[Congressional Bills 118th Congress]
[From the U.S. Government Publishing Office]
[H.R. 1695 Engrossed in House (EH)]
<DOC>
118th CONGRESS
2d Session
H. R. 1695
_______________________________________________________________________
AN ACT
To improve the visibility, accountability, and oversight of agency
software asset management practices, and for other purposes.
Be it enacted by the Senate and House of Representatives of the
United States of America in Congress assembled,
SECTION 1. SHORT TITLE.
This Act may be cited as the ``Strengthening Agency Management and
Oversight of Software Assets Act''.
SEC. 2. DEFINITIONS.
In this Act:
(1) Administrator.--The term ``Administrator'' means the
Administrator of General Services.
(2) Agency.--The term ``agency'' has the meaning given that
term in section 3502 of title 44, United States Code, except
that such term does not include an element of the intelligence
community.
(3) Cloud computing.--The term ``cloud computing'' has the
meaning given the term in Special Publication 800-145 of the
National Institute of Standards and Technology, or any
successor document.
(4) Cloud service provider.--The term ``cloud service
provider'' has the meaning given the term in section 3607(b) of
title 44, United States Code.
(5) Comprehensive assessment.--The term ``comprehensive
assessment'' means a comprehensive assessment conducted
pursuant to section 3(a).
(6) Director.--The term ``Director'' means the Director of
the Office of Management and Budget.
(7) Intelligence community.--The term ``intelligence
community'' has the meaning given the term in section 3 of the
National Security Act of 1947 (50 U.S.C. 3003).
(8) Plan.--The term ``plan'' means the plan developed by a
Chief Information Officer, or equivalent official, pursuant to
section 4(a).
(9) Software entitlement.--The term ``software
entitlement'' means any software that--
(A) has been purchased, leased, or licensed by or
billed to an agency under any contract or other
business arrangement; and
(B) is subject to use limitations.
(10) Software inventory.--The term ``software inventory''
means the software inventory of an agency required pursuant
to--
(A) section 2(b)(2)(A) of the Making Electronic
Government Accountable By Yielding Tangible
Efficiencies Act of 2016 (40 U.S.C. 11302 note; Public
Law 114-210); or
(B) subsequent guidance issued by the Director
pursuant to that Act.
SEC. 3. SOFTWARE INVENTORY UPDATE AND EXPANSION.
(a) In General.--As soon as practicable, and not later than 18
months after the date of enactment of this Act, the Chief Information
Officer of each agency, in consultation with the Chief Financial
Officer, the Chief Acquisition Officer, the Chief Data Officer, and
General Counsel of the agency, or the equivalent officials of the
agency, shall complete a comprehensive assessment of the software paid
for by, in use at, or deployed throughout the agency, which shall
include--
(1) the current software inventory of the agency, including
software entitlements, contracts and other agreements or
arrangements of the agency, and a list of the largest software
entitlements of the agency separated by provider and category
of software;
(2) a comprehensive, detailed accounting of--
(A) any software used by or deployed within the
agency, including software developed or built by the
agency, or by another agency for use by the agency,
including shared services, as of the date of the
comprehensive assessment, including, to the extent
identifiable, the contracts and other agreements or
arrangements used by the agency to acquire, build,
deploy, or use such software;
(B) information and data on software entitlements,
which shall include information on any additional fees
or costs, including fees or costs for the use of cloud
services, that are not included in the initial costs of
the contract, agreement, or arrangement--
(i) for which the agency pays;
(ii) that are not deployed or in use by the
agency; and
(iii) that are billed to the agency under
any contract or business arrangement that
creates duplication, or are otherwise
determined to be unnecessary by the Chief
Information Officer of the agency, or the
equivalent official, in the deployment or use
by the agency; and
(C) the extent--
(i) to which any software paid for, in use,
or deployed throughout the agency is
interoperable; and
(ii) of the efforts of the agency to
improve interoperability of software assets
throughout the agency enterprise;
(3) a categorization of software entitlements of the agency
by cost, volume, and type of software;
(4) a list of any provisions in the software entitlements
of the agency that may restrict how the software can be
deployed, accessed, or used, including any such restrictions on
desktop or server hardware, through a cloud service provider,
or on data ownership or access; and
(5) an analysis addressing--
(A) the accuracy and completeness of the
comprehensive assessment;
(B) agency management of and compliance with all
contracts or other agreements or arrangements that
include or reference software entitlements or software
management within the agency;
(C) the extent to which the agency accurately
captures the total cost of software entitlements and
related costs, including the total cost of upgrades
over the life of a contract, cloud usage costs, and any
other cost associated with the maintenance or servicing
of contracts; and
(D) compliance with software license management
policies of the agency.
(b) Contract Support.--
(1) Authority.--The head of an agency may enter into 1 or
more contracts to support the requirements of subsection (a).
(2) No conflict of interest.--Contracts under paragraph (1)
shall not include contractors with organizational conflicts of
interest, within the meaning given that term under subpart 9.5
of the Federal Acquisition Regulation.
(3) Operational independence.--Over the course of a
comprehensive assessment, contractors hired pursuant to
paragraph (1) shall maintain operational independence from the
integration, management, and operations of the software
inventory and software entitlements of the agency.
(c) Submission.--On the date on which the Chief Information
Officer, Chief Financial Officer, Chief Acquisition Officer, the Chief
Data Officer, and General Counsel of an agency, or the equivalent
officials of the agency, complete the comprehensive assessment, the
Chief Information Officer shall submit the comprehensive assessment to
the head of the agency.
(d) Subsequent Submission.--Not later than 30 days after the date
on which the head of an agency receives the comprehensive assessment
under subsection (c), the head of the agency shall submit the
comprehensive assessment to--
(1) the Director;
(2) the Administrator;
(3) the Comptroller General of the United States;
(4) the Committee on Homeland Security and Governmental
Affairs of the Senate; and
(5) the Committee on Oversight and Accountability of the
House of Representatives.
(e) Consultation.--In order to ensure the utility and
standardization of the comprehensive assessment of each agency,
including to support the development of each plan and the report
required under section 4(e)(2), the Director, in consultation with the
Administrator, shall share information, best practices, and
recommendations relating to the activities performed in the course of a
comprehensive assessment of an agency.
(f) Intelligence Community.--For each element of the intelligence
community, a comprehensive assessment described under subsection (a)
shall be--
(1) conducted separately;
(2) performed only by an entity designated by the head of
the element of the intelligence community, in accordance with
appropriate applicable laws;
(3) performed in such a manner as to ensure appropriate
protection of information which, if disclosed, may adversely
affect national security; and
(4) submitted in summary form, not later than 30 days after
the date on which the head of the element of the intelligence
community receives the assessment, by the head of the element
of the intelligence community to--
(A) the Director;
(B) the Select Committee on Intelligence of the
Senate; and
(C) the Permanent Select Committee on Intelligence
of the House of Representatives.
SEC. 4. SOFTWARE MODERNIZATION PLANNING AT AGENCIES.
(a) In General.--The Chief Information Officer of each agency, in
consultation with the Chief Financial Officer, the Chief Acquisition
Officer, the Chief Data Officer, and the General Counsel of the agency,
or the equivalent officials of the agency, shall use the information
developed pursuant to the comprehensive assessment of the agency to
develop a plan for the agency--
(1) to consolidate software entitlements of the agency;
(2) to ensure that, in order to improve the performance of,
and reduce unnecessary costs to, the agency, the Chief
Information Officer, Chief Data Officer, and Chief Acquisition
Officer of the agency, or the equivalent officers, develop
criteria and procedures for how the agency will adopt cost-
effective acquisition strategies, including enterprise
licensing, across the agency that reduce costs, eliminate
excess licenses, and improve performance; and
(3) to restrict the ability of a bureau, program,
component, or operational entity within the agency to acquire,
use, develop, or otherwise leverage any software entitlement
(or portion thereof) without the approval of the Chief
Information Officer of the agency, in consultation with the
Chief Acquisition Officer of the agency, or the equivalent
officers of the agency.
(b) Plan Requirements.--The plan of an agency shall--
(1) include a detailed strategy for--
(A) the remediation of any software asset
management deficiencies found during the comprehensive
assessment of the agency;
(B) the ongoing maintenance of software asset
management upon the completion of the remediation;
(C) automation of software license management
processes and incorporation of discovery tools across
the agency;
(D) ensuring that officers and employees of the
agency are adequately trained in the policies,
procedures, rules, regulations, and guidance relating
to the software acquisition and development of the
agency before entering into any agreement relating to
any software entitlement (or portion thereof) for the
agency, including training on--
(i) negotiating options within contracts to
address and minimize provisions that restrict
how the agency may deploy, access, or use the
software, including restrictions on deployment,
access, or use on desktop or server hardware
and restrictions on data ownership or access;
(ii) the differences between acquiring
commercial software products and services and
acquiring or building custom software; and
(iii) determining the costs of different
types of licenses and options for adjusting
licenses to meet increasing or decreasing
demand; and
(E) maximizing the effectiveness of software
deployed by the agency, including, to the extent
practicable, leveraging technologies that--
(i) measure actual software usage via
analytics that can identify inefficiencies to
assist in rationalizing software spending;
(ii) allow for segmentation of the user
base;
(iii) support effective governance and
compliance in the use of software; and
(iv) support interoperable capabilities
between software;
(2) identify categories of software the agency could
prioritize for conversion to more cost-effective software
licenses, including enterprise licenses, as the software
entitlements, contracts, and other agreements or arrangements
come up for renewal or renegotiation;
(3) provide an estimate of the costs to move toward more
enterprise, open-source, or other licenses that do not restrict
the use of software by the agency, and the projected cost
savings, efficiency measures, and improvements to agency
performance throughout the total software lifecycle;
(4) identify potential mitigations to minimize software
license restrictions on how such software can be deployed,
accessed, or used, including any mitigations that would
minimize any such restrictions on desktop or server hardware,
through a cloud service provider, or on data ownership or
access;
(5) ensure that the purchase by the agency of any software
is based on publicly available criteria that are not unduly
structured to favor any specific vendor, unless prohibited by
law (including regulation);
(6) include any estimates for additional resources,
services, or support the agency may need to implement the plan;
(7) provide information on the prevalence of software
products in use across multiple software categories; and
(8) include any additional information, data, or analysis
determined necessary by the Chief Information Officer, or other
equivalent official, of the agency.
(c) Support.--The Chief Information Officer, or other equivalent
official, of an agency may request support from the Director and the
Administrator for any analysis or developmental needs to create the
plan of the agency.
(d) Agency Submission.--
(1) In general.--Not later than 1 year after the date on
which the head of an agency submits the comprehensive
assessment pursuant to section 3(d), the head of the agency
shall submit to the Director, the Committee on Homeland
Security and Governmental Affairs of the Senate, and the
Committee on Oversight and Accountability of the House of
Representatives the plan of the agency.
(2) Intelligence community.--Not later than 1 year after
the date on which the head of an element of the intelligence
community submits the summary assessment pursuant to section
3(f)(4), the head of the element shall separately submit the
plan of the element to the Director, the Select Committee on
Intelligence of the Senate, and the Permanent Select Committee
on Intelligence of the House of Representatives.
(e) Consultation and Coordination.--The Director--
(1) in coordination with the Administrator, the Chief
Information Officers Council, the Chief Acquisition Officers
Council, the Chief Data Officers Council, the Chief Financial
Officers Council, and other government and industry
representatives identified by the Director, shall establish
processes, using existing reporting functions, as appropriate,
to identify, define, and harmonize common definitions, terms
and conditions, standardized requirements, and other
information and criteria to support agency heads in developing
and implementing the plans required by this section; and
(2) in coordination with the Administrator, and not later
than 2 years after the date of enactment of this Act, submit to
the Committee on Homeland Security and Governmental Affairs of
the Senate and the Committee on Oversight and Accountability of
the House of Representatives a report detailing recommendations
to leverage Government procurement policies and practices with
respect to software acquired by, developed by, deployed within,
or in use at 1 or more agencies to--
(A) increase the interoperability of software
licenses, including software entitlements and software
built by Government agencies;
(B) consolidate licenses, as appropriate;
(C) reduce costs;
(D) improve performance; and
(E) modernize the management and oversight of
software entitlements and software built by Government
agencies, as identified through an analysis of agency
plans.
SEC. 5. GAO REPORT.
Not later than 3 years after the date of enactment of this Act, the
Comptroller General of the United States shall submit to the Committee
on Homeland Security and Governmental Affairs of the Senate and the
Committee on Oversight and Accountability of the House of
Representatives a report on--
(1) Government-wide trends in agency software asset
management practices;
(2) comparisons of software asset management practices
among agencies;
(3) the establishment by the Director of processes to
identify, define, and harmonize common definitions, terms, and
conditions under section 4(e);
(4) agency compliance with the restrictions on contract
support under section 3(b); and
(5) other analyses of and findings regarding the plans of
agencies, as determined by the Comptroller General of the
United States.
SEC. 6. NO ADDITIONAL FUNDS.
No additional funds are authorized to be appropriated for the
purpose of carrying out this Act.
Passed the House of Representatives December 4, 2024.
Attest:
Clerk.
118th CONGRESS
2d Session
H. R. 1695
_______________________________________________________________________
AN ACT
To improve the visibility, accountability, and oversight of agency
software asset management practices, and for other purposes.