[Congressional Bills 118th Congress]
[From the U.S. Government Publishing Office]
[H.R. 9566 Introduced in House (IH)]
<DOC>
118th CONGRESS
2d Session
H. R. 9566
To require governmentwide source code sharing, and for other purposes.
_______________________________________________________________________
IN THE HOUSE OF REPRESENTATIVES
September 12, 2024
Mr. Langworthy (for himself and Mr. Timmons) introduced the following
bill; which was referred to the Committee on Oversight and
Accountability
_______________________________________________________________________
A BILL
To require governmentwide source code sharing, and for other purposes.
Be it enacted by the Senate and House of Representatives of the
United States of America in Congress assembled,
SECTION 1. SHORT TITLE.
This Act may be cited as the ``Source code Harmonization And Reuse
in Information Technology Act'' or the ``SHARE IT Act''.
SEC. 2. DEFINITIONS.
In this Act:
(1) Agency.--The term ``agency'' has the meaning given that
term in section 3502 of title 44, United States Code.
(2) Appropriate congressional committees.--The term
``appropriate congressional committees'' means the Committee on
Homeland Security and Governmental Affairs of the Senate and
the Committee on Oversight and Accountability of the House of
Representatives.
(3) Custom-developed code.--The term ``custom-developed
code''--
(A) means source code that is--
(i) produced in the performance of a
contract with an agency or is otherwise
exclusively funded by the Federal Government;
or
(ii) developed by a Federal employee as
part of the official duties of the employee;
(B) includes--
(i) source code, or segregable portions of
source code, for which the Federal Government
could obtain unlimited rights under part 27 of
the Federal Acquisition Regulation or any
relevant supplemental acquisition regulations
of an agency; and
(ii) source code written for a software
project, module, plugin, script, middleware, or
application programming interface; and
(C) does not include--
(i) source code that is solely exploratory
or disposable in nature, including source code
written by a developer experimenting with a new
language or library; or
(ii) commercial computer software,
commercial off-the-shelf software, or
configuration scripts for such software.
(4) Federal employee.--The term ``Federal employee'' has
the meaning given the term in section 2105(a) of title 5,
United States Code.
(5) Metadata.--The term ``metadata'', with respect to
custom-developed code--
(A) has the meaning given that term in section 3502
of title 44, United States Code; and
(B) includes--
(i) information on whether the custom-
developed code was--
(I) produced pursuant to a
contract; or
(II) shared in a public or private
repository;
(ii) any contract number under which the
custom-developed code was produced; and
(iii) any hyperlink to the repository in
such the code was shared.
(6) Private repository.--The term ``private repository''
means a software storage location--
(A) that contains source code, documentation, and
other files; and
(B) access to which is restricted to only
authorized users.
(7) Public repository.--The term ``public repository''
means a software storage location--
(A) that contains source code, documentation, and
other files; and
(B) access to which is open to the public.
(8) Software.--The term ``software'' has the meaning given
the term ``computer software'' in section 2.101 of title 48,
Code of Federal Regulations, or any successor regulation.
(9) Source code.--The term ``source code'' means a
collection of computer commands written in a computer
programming language that a computer can execute as a piece of
software.
SEC. 3. SOFTWARE REUSE.
(a) Sharing.--Not later than 210 days after the date of enactment
of this Act, the head of each agency shall ensure that the custom-
developed code of the agency and other key technical components
(including documentation, data models, schemas, metadata, and
architecture designs) of the code is--
(1) stored at not less than 1 public repository or private
repository;
(2) accessible to Federal employees via procedures
developed under subsection (d)(1)(A)(ii)(III); and
(3) owned by the agency.
(b) Software Reuse Rights in Procurement Contracts.--The head of an
agency that enters into a contract for the custom development of
software for use by the agency shall acquire and exercise rights
sufficient to enable the governmentwide access to, sharing of, use of,
and modification of any custom-developed code created in the
development of such software.
(c) Discovery.--Not later than 210 days after the date of enactment
of this Act, the head of each agency shall make metadata created on or
after such date for the custom-developed code of the agency publicly
accessible.
(d) Accountability Mechanisms.--
(1) Agency cios.--Not later than 180 days after the date of
enactment of this Act, the Chief Information Officer of each
agency, in consultation with the Chief Acquisition Officer, or
similar official, of the agency and the Federal Chief
Information Officer, shall develop an agency-wide policy that--
(A) implements the requirements of this Act,
including--
(i) ensuring that custom-developed code
follows the best practices established by the
Director of the Office and Management and
Budget under paragraph (3) for operating
repositories and version control systems to
keep track of changes and to facilitate
collaboration among multiple developers; and
(ii) managing the sharing of custom-
developed code under subsection (b), and the
public accessibility of metadata under
subsection (c), including developing--
(I) procedures to determine whether
any custom-developed code meets the
conditions under section 4(b) for an
exemption under this Act;
(II) procedures for making metadata
for custom-developed code publicly
accessible pursuant to subsection (c);
(III) procedures for Federal
employees to gain access to public
repositories and private repositories
that contain custom developed source
code; and
(IV) standardized reporting
practices across the agency to capture
key information relating to a contract
under which custom-developed source
code was produced for reporting
statistics about the contract; and
(B) corrects or amends any policies of the agency
that are inconsistent with the requirements of this
Act.
(2) Administrator of the office of electronic government.--
(A) Minimum standard reporting requirements.--Not
later than 120 days after the date of enactment of this
Act, the Administrator of the Office of Electronic
Government shall establish minimum standard reporting
requirements for the Chief Information Officers of
agencies, which shall include information relating to--
(i) measuring the frequency of reuse of
code, including access and modification under
subsection (b);
(ii) whether the shared code is maintained;
(iii) whether there is a feedback mechanism
for improvements to or community development of
the shared code; and
(iv) the number and circumstances of all
exemptions granted under section 4(a)(2).
(B) Annual report.--Not later than 1 year after the
date of enactment of this Act, and annually thereafter,
the Administrator of the Office of Electronic
Government shall submit to Congress a report on the
status of the implementation of this Act by each
agency, including--
(i) a complete list of all exemptions
granted under section 4(a)(2); and
(ii) a table showing whether each agency
has updated the acquisition and other policies
of the agency to be compliant with this Act.
(3) Guidance.--The Director of the Office of Management and
Budget shall issue guidance, consistent with the purpose of
this Act, that establishes best practices and uniform
procedures across agencies for the purposes of implementing
this subsection.
SEC. 4. EXEMPTIONS.
(a) In General.--
(1) Automatic.--
(A) In general.--This Act shall not apply to
classified source code or source code developed
primarily for use in a national security system (as
defined in section 11103 of title 40, United States
Code).
(B) National security.--An exemption from the
requirements under section 3 shall apply to classified
source code or source code developed--
(i) primarily for use in a national
security system (as defined in section 11103 of
title 40, United States Code); or
(ii) by an agency, or part of an agency,
that is an element of the intelligence
community (as defined in section 3(4) of the
National Security Act of 1947 (50 U.S.C.
3003(4)).
(C) Freedom of information act.--An exemption from
the requirements under section 3 shall apply to source
code the disclosure of which is exempt under section
552(b) of title 5, United States Code (commonly known
as the ``Freedom of Information Act'').
(2) Discretionary.--
(A) Exemption and guidance.--
(i) In general.--The Chief Information
Officer of an agency, in consultation with the
Federal Privacy Council, or any successor
thereto, may exempt from the requirements of
section 3 any source code for which a limited
exemption described in subparagraph (B)
applies.
(ii) Guidance required.--The Federal
Privacy Council shall provide guidance to the
Chief Information Officer of each agency
relating to the limited exemption described in
subparagraph (B)(ii) to ensure consistent
application of this paragraph across agencies.
(B) Limited exemptions.--The limited exemptions
described in this paragraph are the following:
(i) The head of the agency is prohibited
from providing the source code to another
individual or entity under another Federal law
or regulation, including under--
(I) the Export Administration
Regulations;
(II) the International Traffic in
Arms Regulations;
(III) the regulations of the
Transportation Security Administration
relating to the protection of Sensitive
Security Information; and
(IV) the Federal laws and
regulations governing the sharing of
classified information not covered by
the exemption in paragraph (1).
(ii) The sharing or public accessibility of
the source code would create an identifiable
risk to the privacy of an individual.
(b) Reports Required.--
(1) In general.--Not later than December 31 of each year,
the Chief Information Officer of an agency shall submit to the
Administrator of the Office of Electronic Government a report
of the source code of the agency to which an exemption under
subsection (1) or (2) of subsection (a) applied during the
fiscal year ending on September 30 of that year with a brief
narrative justification of each exemption.
(2) Form.--The report under paragraph (1) shall be
submitted in unclassified form, with a classified annex as
appropriate.
(3) Annual report.--Not later than 1 year after the date of
enactment of this Act, and annually thereafter, the
Administrator of the Office of Electronic Government shall
submit to the appropriate congressional committees a report on
the status of the implementation of this Act by each agency,
including--
(A) a compilation of all information, including a
narrative justification, relating to each exemption
granted under paragraph (1) or (2) of subsection (a);
(B) a table showing whether each agency has updated
the acquisition and other policies of the agency to be
compliant with this Act;
(C) an evaluation of the compliance of the agency
with the framework described in section 3(d)(2)(A); and
(D) a classified annex as appropriate.
SEC. 5. GAO REPORT ON INFORMATION TECHNOLOGY PRACTICES.
(a) Initial Report.--Not later than 1 year after the date of
enactment of this Act, the Comptroller General of the United States
shall submit to Congress a report that includes an assessment of--
(1) any duplication in the procurement of software by
agencies, including estimates of the frequency and dollar value
of such duplication;
(2) how source code sharing and open-source software
collaboration can improve cybersecurity at agencies;
(3) how the adoption of cloud-based software may support
the heads of Federal agencies; and
(4) how the acquisition of commercial software may support
the heads of Federal agencies.
(b) Supplemental Report.--Not later than 2 years after the date of
enactment of this Act, the Comptroller General of the United States
shall submit to Congress a report that includes an assessment of the
implementation of this Act.
SEC. 6. RULE OF CONSTRUCTION.
Nothing in this Act may be construed as requiring the disclosure of
information or records that are exempt from public disclosure under
section 552 of title 5, United States Code (commonly known as the
``Freedom of Information Act'').
SEC. 7. APPLICATION.
This Act shall apply to custom-developed code that is developed or
revised--
(1) by a Federal employee not less than 180 days after the
date of enactment of this Act; or
(2) under a contract awarded pursuant to a solicitation
issued not less than 180 days after the date of enactment of
this Act.
SEC. 8. NO ADDITIONAL FUNDING.
No additional funds are authorized to be appropriated to carry out
this Act.
<all>