118 HR 6256 IH: To require that the Chief Information Officer of the Bureau of Information Resources submit an annual report that lists all the information technology procurement awards and contracts that were awarded over $10,000,000. U.S. House of Representatives 2023-11-07 text/xml EN Pursuant to Title 17 Section 105 of the United States Code, this file is not subject to copyright protection and is in the public domain.

I 118th CONGRESS1st Session H. R. 6256 IN THE HOUSE OF REPRESENTATIVES November 7, 2023 Mr. Baird introduced the following bill; which was referred to the Committee on Foreign Affairs A BILL To require that the Chief Information Officer of the Bureau of Information Resources submit an annual report that lists all the information technology procurement awards and contracts that were awarded over $10,000,000.

1.

Cybersecurity prioritization in information technology procurement

(a)

Sense of congress

It is the sense of Congress that— (1)the Department has not sufficiently emphasized cybersecurity in its operations or in its procurement of information technology, and that these shortcomings have contributed to numerous cybersecurity incidents at the Department; and (2)the Department should prioritize, to the highest level and to a greater extent than it already does, the minimization of cybersecurity risks in its procurement of information technology. (b)

Annual report

The Chief Information Officer in the Bureau of Information Resources Management shall submit to the appropriate congressional committees an annual report which— (1)describes all Department information technology procurement contracts awarded in the year prior to the issuance of the report, including the name of the awardee and the information technology they were contracted to procure; and (2)for all Department information technology procurement contracts awarded in the year prior to the issuance of the report with contract price exceeding $10,000,000— (A)details the cybersecurity risks which have been or will be created by the information technology procured or intended to be procured under the contract, including the Department’s strategy for mitigating these risks; (B)justifies the Department’s choice to award the contract to its particular awardee in light of those cybersecurity risks; and (C)justifies the Department’s choice to procure such information technology in light of those cybersecurity risks. (c)

Definitions

In this Act: (1)

Appropriate congressional committees

The term appropriate congressional committees means the House Committee on Foreign Affairs and the Senate Committee on Foreign Relations. (2)

Cybersecurity incident

The term cybersecurity incident has the meaning given the term incident in section 3552 of title 44, United States Code. (3)

Cybersecurity risk

The term cybersecurity risk has the meaning given that term in section 2200 of the Homeland Security Act of 2002 (6 U.S.C. 650), except that it refers exclusively to cybersecurity risks to the Department’s information and information systems. (4)

Department

The term Department means the United States Department of State. (5)

Information system

The term information system has the meaning given that term in section 3502 of title 44, United States Code. (6)

Information technology

The term information technology has the meaning given that term in section 11101 of title 40, United States Code.