[Senate Report 117-210]
[From the U.S. Government Publishing Office]
Calendar No. 562
117th Congress} { Report
SENATE
2d Session } { 117-210
======================================================================
FEDERAL DATA CENTER ENHANCEMENT ACT
__________
R E P O R T
OF THE
COMMITTEE ON HOMELAND SECURITY AND
GOVERNMENTAL AFFAIRS
UNITED STATES SENATE
TO ACCOMPANY
S. 4629
TO AMEND THE CARL LEVIN AND
HOWARD P. ``BUCK'' MCKEON NATIONAL DEFENSE
AUTHORIZATION ACT FOR FISCAL YEAR 2015 TO MODIFY
REQUIREMENTS RELATING TO DATA CENTERS OF CERTAIN
FEDERAL AGENCIES, AND FOR OTHER PURPOSES
[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]
November 17, 2022.--Ordered to be printed
__________
U.S. GOVERNMENT PUBLISHING OFFICE
39-010 WASHINGTON : 2022
-----------------------------------------------------------------------------------
COMMITTEE ON HOMELAND SECURITY AND GOVERNMENTAL AFFAIRS
GARY C. PETERS, Michigan, Chairman
THOMAS R. CARPER, Delaware ROB PORTMAN, Ohio
MAGGIE HASSAN, New Hampshire RON JOHNSON, Wisconsin
KYRSTEN SINEMA, Arizona RAND PAUL, Kentucky
JACKY ROSEN, Nevada JAMES LANKFORD, Oklahoma
ALEX PADILLA, California MITT ROMNEY, Utah
JON OSSOFF, Georgia RICK SCOTT, Florida
JOSH HAWLEY, Missouri
David M. Weinberg, Staff Director
Zachary I. Schram, Chief Counsel
Lena C. Chang, Director of Governmental Affairs
Matthew T. Cornelius, Senior Professional Staff Member
Pamela Thiessen, Minority Staff Director
Sam J. Mulopulos, Minority Deputy Staff Director
Cara G. Mumford, Minority Director of Governmental Affairs
Laura W. Kilbride, Chief Clerk
Calendar No. 562
117th Congress} { Report
SENATE
2d Session } { 117-210
======================================================================
FEDERAL DATA CENTER ENHANCEMENT ACT
_______
November 17, 2022.--Ordered to be printed
_______
Mr. Peters, from the Committee on Homeland Security and Governmental
Affairs, submitted the following
R E P O R T
[To accompany S. 4629]
[Including cost estimate of the Congressional Budget Office]
The Committee on Homeland Security and Governmental
Affairs, to which was referred the bill (S. 4629) to amend the
Carl Levin and Howard P. ``Buck'' McKeon National Defense
Authorization Act for Fiscal Year 2015 to modify requirements
relating to data centers of certain Federal agencies, and for
other purposes, having considered the same, reports favorably
thereon with amendments and recommends that the bill, as
amended, do pass.
CONTENTS
Page
I. Purpose and Summary..............................................1
II. Background and Need for the Legislation..........................2
III. Legislative History..............................................3
IV. Section-by-Section Analysis of the Bill, as Reported.............3
V. Evaluation of Regulatory Impact..................................4
VI. Congressional Budget Office Cost Estimate........................5
VII. Changes in Existing Law Made by the Bill, as Reported............7
I. Purpose and Summary
S. 4629, the Federal Data Center Enhancement Act of 2022,
updates and amends the Federal Data Center Consolidation
Initiative (FDCCI) authorized under the Fiscal Year 2015
National Defense Authorization Act.\1\ S. 4629 amends the
requirements of FDCCI, shifting the policy focus from
consolidation to optimization, security, and resilience. The
bill requires the Office of Management and Budget (OMB) to
coordinate a government-wide effort to develop minimum
requirements for federal data centers related to cyber
intrusions, data center availability, mission-critical uptime,
and resilience against physical attacks, and natural disasters.
It also strikes language from the Federal Information
Technology Acquisition Reform Act (FITARA) referring to data
center consolidation to ensure that federal agencies focus on
the cost savings and avoidances that can be achieved through
optimization, given the success of past data center
consolidation efforts.\2\
---------------------------------------------------------------------------
\1\National Defense Authorization Act of 2015, Public Law 113-291,
Sec. 834 (2014).
\2\The stricken language was enacted in H.R. 1232, Sec. 202(b),
113th Cong. (2013), which was incorporated into the National Defense
Authorization Act of 2015, Pub. L. No. 113-291, Sec. 834 (2014).
---------------------------------------------------------------------------
II. Background and Need for the Legislation
Federal data centers are the physical facilities where
federal agencies store and process data, and host key
information technology (IT) and cybersecurity infrastructure.
Following the passage of the FITARA, OMB launched the Federal
Data Center Optimization Initiative (DCOI) to advance data
center consolidation and improve federal data centers'
performance.\3\ By any measure, DCOI was effective and
successful; since 2010, more than 6,000 federal data centers
have been consolidated with a resulting cost savings and cost
avoidance of $5.8 billion.\4\
---------------------------------------------------------------------------
\3\Memorandum from Tony Scott, Federal Chief Information Officer,
to Heads of Executive Departments and Agencies, Data Center
Optimization Initiative (DCOI) (available at https://
datacenters.cio.gov/policy/) (Aug. 1, 2016).
\4\Government Accountability Office, Data Center Optimization:
Agencies Report Progress and Billions Saved, but OMN Needs to Improve
Its Utilization Guidance (GAO-21-212) (March 4, 2021).
---------------------------------------------------------------------------
The Government Accountability Office (GAO) has tracked and
reported on agencies' progress in consolidating data centers
regularly since 2011.\5\ In 2017, GAO issued three substantial
reports identifying opportunities for agency data center
optimization. It also included identification of improvements
for IT management on its ``high risk'' list.\6\
---------------------------------------------------------------------------
\5\Government Accountability Office, Data Center Consolidation:
Agencies Need to Complete Inventories and Plans to Achieve Expected
Savings (GAO-11-565) (Jul. 19, 2011); Government Accountability Office,
Data Center Consolidation: Agencies Making Progress on Efforts, but
Inventories and Plans Need to be Completed (GAO-12-742) (Jul. 19,
2012); Government Accountability Office, Data Center Consolidation:
Strengthened Oversight Needed to Achieve Cost Savings Goal (GAO-13-378)
(Apr. 23, 2013); Government Accountability Office, Data Center
Consolidation: Reporting Can Be Improved to Reflect Substantial Planned
Savings (GAO-14-713); Government Accountability Office, Data Center
Consolidation: Agencies Making Progress, but Planned Savings Goals Need
to Be Established (GAO-16-323) (Mar. 3, 2016).
\6\Government Accountability Office, Government Efficiency and
Effectiveness: Opportunities
to Address Pervasive Management Risks and Challenges while Reducing
Federal Costs (GAO-17-631T) (May 17, 2017); Government Accountability
Office, Agencies Need to Complete Plans to Address Inconsistencies in
Reported Savings (GAO-17-388); Government Accountability Office, Data
Center Optimization: Agencies Need to Address Challenges and Improve
Progress to Achieve Cost Savings Goal (GAO-17-488) (Aug. 15, 2017);
Government Accountability Office, Improving the Management of IT
Acquisitions and Operations (www.gao.gov/highrisk/improving-management-
it-acquisitions-and-operations) (accessed Aug. 30, 2022).
---------------------------------------------------------------------------
Building upon DCOI, in 2019 OMB issued Memorandum M-19-19
Update to the Data Center Optimization Initiative (DCOI), which
included new performance metrics for federal data centers,
required agencies to prioritize their focus on key mission
facilities, and aligned agency IT infrastructure investments to
the Cloud Smart Strategy.\7\ Recently, Congress has provided
additional direction to federal agencies on how to prioritize
the metrics and requirement of federal IT infrastructure, most
notably through the passage of the Energy Act of 2020.\8\ S.
4629 builds upon these requirements to ensure any new federal
data center complies with additional requirements, to be set by
OMB, for cybersecurity and resilience, while also urging
agencies to update their current data centers to meet the OMB
requirements when those facilities, or the contracts that
manage them, come up for review or contract renewal.
---------------------------------------------------------------------------
\7\Memorandum from Suzette Kent, Federal Chief Information Officer,
to Chief Information Officers of Executive Departments and Agencies,
Update to Data Center Optimization Initiative (DCOI) (available at
https://datacenters.cio.gov/policy/) (June 25, 2019); Office of
Management and Budget, Office of the Federal Chief Information Officer,
Federal Cloud Computing Strategy, From Cloud First to Cloud Smart
(https://cloud.cio.gov/strategy/) (accessed on Aug. 30, 2022).
\8\Consolidated Appropriations Act of 2021, Pub. L. No 116-260,
Div. Z, Sec. 1003 (2020).
---------------------------------------------------------------------------
III. Legislative History
Senator Jackie Rosen (D-NV) introduced S. 4629 on July 27,
2022, with Senator John Cornyn (R-TX) and Chairman Gary Peters
(D-MI) as cosponsors. The bill was referred to the Committee on
Homeland Security and Governmental Affairs.
The Committee considered S. 4629 at a business meeting on
August 3, 2022. During the business meeting. S. 4629 was
ordered reported favorably by voice vote en bloc. Senators
present for the vote were Peters, Hassan, Sinema, Rosen,
Padilla, Ossoff, Lankford, Romney, Scott, and Hawley.
IV. Section-by-Section Analysis of the Bill, as Reported
Section 1. Short title
This section designates the name of the bill as the
``Federal Data Center Enhancement Act of 2022.''
Section 2. Federal Data Center Consolidation Initiative amendments
Subsection (a) finds that the upcoming expiration of the
Federal Data Center Optimization Initiative authorized under
the Fiscal Year 2015 National Defense Authorization Act
presents an opportunity to review the objectives of the Federal
Data Center Optimization Initiative to ensure that the
initiative is meeting the current needs of the federal
government. This section also notes the growing need for
federal agencies to use data centers and cloud applications
that meet high standards for cybersecurity, resiliency,
availability, and sustainability.
Subsection (b) establishes minimum requirements for new
data centers. Subsection (b)(1) defines a new data center as a
data center (or a portion thereof) that is established or
substantially upgraded within 180 days of enactment and that is
owned, operated, or maintained by a covered federal agency and,
to the extent practicable, a data center owned, operated, or
maintained by a federal contractor.
Subsection (b)(2) requires the Administrator of the Office
of Electronic Government to establish minimum requirements for
new data centers in consultation with the Administrator of
General Services and the Federal Chief Information Officers
Council. These requirements relate to availability and use of
new data centers, the use of sustainable energy sources, uptime
percentage, protection against power failures, protections
against physical intrusions and natural disasters, and
information security requirements of the Federal Information
Security Modernization Act of 2014 (Pub. L. 113-283). This
subsection requires OMB to consult with the Director of the
Cybersecurity and Infrastructure Security Agency and the
National Cyber Director in establishing the requirements.
Subsection (b)(3) allows the Administrator to incorporate
the minimum requirements established under (b)(1) into the
requirements for any agency data center existing at the date of
enactment.
Subsection (b)(4) provides for periodic review of the
requirements in consultation with the Administrator of General
Services and the Federal Chief Information Officers Council.
Subsection (b)(5) requires, if, during the development and
planning lifecycle of a new data center, an agency head
determines that the agency is likely to make a management or
financial decision relating to the new data center, the head of
the covered agency shall report it to the Administrator of the
Office of Electronic Government, the Senate Committee on
Homeland Security and Governmental Affairs and the House
Committee on Oversight and Reform with a sufficiently detailed
description of how the agency intends to comply with the
minimum requirements.
Subsection (b)(6) requires agency heads, in determining
whether to establish or continue to operate a data center, to
regularly assess the agency's application portfolio to ensure
that each legacy application is updated, replaced, or
modernized, as appropriate, to take advantage of modern
technologies. The subsection also requires agency heads to
prioritize and, to the greatest extent possible, leverage
commercial cloud environments rather than acquiring,
overseeing, or managing custom data center infrastructure.
Finally, the subsection requires agencies to oversee and manage
their data centers to comply with information security
standards promulgated by the National Institute of Standards
and Technology, additional requirements of the Federal Risk
Authorization and Management Program (FedRAMP), and binding
operational directives issues by the Department of Homeland
Security.
Subsection (c) extends the sunset of the Federal Data
Center Consolidation Initiative from October 1, 2022 to October
1, 2025.
V. Evaluation of Regulatory Impact
Pursuant to the requirements of paragraph 11(b) of rule
XXVI of the Standing Rules of the Senate, the Committee has
considered the regulatory impact of this bill and determined
that the bill will have no regulatory impact within the meaning
of the rules. The Committee agrees with the Congressional
Budget Office's statement that the bill contains no
intergovernmental or private-sector mandates as defined in the
Unfunded Mandates Reform Act (UMRA) and would impose no costs
on state, local, or tribal governments.
VI. Congressional Budget Office Cost Estimate
U.S. Congress,
Congressional Budget Office,
Washington, DC, November 9, 2022.
Hon. Gary C. Peters,
Chairman, Committee on Homeland Security and Governmental Affairs, U.S.
Senate, Washington, DC.
Dear Mr. Chairman: The Congressional Budget Office has
prepared the enclosed table summarizing estimated budgetary
effects and mandates information for some of the legislation
that has been ordered reported by the Senate Committee on
Homeland Security and Governmental Affairs during the 117th
Congress.
If you wish further details, we will be pleased to provide
them. The CBO staff contact for each estimate is listed on the
enclosed table.
Sincerely,
Phillip L. Swagel,
Director.
Enclosure.
SUMMARY ESTIMATES OF LEGISLATION ORDERED REPORTED
The Congressional Budget Act of 1974 requires the
Congressional Budget Office, to the extent practicable, to
prepare estimates of the budgetary effects of legislation
ordered reported by Congressional authorizing committees. In
order to provide the Congress with as much information as
possible, the attached table summarizes information about the
estimated direct spending and revenue effects of some of the
legislation that has been ordered reported by the Senate
Committee on Homeland Security and Governmental Affairs during
the 117th Congress. The legislation listed in this table
generally would have small effects, if any, on direct spending
or revenues, CBO estimates. Where possible, the table also
provides information about the legislation's estimated effects
on spending subject to appropriation and on intergovernmental
and private-sector mandates as defined in the Unfunded Mandates
Reform Act.
ESTIMATED BUDGETARY EFFECTS AND MANDATES INFORMATION
--------------------------------------------------------------------------------------------------------------------------------------------------------
Increases
Direct Spending Subject Pay-As-You- On-Budget
Bill Title Status Last Budget Spending, Revenues, to Go Deficits Mandates Contact
Number Action Function 2023-2032 2023-2032 Appropriation, Procedures Beginning
2023-2027 Apply? in 2033?
--------------------------------------------------------------------------------------------------------------------------------------------------------
S. 4629 Federal Data Ordered 08/03/22 800 Between 0 Not estimated Yes No No Matthew
Center reported zero and Pickford
Enhancement $500,000
Act of 2022
--------------------------------------------------------------------------------------------------------------------------------------------------------
S. 4629 would extend a program to consolidate existing federal data centers; the bill also would require the Office of Electronic Government to
establish minimum requirements for new data centers that address their availability and use as well as protections against power failures, intrusions,
and natural disasters. The bill provides guidance on the criteria to consider in developing those new requirements. CBO estimates that enacting S.
4629 would have an insignificant effect on direct spending and no effect on revenues over the 2023-2032 period. CBO has not estimated the
discretionary costs of implementing the bill. The bill contains no intergovernmental or private-sector mandates as defined in the Unfunded Mandates
Reform Act.
VII. Changes in Existing Law Made by the Bill, as Reported
In compliance with paragraph 12 of rule XXVI of the
Standing Rules of the Senate, changes in existing law made by
the bill, as reported, are shown as follows: (existing law
proposed to be omitted is enclosed in brackets, new matter is
printed in italic, and existing law in which no change is
proposed is shown in roman):
UNITED STATES CODE
* * * * * * *
TITLE 44--PUBLIC PRINTING AND DOCUMENTS
* * * * * * *
CHAPTER 36--MANAGEMENT AND PROMOTION OF ELECTRONIC GOVERNMENT SERVICES
* * * * * * *
SEC. 3601. DEFINITIONS
* * * * * * *
STATUTORY NOTES AND RELATED SUBSIDIARIES
* * * * * * *
FEDERAL DATA CENTER CONSOLIDATION INITIATIVE
* * * * * * *
``(a) * * *
``(1) * * *
``(2) * * *
[``(3) FDCCI.--The term `FDCCI' means the Federal
Data Center Consolidation Initiative described in the
Office of Management and Budget Memorandum on the
Federal Data Center Consolidation Initiative, dated
February 26, 2010, or any successor thereto.
[``(4) Government-wide data center consolidation and
optimization metrics.--The term `Government-wide data
center consolidation and optimization metrics' means
the metrics established by the Administrator under
subsection (b)(2)(G).]
``(3) New data center.--The term `new data center'
means--
``(A)
``(i) a data center or a portion
thereof that is owned, operated, or
maintained by a covered agency; or
``(ii) to the extent practicable, a
data center or portion thereof--
``(I) that is owned,
operated, or maintained by a
contractor on behalf of a
covered agency on the date on
which the contract between the
covered agency and the
contractor expires; and
``(II) with respect to which
the covered agency extends the
contract, or enters into a new
contract, with the contractor;
and
``(B) on or after the date that is 180 days
after the date of enactment of the Federal Data
Center Enhancement Act of 2022, a data center
or portion thereof that is--
``(i) established; or
``(ii) substantially upgraded or
expanded.
[``(b) Federal Data Center Consolidation Inventories and
Strategies.--
[``(1) In general.--
[``(A) Annual reporting.--Except as provided
in subparagraph (C), each year, beginning in
the first fiscal year after the date of the
enactment of this Act [Dec. 19, 2014] and each
fiscal year thereafter, the head of each
covered agency, assisted by the Chief
Information Officer of the agency, shall submit
to the Administrator--
[``(i) a comprehensive inventory of
the data centers owned, operated, or
maintained by or on behalf of the
agency; and
[``(ii) a multi-year strategy to
achieve the consolidation and
optimization of the data centers
inventoried under clause (i), that
includes--
[``(I) performance metrics--
[``(aa) that are
consistent with the
Government-wide data
center consolidation
and optimization
metrics; and
[``(bb) by which the
quantitative and
qualitative progress of
the agency toward the
goals of the FDCCI can
be measured;
[``(II) a timeline for agency
activities to be completed
under the FDCCI, with an
emphasis on benchmarks the
agency can achieve by specific
dates;
[``(III) year-by-year
calculations of investment and
cost savings for the period
beginning on the date of the
enactment of this Act and
ending on the date set forth in
subsection (e), broken down by
each year, including a
description of any initial
costs for data center
consolidation and optimization
and life cycle cost savings and
other improvements, with an
emphasis on--
[``(aa) meeting the
Government-wide data
center consolidation
and optimization
metrics; and
[``(bb) demonstrating
the amount of agency-
specific cost savings
each fiscal year
achieved through the
FDCCI; and
[``(IV) any additional
information required by the
Administrator.
[``(B) Use of other reporting structures.--
The Administrator may require a covered agency
to include the information required to be
submitted under this subsection through
reporting structures determined by the
Administrator to be appropriate.
[``(C) Department of defense reporting.--For
any year that the Department of Defense is
required to submit a performance plan for
reduction of resources required for data
servers and centers, as required under section
2867(b) of the National Defense Authorization
Act for Fiscal Year 2012 [Pub. L. 112-81] (10
U.S.C. 2223a note), the Department of Defense--
[``(i) may submit to the
Administrator, in lieu of the multi-
year strategy required under
subparagraph (A)(ii)--
[``(I) the defense-wide plan
required under section
2867(b)(2) of the National
Defense Authorization Act for
Fiscal Year 2012 (10 U.S.C.
2223a note); and
[``(II) the report on cost
savings required under section
2867(d) of the National Defense
Authorization Act for Fiscal
Year 2012 (10 U.S.C. 2223a
note); and
[``(ii) shall submit the
comprehensive inventory required under
subparagraph (A)(i), unless the
defense-wide plan required under
section 2867(b)(2) of the National
Defense Authorization Act for Fiscal
Year 2012 (10 U.S.C. 2223a note)--
[``(I) contains a comparable
comprehensive inventory; and
[``(II) is submitted under
clause (i).
[``(D) Statement.--Each year, beginning in
the first fiscal year after the date of the
enactment of this Act and each fiscal year
thereafter, the head of each covered agency,
acting through the Chief Information Officer of
the agency, shall--
[``(i)
[``(I) submit a statement to
the Administrator stating
whether the agency has complied
with the requirements of this
section; and
[``(II) make the statement
submitted under subclause (I)
publicly available; and
[``(ii) if the agency has not
complied with the requirements of this
section, submit a statement to the
Administrator explaining the reasons
for not complying with such
requirements.
[``(E) Agency implementation of strategies.--
[``(i) In general.--Each covered
agency, under the direction of the
Chief Information Officer of the
agency, shall--
[``(I) implement the strategy
required under subparagraph
(A)(ii); and
[``(II) provide updates to
the Administrator, on a
quarterly basis, of--
[``(aa) the
completion of
activities by the
agency under the FDCCI;
[``(bb) any progress
of the agency towards
meeting the Government-
wide data center
consolidation and
optimization metrics;
and
[``(cc) the actual
cost savings and other
improvements realized
through the
implementation of the
strategy of the agency.
[``(ii) Department of defense.--For
purposes of clause (i)(I),
implementation of the defense-wide plan
required under section 2867(b)(2) of
the National Defense Authorization Act
for Fiscal Year 2012 [Pub. L. 112-81]
(10 U.S.C. 2223a note) by the
Department of Defense shall be
considered implementation of the
strategy required under subparagraph
(A)(ii).
[``(F) Rule of construction.--Nothing in this
section shall be construed to limit the
reporting of information by a covered agency to
the Administrator, the Director of the Office
of Management and Budget, or Congress.
[``(2) Administrator responsibilities.--The
Administrator shall--
[``(A) establish the deadline, on an annual
basis, for covered agencies to submit
information under this section;
[``(B) establish a list of requirements that
the covered agencies must meet to be considered
in compliance with paragraph (1);
[``(C) ensure that information relating to
agency progress towards meeting the Government-
wide data center consolidation and optimization
metrics is made available in a timely manner to
the general public;
[``(D) review the inventories and strategies
submitted under paragraph (1) to determine
whether they are comprehensive and complete;
[``(E) monitor the implementation of the data
center strategy of each covered agency that is
required under paragraph (1)(A)(ii);
[``(F) update, on an annual basis, the
cumulative cost savings realized through the
implementation of the FDCCI; and
[``(G) establish metrics applicable to the
consolidation and optimization of data centers
Government-wide, including metrics with respect
to--
[``(i) costs;
[``(ii) efficiencies, including, at a
minimum, server efficiency; and
[``(iii) any other factors the
Administrator considers appropriate.
[``(3) Cost saving goal and updates for congress.--
[``(A) In general.--Not later than one year
after the date of the enactment of this Act,
the Administrator shall develop, and make
publicly available, a goal, broken down by
year, for the amount of planned cost savings
and optimization improvements achieved through
the FDCCI during the period beginning on the
date of the enactment of this Act and ending on
the date set forth in subsection (e).
[``(B) Annual update.--
[``(i) In general.--Not later than
one year after the date on which the
goal described in subparagraph (A) is
made publicly available, and each year
thereafter, the Administrator shall
aggregate the reported cost savings of
each covered agency and optimization
improvements achieved to date through
the FDCCI and compare the savings to
the projected cost savings and
optimization improvements developed
under subparagraph (A).
[``(ii) Update for congress.--The
goal required to be developed under
subparagraph (A) shall be submitted to
Congress and shall be accompanied by a
statement describing--
[``(I) the extent to which
each covered agency has
developed and submitted a
comprehensive inventory under
paragraph (1)(A)(i), including
an analysis of the inventory
that details specific numbers,
use, and efficiency level of
data centers in each inventory;
and
[``(II) the extent to which
each covered agency has
submitted a comprehensive
strategy that addresses the
items listed in paragraph
(1)(A)(ii).
[``(4) GAO review.--
[``(A) In general.--Not later than one year
after the date of the enactment of this Act,
and each year thereafter, the Comptroller
General of the United States shall review and
verify the quality and completeness of the
inventory and strategy of each covered agency
required under paragraph (1)(A).
[``(B) Report.--The Comptroller General of
the United States shall, on an annual basis,
publish a report on each review conducted under
subparagraph (A).]
(b) Minimum Requirements for New Data Centers.--
(1) In general.--Not later than 180 days after the
date of enactment of the Federal Data Center
Enhancement Act of 2022, the Administrator shall
establish minimum requirements for new data centers in
consultation with the Administrator of General Services
and the Federal Chief Information Officers Council.
(2) Contents.--
(A) In general.--The minimum requirements
established under paragraph (1) shall include
requirements relating to--
(i) the availability of new data
centers;
(ii) the use of new data centers;
(iii) the use of sustainable energy
sources;
(iv) uptime percentage;
(v) protections against power
failures, including on-site energy
generation and access to multiple
transmission paths;
(vi) protections against physical
intrusions and natural disasters;
(vii) information security
protections required by subchapter II
of chapter 35 of title 44, United
States Code, and other applicable law
and policy; and
(viii) any other requirements the
Administrator determines appropriate.
(B) Consultation.--In establishing the
requirements described in subparagraph
(A)(vii), the Administrator shall consult with
the Director of the Cybersecurity and
Infrastructure Security Agency and the National
Cyber Director.
(3) Use of existing standards.--The Administrator may
incorporate the minimum requirements established under
paragraph (1) into the appropriate requirements of any
agency data center existing as of the date of enactment
of the Federal Data Center Enhancement Act of 2022.
(4) Review of standards.--The Administrator, in
consultation with the Administrator of General Services
and the Federal Chief Information Officers Council,
shall review, update, and modify the minimum
requirements established under paragraph (1), as
necessary.
(5) Report on new data centers.--During the
development and planning lifecycle of a new data
center, if the head of a covered agency determines that
the covered agency is likely to make a management or
financial decision relating to the new data center, the
head of the covered agency shall--
(A) Notify--
(i) the Administrator;
(ii) Committee on Homeland Security
and Governmental Affairs of the Senate;
and
(iii) Committee on Oversight and
Reform of the House of Representatives;
and
(B) describe in the notification with
sufficient detail how the covered agency
intends to comply with the minimum requirements
established under paragraph (1).
(6) Use of technology.--In determining whether to
establish or continue to operate a data center, the
head of a covered agency shall--
(A) regularly assess the application
portfolio of the covered agency and ensure that
each legacy application is updated, replaced,
or modernized, as appropriate, to take
advantage of modern technologies; and
(B) prioritize and, to the greatest extent
possible, leverage commercial cloud
environments rather than acquiring, overseeing,
or managing custom data center infrastructure.
``(c) * * *
``(d) * * *
``(e) Sunset.--This section is repealed effective on
October 1, [2022] 2025.''
[all]