 | | software licenses, including enterprise licenses, as 12 |
|---|
| 338 | 338 | | the software entitlements, contracts, and other 13 |
|---|
| 339 | 339 | | agreements or arrangements come up for renewal or 14 |
|---|
| 340 | 340 | | renegotiation; 15 |
|---|
| 341 | 341 | | (3) provide an estimate of the costs to move to-16 |
|---|
| 342 | 342 | | ward more enterprise, open-source, or other licenses 17 |
|---|
| 343 | 343 | | that do not restrict the use of software by the agen-18 |
|---|
| 344 | 344 | | cy, and the projected cost savings, efficiency meas-19 |
|---|
| 345 | 345 | | ures, and improvements to agency performance 20 |
|---|
| 346 | 346 | | throughout the total software lifecycle; 21 |
|---|
| 347 | 347 | | (4) identify potential mitigations to minimize 22 |
|---|
| 348 | 348 | | software license restrictions on how such software 23 |
|---|
| 349 | 349 | | can be deployed, accessed, or used, including any 24 |
|---|
| 350 | 350 | | mitigations that would minimize any such restric-25 |
|---|
| 351 | 351 | | VerDate Sep 11 2014 23:17 Apr 02, 2025 Jkt 059200 PO 00000 Frm 00012 Fmt 6652 Sfmt 6201 E:\BILLS\H2417.IH H2417 |
|---|
| 352 | 352 | | kjohnson on DSK7ZCZBW3PROD with $$_JOB 13 |
|---|
| 353 | 353 | | •HR 2417 IH |
|---|
| 354 | 354 | | tions on desktop or server hardware, through a cloud 1 |
|---|
| 355 | 355 | | service provider, or on data ownership or access; 2 |
|---|
| 356 | 356 | | (5) ensure that the purchase by the agency of 3 |
|---|
| 357 | 357 | | any software is based on publicly available criteria 4 |
|---|
| 358 | 358 | | that are not unduly structured to favor any specific 5 |
|---|
| 359 | 359 | | vendor, unless prohibited by law (including regula-6 |
|---|
| 360 | 360 | | tion); 7 |
|---|
| 361 | 361 | | (6) include any estimates for additional re-8 |
|---|
| 362 | 362 | | sources, services, or support the agency may need to 9 |
|---|
| 363 | 363 | | implement the plan; 10 |
|---|
| 364 | 364 | | (7) provide information on the prevalence of 11 |
|---|
| 365 | 365 | | software products in use across multiple software 12 |
|---|
| 366 | 366 | | categories; and 13 |
|---|
| 367 | 367 | | (8) include any additional information, data, or 14 |
|---|
| 368 | 368 | | analysis determined necessary by the Chief Informa-15 |
|---|
| 369 | 369 | | tion Officer, or other equivalent official, of the agen-16 |
|---|
| 370 | 370 | | cy. 17 |
|---|
| 371 | 371 | | (c) S |
|---|
| 372 | 372 | | UPPORT.—The Chief Information Officer, or 18 |
|---|
| 373 | 373 | | other equivalent official, of an agency may request support 19 |
|---|
| 374 | 374 | | from the Director and the Administrator for any analysis 20 |
|---|
| 375 | 375 | | or developmental needs to create the plan of the agency. 21 |
|---|
| 376 | 376 | | (d) A |
|---|
| 377 | 377 | | GENCYSUBMISSION.— 22 |
|---|
| 378 | 378 | | (1) I |
|---|
| 379 | 379 | | N GENERAL.—Not later than 1 year after 23 |
|---|
| 380 | 380 | | the date on which the head of an agency submits the 24 |
|---|
| 381 | 381 | | comprehensive assessment pursuant to section 3(d), 25 |
|---|
| 382 | 382 | | VerDate Sep 11 2014 23:17 Apr 02, 2025 Jkt 059200 PO 00000 Frm 00013 Fmt 6652 Sfmt 6201 E:\BILLS\H2417.IH H2417 |
|---|
| 383 | 383 | | kjohnson on DSK7ZCZBW3PROD with $$_JOB 14 |
|---|
| 384 | 384 | | •HR 2417 IH |
|---|
| 385 | 385 | | the head of the agency shall submit to the Director, 1 |
|---|
| 386 | 386 | | the Committee on Homeland Security and Govern-2 |
|---|
| 387 | 387 | | mental Affairs of the Senate, and the Committee on 3 |
|---|
| 388 | 388 | | Oversight and Accountability of the House of Rep-4 |
|---|
| 389 | 389 | | resentatives the plan of the agency. 5 |
|---|
| 390 | 390 | | (2) I |
|---|
| 391 | 391 | | NTELLIGENCE COMMUNITY .—Not later 6 |
|---|
| 392 | 392 | | than 1 year after the date on which the head of an 7 |
|---|
| 393 | 393 | | element of the intelligence community submits the 8 |
|---|
| 394 | 394 | | summary assessment pursuant to section 3(f)(4), the 9 |
|---|
| 395 | 395 | | head of the element shall separately submit the plan 10 |
|---|
| 396 | 396 | | of the element to the Director, the Select Committee 11 |
|---|
| 397 | 397 | | on Intelligence of the Senate, and the Permanent 12 |
|---|
| 398 | 398 | | Select Committee on Intelligence of the House of 13 |
|---|
| 399 | 399 | | Representatives. 14 |
|---|
| 400 | 400 | | (e) C |
|---|
| 401 | 401 | | ONSULTATION AND COORDINATION.—The Di-15 |
|---|
| 402 | 402 | | rector— 16 |
|---|
| 403 | 403 | | (1) in coordination with the Administrator, the 17 |
|---|
| 404 | 404 | | Chief Information Officers Council, the Chief Acqui-18 |
|---|
| 405 | 405 | | sition Officers Council, the Chief Data Officers 19 |
|---|
| 406 | 406 | | Council, the Chief Financial Officers Council, and 20 |
|---|
| 407 | 407 | | other government and industry representatives iden-21 |
|---|
| 408 | 408 | | tified by the Director, shall establish processes, 22 |
|---|
| 409 | 409 | | using existing reporting functions, as appropriate, to 23 |
|---|
| 410 | 410 | | identify, define, and harmonize common definitions, 24 |
|---|
| 411 | 411 | | terms and conditions, standardized requirements, 25 |
|---|
| 412 | 412 | | VerDate Sep 11 2014 23:17 Apr 02, 2025 Jkt 059200 PO 00000 Frm 00014 Fmt 6652 Sfmt 6201 E:\BILLS\H2417.IH H2417 |
|---|
| 413 | 413 | | kjohnson on DSK7ZCZBW3PROD with $$_JOB 15 |
|---|
| 414 | 414 | | •HR 2417 IH |
|---|
| 415 | 415 | | and other information and criteria to support agency 1 |
|---|
| 416 | 416 | | heads in developing and implementing the plans re-2 |
|---|
| 417 | 417 | | quired by this section; and 3 |
|---|
| 418 | 418 | | (2) in coordination with the Administrator, and 4 |
|---|
| 419 | 419 | | not later than 2 years after the date of enactment 5 |
|---|
| 420 | 420 | | of this Act, submit to the Committee on Homeland 6 |
|---|
| 421 | 421 | | Security and Governmental Affairs of the Senate 7 |
|---|
| 422 | 422 | | and the Committee on Oversight and Accountability 8 |
|---|
| 423 | 423 | | of the House of Representatives a report detailing 9 |
|---|
| 424 | 424 | | recommendations to leverage Government procure-10 |
|---|
| 425 | 425 | | ment policies and practices with respect to software 11 |
|---|
| 426 | 426 | | acquired by, developed by, deployed within, or in use 12 |
|---|
| 427 | 427 | | at 1 or more agencies to— 13 |
|---|
| 428 | 428 | | (A) increase the interoperability of soft-14 |
|---|
| 429 | 429 | | ware licenses, including software entitlements 15 |
|---|
| 430 | 430 | | and software built by Government agencies; 16 |
|---|
| 431 | 431 | | (B) consolidate licenses, as appropriate; 17 |
|---|
| 432 | 432 | | (C) reduce costs; 18 |
|---|
| 433 | 433 | | (D) improve performance; and 19 |
|---|
| 434 | 434 | | (E) modernize the management and over-20 |
|---|
| 435 | 435 | | sight of software entitlements and software 21 |
|---|
| 436 | 436 | | built by Government agencies, as identified 22 |
|---|
| 437 | 437 | | through an analysis of agency plans. 23 |
|---|
| 438 | 438 | | VerDate Sep 11 2014 23:17 Apr 02, 2025 Jkt 059200 PO 00000 Frm 00015 Fmt 6652 Sfmt 6201 E:\BILLS\H2417.IH H2417 |
|---|
| 439 | 439 | | kjohnson on DSK7ZCZBW3PROD with $$_JOB 16 |
|---|
| 440 | 440 | | •HR 2417 IH |
|---|
| 441 | 441 | | SEC. 5. GAO REPORT. 1 |
|---|
| 442 | 442 | | Not later than 3 years after the date of enactment 2 |
|---|
| 443 | 443 | | of this Act, the Comptroller General of the United States 3 |
|---|
| 444 | 444 | | shall submit to the Committee on Homeland Security and 4 |
|---|
| 445 | 445 | | Governmental Affairs of the Senate and the Committee 5 |
|---|
| 446 | 446 | | on Oversight and Accountability of the House of Rep-6 |
|---|
| 447 | 447 | | resentatives a report on— 7 |
|---|
| 448 | 448 | | (1) Government-wide trends in agency software 8 |
|---|
| 449 | 449 | | asset management practices; 9 |
|---|
| 450 | 450 | | (2) comparisons of software asset management 10 |
|---|
| 451 | 451 | | practices among agencies; 11 |
|---|
| 452 | 452 | | (3) the establishment by the Director of proc-12 |
|---|
| 453 | 453 | | esses to identify, define, and harmonize common 13 |
|---|
| 454 | 454 | | definitions, terms, and conditions under section 4(e); 14 |
|---|
| 455 | 455 | | (4) agency compliance with the restrictions on 15 |
|---|
| 456 | 456 | | contract support under section 3(b); and 16 |
|---|
| 457 | 457 | | (5) other analyses of and findings regarding the 17 |
|---|
| 458 | 458 | | plans of agencies, as determined by the Comptroller 18 |
|---|
| 459 | 459 | | General of the United States. 19 |
|---|
| 460 | 460 | | SEC. 6. NO ADDITIONAL FUNDS. 20 |
|---|
| 461 | 461 | | No additional funds are authorized to be appro-21 |
|---|
| 462 | 462 | | priated for the purpose of carrying out this Act. 22 |
|---|
| 463 | 463 | | Æ |
|---|
| 464 | 464 | | VerDate Sep 11 2014 23:17 Apr 02, 2025 Jkt 059200 PO 00000 Frm 00016 Fmt 6652 Sfmt 6301 E:\BILLS\H2417.IH H2417 |
|---|
| 465 | 465 | | kjohnson on DSK7ZCZBW3PROD with $$_JOB |
|---|