[Congressional Bills 118th Congress]
[From the U.S. Government Publishing Office]
[H.R. 1695 Placed on Calendar Senate (PCS)]

<DOC>





                                                       Calendar No. 666
118th CONGRESS
  2d Session
                                H. R. 1695


_______________________________________________________________________


                   IN THE SENATE OF THE UNITED STATES

                            December 5, 2024

            Received; read twice and placed on the calendar

_______________________________________________________________________

                                 AN ACT


 
  To improve the visibility, accountability, and oversight of agency 
      software asset management practices, and for other purposes.

    Be it enacted by the Senate and House of Representatives of the 
United States of America in Congress assembled,

SECTION 1. SHORT TITLE.

    This Act may be cited as the ``Strengthening Agency Management and 
Oversight of Software Assets Act''.

SEC. 2. DEFINITIONS.

    In this Act:
            (1) Administrator.--The term ``Administrator'' means the 
        Administrator of General Services.
            (2) Agency.--The term ``agency'' has the meaning given that 
        term in section 3502 of title 44, United States Code, except 
        that such term does not include an element of the intelligence 
        community.
            (3) Cloud computing.--The term ``cloud computing'' has the 
        meaning given the term in Special Publication 800-145 of the 
        National Institute of Standards and Technology, or any 
        successor document.
            (4) Cloud service provider.--The term ``cloud service 
        provider'' has the meaning given the term in section 3607(b) of 
        title 44, United States Code.
            (5) Comprehensive assessment.--The term ``comprehensive 
        assessment'' means a comprehensive assessment conducted 
        pursuant to section 3(a).
            (6) Director.--The term ``Director'' means the Director of 
        the Office of Management and Budget.
            (7) Intelligence community.--The term ``intelligence 
        community'' has the meaning given the term in section 3 of the 
        National Security Act of 1947 (50 U.S.C. 3003).
            (8) Plan.--The term ``plan'' means the plan developed by a 
        Chief Information Officer, or equivalent official, pursuant to 
        section 4(a).
            (9) Software entitlement.--The term ``software 
        entitlement'' means any software that--
                    (A) has been purchased, leased, or licensed by or 
                billed to an agency under any contract or other 
                business arrangement; and
                    (B) is subject to use limitations.
            (10) Software inventory.--The term ``software inventory'' 
        means the software inventory of an agency required pursuant 
        to--
                    (A) section 2(b)(2)(A) of the Making Electronic 
                Government Accountable By Yielding Tangible 
                Efficiencies Act of 2016 (40 U.S.C. 11302 note; Public 
                Law 114-210); or
                    (B) subsequent guidance issued by the Director 
                pursuant to that Act.

SEC. 3. SOFTWARE INVENTORY UPDATE AND EXPANSION.

    (a) In General.--As soon as practicable, and not later than 18 
months after the date of enactment of this Act, the Chief Information 
Officer of each agency, in consultation with the Chief Financial 
Officer, the Chief Acquisition Officer, the Chief Data Officer, and 
General Counsel of the agency, or the equivalent officials of the 
agency, shall complete a comprehensive assessment of the software paid 
for by, in use at, or deployed throughout the agency, which shall 
include--
            (1) the current software inventory of the agency, including 
        software entitlements, contracts and other agreements or 
        arrangements of the agency, and a list of the largest software 
        entitlements of the agency separated by provider and category 
        of software;
            (2) a comprehensive, detailed accounting of--
                    (A) any software used by or deployed within the 
                agency, including software developed or built by the 
                agency, or by another agency for use by the agency, 
                including shared services, as of the date of the 
                comprehensive assessment, including, to the extent 
                identifiable, the contracts and other agreements or 
                arrangements used by the agency to acquire, build, 
                deploy, or use such software;
                    (B) information and data on software entitlements, 
                which shall include information on any additional fees 
                or costs, including fees or costs for the use of cloud 
                services, that are not included in the initial costs of 
                the contract, agreement, or arrangement--
                            (i) for which the agency pays;
                            (ii) that are not deployed or in use by the 
                        agency; and
                            (iii) that are billed to the agency under 
                        any contract or business arrangement that 
                        creates duplication, or are otherwise 
                        determined to be unnecessary by the Chief 
                        Information Officer of the agency, or the 
                        equivalent official, in the deployment or use 
                        by the agency; and
                    (C) the extent--
                            (i) to which any software paid for, in use, 
                        or deployed throughout the agency is 
                        interoperable; and
                            (ii) of the efforts of the agency to 
                        improve interoperability of software assets 
                        throughout the agency enterprise;
            (3) a categorization of software entitlements of the agency 
        by cost, volume, and type of software;
            (4) a list of any provisions in the software entitlements 
        of the agency that may restrict how the software can be 
        deployed, accessed, or used, including any such restrictions on 
        desktop or server hardware, through a cloud service provider, 
        or on data ownership or access; and
            (5) an analysis addressing--
                    (A) the accuracy and completeness of the 
                comprehensive assessment;
                    (B) agency management of and compliance with all 
                contracts or other agreements or arrangements that 
                include or reference software entitlements or software 
                management within the agency;
                    (C) the extent to which the agency accurately 
                captures the total cost of software entitlements and 
                related costs, including the total cost of upgrades 
                over the life of a contract, cloud usage costs, and any 
                other cost associated with the maintenance or servicing 
                of contracts; and
                    (D) compliance with software license management 
                policies of the agency.
    (b) Contract Support.--
            (1) Authority.--The head of an agency may enter into 1 or 
        more contracts to support the requirements of subsection (a).
            (2) No conflict of interest.--Contracts under paragraph (1) 
        shall not include contractors with organizational conflicts of 
        interest, within the meaning given that term under subpart 9.5 
        of the Federal Acquisition Regulation.
            (3) Operational independence.--Over the course of a 
        comprehensive assessment, contractors hired pursuant to 
        paragraph (1) shall maintain operational independence from the 
        integration, management, and operations of the software 
        inventory and software entitlements of the agency.
    (c) Submission.--On the date on which the Chief Information 
Officer, Chief Financial Officer, Chief Acquisition Officer, the Chief 
Data Officer, and General Counsel of an agency, or the equivalent 
officials of the agency, complete the comprehensive assessment, the 
Chief Information Officer shall submit the comprehensive assessment to 
the head of the agency.
    (d) Subsequent Submission.--Not later than 30 days after the date 
on which the head of an agency receives the comprehensive assessment 
under subsection (c), the head of the agency shall submit the 
comprehensive assessment to--
            (1) the Director;
            (2) the Administrator;
            (3) the Comptroller General of the United States;
            (4) the Committee on Homeland Security and Governmental 
        Affairs of the Senate; and
            (5) the Committee on Oversight and Accountability of the 
        House of Representatives.
    (e) Consultation.--In order to ensure the utility and 
standardization of the comprehensive assessment of each agency, 
including to support the development of each plan and the report 
required under section 4(e)(2), the Director, in consultation with the 
Administrator, shall share information, best practices, and 
recommendations relating to the activities performed in the course of a 
comprehensive assessment of an agency.
    (f) Intelligence Community.--For each element of the intelligence 
community, a comprehensive assessment described under subsection (a) 
shall be--
            (1) conducted separately;
            (2) performed only by an entity designated by the head of 
        the element of the intelligence community, in accordance with 
        appropriate applicable laws;
            (3) performed in such a manner as to ensure appropriate 
        protection of information which, if disclosed, may adversely 
        affect national security; and
            (4) submitted in summary form, not later than 30 days after 
        the date on which the head of the element of the intelligence 
        community receives the assessment, by the head of the element 
        of the intelligence community to--
                    (A) the Director;
                    (B) the Select Committee on Intelligence of the 
                Senate; and
                    (C) the Permanent Select Committee on Intelligence 
                of the House of Representatives.

SEC. 4. SOFTWARE MODERNIZATION PLANNING AT AGENCIES.

    (a) In General.--The Chief Information Officer of each agency, in 
consultation with the Chief Financial Officer, the Chief Acquisition 
Officer, the Chief Data Officer, and the General Counsel of the agency, 
or the equivalent officials of the agency, shall use the information 
developed pursuant to the comprehensive assessment of the agency to 
develop a plan for the agency--
            (1) to consolidate software entitlements of the agency;
            (2) to ensure that, in order to improve the performance of, 
        and reduce unnecessary costs to, the agency, the Chief 
        Information Officer, Chief Data Officer, and Chief Acquisition 
        Officer of the agency, or the equivalent officers, develop 
        criteria and procedures for how the agency will adopt cost-
        effective acquisition strategies, including enterprise 
        licensing, across the agency that reduce costs, eliminate 
        excess licenses, and improve performance; and
            (3) to restrict the ability of a bureau, program, 
        component, or operational entity within the agency to acquire, 
        use, develop, or otherwise leverage any software entitlement 
        (or portion thereof) without the approval of the Chief 
        Information Officer of the agency, in consultation with the 
        Chief Acquisition Officer of the agency, or the equivalent 
        officers of the agency.
    (b) Plan Requirements.--The plan of an agency shall--
            (1) include a detailed strategy for--
                    (A) the remediation of any software asset 
                management deficiencies found during the comprehensive 
                assessment of the agency;
                    (B) the ongoing maintenance of software asset 
                management upon the completion of the remediation;
                    (C) automation of software license management 
                processes and incorporation of discovery tools across 
                the agency;
                    (D) ensuring that officers and employees of the 
                agency are adequately trained in the policies, 
                procedures, rules, regulations, and guidance relating 
                to the software acquisition and development of the 
                agency before entering into any agreement relating to 
                any software entitlement (or portion thereof) for the 
                agency, including training on--
                            (i) negotiating options within contracts to 
                        address and minimize provisions that restrict 
                        how the agency may deploy, access, or use the 
                        software, including restrictions on deployment, 
                        access, or use on desktop or server hardware 
                        and restrictions on data ownership or access;
                            (ii) the differences between acquiring 
                        commercial software products and services and 
                        acquiring or building custom software; and
                            (iii) determining the costs of different 
                        types of licenses and options for adjusting 
                        licenses to meet increasing or decreasing 
                        demand; and
                    (E) maximizing the effectiveness of software 
                deployed by the agency, including, to the extent 
                practicable, leveraging technologies that--
                            (i) measure actual software usage via 
                        analytics that can identify inefficiencies to 
                        assist in rationalizing software spending;
                            (ii) allow for segmentation of the user 
                        base;
                            (iii) support effective governance and 
                        compliance in the use of software; and
                            (iv) support interoperable capabilities 
                        between software;
            (2) identify categories of software the agency could 
        prioritize for conversion to more cost-effective software 
        licenses, including enterprise licenses, as the software 
        entitlements, contracts, and other agreements or arrangements 
        come up for renewal or renegotiation;
            (3) provide an estimate of the costs to move toward more 
        enterprise, open-source, or other licenses that do not restrict 
        the use of software by the agency, and the projected cost 
        savings, efficiency measures, and improvements to agency 
        performance throughout the total software lifecycle;
            (4) identify potential mitigations to minimize software 
        license restrictions on how such software can be deployed, 
        accessed, or used, including any mitigations that would 
        minimize any such restrictions on desktop or server hardware, 
        through a cloud service provider, or on data ownership or 
        access;
            (5) ensure that the purchase by the agency of any software 
        is based on publicly available criteria that are not unduly 
        structured to favor any specific vendor, unless prohibited by 
        law (including regulation);
            (6) include any estimates for additional resources, 
        services, or support the agency may need to implement the plan;
            (7) provide information on the prevalence of software 
        products in use across multiple software categories; and
            (8) include any additional information, data, or analysis 
        determined necessary by the Chief Information Officer, or other 
        equivalent official, of the agency.
    (c) Support.--The Chief Information Officer, or other equivalent 
official, of an agency may request support from the Director and the 
Administrator for any analysis or developmental needs to create the 
plan of the agency.
    (d) Agency Submission.--
            (1) In general.--Not later than 1 year after the date on 
        which the head of an agency submits the comprehensive 
        assessment pursuant to section 3(d), the head of the agency 
        shall submit to the Director, the Committee on Homeland 
        Security and Governmental Affairs of the Senate, and the 
        Committee on Oversight and Accountability of the House of 
        Representatives the plan of the agency.
            (2) Intelligence community.--Not later than 1 year after 
        the date on which the head of an element of the intelligence 
        community submits the summary assessment pursuant to section 
        3(f)(4), the head of the element shall separately submit the 
        plan of the element to the Director, the Select Committee on 
        Intelligence of the Senate, and the Permanent Select Committee 
        on Intelligence of the House of Representatives.
    (e) Consultation and Coordination.--The Director--
            (1) in coordination with the Administrator, the Chief 
        Information Officers Council, the Chief Acquisition Officers 
        Council, the Chief Data Officers Council, the Chief Financial 
        Officers Council, and other government and industry 
        representatives identified by the Director, shall establish 
        processes, using existing reporting functions, as appropriate, 
        to identify, define, and harmonize common definitions, terms 
        and conditions, standardized requirements, and other 
        information and criteria to support agency heads in developing 
        and implementing the plans required by this section; and
            (2) in coordination with the Administrator, and not later 
        than 2 years after the date of enactment of this Act, submit to 
        the Committee on Homeland Security and Governmental Affairs of 
        the Senate and the Committee on Oversight and Accountability of 
        the House of Representatives a report detailing recommendations 
        to leverage Government procurement policies and practices with 
        respect to software acquired by, developed by, deployed within, 
        or in use at 1 or more agencies to--
                    (A) increase the interoperability of software 
                licenses, including software entitlements and software 
                built by Government agencies;
                    (B) consolidate licenses, as appropriate;
                    (C) reduce costs;
                    (D) improve performance; and
                    (E) modernize the management and oversight of 
                software entitlements and software built by Government 
                agencies, as identified through an analysis of agency 
                plans.

SEC. 5. GAO REPORT.

    Not later than 3 years after the date of enactment of this Act, the 
Comptroller General of the United States shall submit to the Committee 
on Homeland Security and Governmental Affairs of the Senate and the 
Committee on Oversight and Accountability of the House of 
Representatives a report on--
            (1) Government-wide trends in agency software asset 
        management practices;
            (2) comparisons of software asset management practices 
        among agencies;
            (3) the establishment by the Director of processes to 
        identify, define, and harmonize common definitions, terms, and 
        conditions under section 4(e);
            (4) agency compliance with the restrictions on contract 
        support under section 3(b); and
            (5) other analyses of and findings regarding the plans of 
        agencies, as determined by the Comptroller General of the 
        United States.

SEC. 6. NO ADDITIONAL FUNDS.

    No additional funds are authorized to be appropriated for the 
purpose of carrying out this Act.

            Passed the House of Representatives December 4, 2024.

            Attest:

                                             KEVIN F. MCCUMBER,

                                                                 Clerk.
                                                       Calendar No. 666

118th CONGRESS

  2d Session

                               H. R. 1695

_______________________________________________________________________

                                 AN ACT

  To improve the visibility, accountability, and oversight of agency 
      software asset management practices, and for other purposes.

_______________________________________________________________________

                            December 5, 2024

            Received; read twice and placed on the calendar