[Congressional Bills 106th Congress]
[From the U.S. Government Publishing Office]
[H.R. 3906 Reported in House (RH)]






                                                 Union Calendar No. 412
106th CONGRESS
  2d Session
                                H. R. 3906

                  [Report No. 106-696, Parts I and II]

 To ensure that the Department of Energy has appropriate mechanisms to 
     independently assess the effectiveness of its policy and site 
performance in the areas of safeguards and security and cyber security.


_______________________________________________________________________


                    IN THE HOUSE OF REPRESENTATIVES

                             March 14, 2000

 Mr. Bliley (for himself, Mr. Upton, Mr. Barton of Texas, and Mr. Burr 
of North Carolina) introduced the following bill; which was referred to 
 the Committee on Commerce, and in addition to the Committees on Armed 
 Services, and Science, for a period to be subsequently determined by 
the Speaker, in each case for consideration of such provisions as fall 
           within the jurisdiction of the committee concerned

                             June 23, 2000

       Reported from the Committee on Commerce with an amendment
 [Strike out all after the enacting clause and insert the part printed 
                               in italic]

                             June 23, 2000

   Referral to the Committee on Armed Services extended for a period 
                  ending not later than July 12, 2000

                             June 23, 2000

 Referral to the Committee on Science extended for a period ending not 
                        later than June 23, 2000

                             June 23, 2000

                  The Committee on Science discharged

                             July 12, 2000

                   Additional sponsor: Mr. Pickering

                             July 12, 2000

  Reported from the Committee on the Armed Services with amendments, 
   committed to the Committee of the Whole House on the State of the 
                    Union, and ordered to be printed
 [Strike out all after the enacting clause and insert the part printed 
                           in boldface roman]
 [For text of introduced bill, see copy of bill as introduced on March 
                               14, 2000]

_______________________________________________________________________

                                 A BILL


 
 To ensure that the Department of Energy has appropriate mechanisms to 
     independently assess the effectiveness of its policy and site 
performance in the areas of safeguards and security and cyber security.

    Be it enacted by the Senate and House of Representatives of the 
United States of America in Congress assembled,

SECTION 1. SHORT TITLE.

    This Act may be cited as the ``Department of Energy Security 
Oversight Improvement Act of 2000''.

SEC. 2. FINDINGS.

    The Congress finds that--
            (1) internal Department of Energy oversight of safeguards 
        and security has suffered over the years from inconsistent 
        application, lack of senior management attention, reduced 
        resources, and overlapping and conflicting roles and 
        responsibilities among various Department offices;
            (2) the Department of Energy is in need of a statutorily-
        based independent security oversight office with the 
        responsibility to regularly assess the effectiveness of the 
        Department's policy and site performance in the area of 
        safeguards and security, including computer security, and 
        report to the Secretary on such findings annually;
            (3) the Department of Energy's oversight of security at its 
        sites should be streamlined to reduce overlapping and redundant 
        oversight, to improve accountability, and to ensure greater 
        consistency in application, findings, and reporting of results; 
        and
            (4) it is appropriate to establish a single, independent 
        security oversight office within the Department of Energy, 
        without prejudice to the continued compliance assurance 
        activities conducted at the Department site level.

SEC. 3. OFFICE OF INDEPENDENT SECURITY OVERSIGHT.

    (a) Office.--The Secretary of Energy shall maintain an Office of 
Independent Security Oversight, which shall be headed by a Director 
appointed by the Secretary without regard to political affiliation and 
solely on the basis of integrity and demonstrated ability in the 
oversight and evaluation of security for nuclear and classified 
programs. The Director shall report directly to and be under the 
general supervision of the Secretary, but the Director shall not report 
to or be subject to supervision by any other office or officer of the 
Department of Energy. The Secretary shall not prevent, prohibit, or 
delay the Director from initiating, carrying out, or completing any 
inspection, evaluation, or report undertaken pursuant to this Act. Such 
Office shall be responsible for carrying out the missions and functions 
described in subsections (c) and (d), but the Office shall have no 
authority to establish or require the implementation of any change to 
the policies, programs, or practices of the Department of Energy.
    (b) Experts and Consultants.--In addition to employees of the 
Department of Energy, the Director is authorized to utilize such 
experts and consultants as the Director deems appropriate. For such 
purposes, the Director may procure temporary and intermittent services 
under section 3109(b) of title 5, United States Code. Upon request of 
the Director, the head of any Federal agency is authorized to detail, 
on a reimbursable basis, any of the personnel of such agency to the 
Director to assist the Director in carrying out functions under this 
section.
    (c) Mission.--The Office of Independent Security Oversight shall be 
responsible for the independent evaluation of the effectiveness of 
safeguards and security (including computer security) policies, 
programs, and practices throughout the Department of Energy, including 
the National Nuclear Security Administration. The Office shall identify 
security weaknesses, make recommendations to the Secretary for 
improvement, and review the effectiveness and timeliness of corrective 
actions taken by the Department.
    (d) Functions.--The Office of Independent Security Oversight shall 
perform the following functions:
            (1) Conduct regular evaluations of safeguards and security 
        programs at Department of Energy sites that have significant 
        amounts of special nuclear material, classified information, or 
        other security interests. The scope of the evaluations shall 
        include all aspects of safeguards and security, including 
        physical protection of special nuclear material, accountability 
        of special nuclear material, protection of classified and 
        sensitive information, classified and unclassified computer 
        security, personnel security, and interactions with foreign 
        nationals.
            (2) Issue reports to the Secretary that clearly identify 
        specific findings relating to security weaknesses, and make 
        recommendations for improvement.
            (3) Perform timely followup reviews to ensure that any 
        corrective actions implemented by the Department are effective.
            (4) Evaluate and assess Department of Energy policies 
        related to safeguards and security.
            (5) Develop recommendations and opportunities for improving 
        safeguards and security policies, programs, and practices for 
        submittal to the Secretary.
            (6) Any other function the Secretary considers appropriate 
        and consistent with the mission described in subsection (c).
    (e) Timing of Regular Evaluations.--
            (1) General rule.--Except as provided in paragraph (2), 
        evaluations conducted under subsection (d)(1) shall occur at 
        least once every 2 years.
            (2) Computer security evaluations.--Evaluations conducted 
        under subsection (d)(1) with respect to classified and 
        unclassified computer security shall occur at least once every 
        18 months.
    (f) Access to Information.--In carrying out this section, the 
Director shall have access to all records and personnel of the 
Department concerning its safeguards and security programs, including 
classified and unclassified computer security programs.

SEC. 4. REPORTS.

    (a) Report by Office.--The Office of Independent Security Oversight 
shall, before February 15 of each year, transmit to the Secretary of 
Energy an unclassified report, with a classified appendix if requested 
or necessary, summarizing the activities of the Office during the 
immediately preceding calendar year. Such report shall include--
            (1) a summary of each significant report made to the 
        Secretary pursuant to this Act during the reporting period, 
        including a description of key security findings contained in 
        those reports;
            (2) the adequacy of corrective actions, if any, taken by 
        the Department to address significant problems and 
        deficiencies;
            (3) an identification of each significant problem or 
        deficiency described in previous annual reports on which 
        corrective action has not been effectively completed;
            (4) a description and explanation of the reasons for any 
        significant revisions to security policy decisions made during 
        the reporting period; and
            (5) a description of any significant security policy 
        decision with which the Director is in disagreement, along with 
        an explanation of the reasons for disagreement.
    (b) Report by Secretary.--The Secretary of Energy shall, before 
March 15 of each year, transmit to the appropriate committees of 
Congress, without alteration, the Office's annual report submitted 
under subsection (a), along with an unclassified report, with a 
classified appendix if requested or necessary, summarizing the 
Secretary's response thereto. Such report from the Secretary shall 
include--
            (1) a description of the Secretary's response to each 
        significant report and security finding made to the Secretary 
        pursuant to this Act during the reporting period;
            (2) an explanation of the reasons for any failure on the 
        part of the Department of Energy to remedy security findings 
        identified by the Office in the current annual report and 
        previous annual reports; and
            (3) to the extent relevant, an explanation of how the 
        President's budget submissions will impact the ability of the 
        Department to remedy unresolved security findings identified by 
        the Office in its annual reports.
    (c) Public Availability.--Within 60 days after the transmission of 
the annual reports to the Congress under subsection (b), the Secretary 
of Energy shall make copies of the unclassified portions of such 
reports available to the public.
    (d) Special Reports.--The Director of the Office of Independent 
Security Oversight shall report immediately to the Secretary of Energy 
whenever the Director becomes aware of deficiencies relating to the 
security programs, practices, or operations of the Department of Energy 
that require an immediate response. The Secretary shall, within 7 
calendar days after receiving a report under this subsection, notify 
the appropriate committees of Congress in writing and explain the 
corrective actions taken to address such deficiencies.
    (e) Congressional Testimony and Briefings.--The Director of the 
Office of Independent Security Oversight, whenever called to testify 
before any Committee of Congress or to brief its Members or staff, 
shall provide the Secretary of Energy with advance notice of the 
subject matter of that testimony or briefing, but shall provide the 
requested information to the Congress without any further review, 
clearance, or approval by any other official in the Executive Branch.

SECTION 1. SHORT TITLE.

    This Act may be cited as the ``National Nuclear Security 
Administration Security Oversight Improvement Act of 2000''.

SEC. 2. OFFICE OF INDEPENDENT SECURITY OVERSIGHT.

    (a) Office Required.--Subtitle B of the National Nuclear Security 
Administration Act (title XXXII of Public Law 106-65; 113 Stat. 953; 50 
U.S.C. 2401 et seq.) is amended by inserting at the end the following 
new section:

``SEC. 3237. OFFICE OF INDEPENDENT SECURITY OVERSIGHT.

    ``(a) Office Required.--The Administrator shall maintain an Office 
of Independent Security Oversight, which shall be headed by a Director 
appointed by the Administrator without regard to political affiliation 
and solely on the basis of integrity and demonstrated ability in the 
oversight and evaluation of security for nuclear and classified 
programs. The Director shall report directly to and be under the 
general supervision of the Administrator, but the Director shall not be 
subject to supervision by any other office or officer of the 
Administration or of the Department of Energy. Neither the Secretary of 
Energy nor the Administrator shall prevent, prohibit, or delay the 
Director from initiating, carrying out, or completing any inspection, 
evaluation, or report undertaken pursuant to this section or from 
submitting to the Congress any such report. Such Office shall be 
responsible for carrying out the missions and functions described in 
subsections (c) and (d), but the Office shall have no authority to 
establish or require the implementation of any change to the policies, 
programs, or practices of the Administration.
    ``(b) Experts and Consultants.--In addition to employees of the 
Administration, the Director is authorized to utilize such experts and 
consultants as the Director deems appropriate. For such purposes, the 
Director may procure temporary and intermittent services under section 
3109(b) of title 5, United States Code. Upon request of the Director, 
the head of any Federal agency is authorized to detail, on a 
reimbursable basis, any of the personnel of such agency to the Director 
to assist the Director in carrying out functions under this section.
    ``(c) Mission.--The Office of Independent Security Oversight shall 
be responsible for the independent evaluation of the effectiveness of 
safeguards and security (including computer security) policies, 
programs, and practices of the Administration. The Office shall 
identify security weaknesses, make recommendations to the Administrator 
for improvement, and review the effectiveness and timeliness of 
corrective actions taken by the Administration.
    ``(d) Functions.--The Office of Independent Security Oversight 
shall perform the following functions:
            ``(1) Conduct regular evaluations of safeguards and 
        security programs at Administration sites that have significant 
        amounts of special nuclear material, classified information, or 
        other security interests. The scope of the evaluations shall 
        include all aspects of safeguards and security, including 
        physical protection of special nuclear material, accountability 
        of special nuclear material, protection of classified and 
        sensitive information, classified and unclassified computer 
        security, personnel security, and interactions with foreign 
        nationals.
            ``(2) Issue reports to the Administrator that clearly 
        identify specific findings relating to security weaknesses, and 
        make recommendations for improvement.
            ``(3) Perform timely followup reviews to assess the 
        effectiveness of any corrective actions implemented by the 
        Administration.
            ``(4) Evaluate and assess Administration policies related 
        to safeguards and security.
            ``(5) Develop recommendations and opportunities for 
        improving safeguards and security policies, programs, and 
        practices for submittal to the Administrator.
            ``(6) Any other function the Administrator considers 
        appropriate and consistent with the mission described in 
        subsection (c).
    ``(e) Timing of Regular Evaluations.--
            ``(1) General rule.--Except as provided in paragraph (2), 
        evaluations conducted under subsection (d)(1) shall occur at 
        least once every two years.
            ``(2) Computer security evaluations.--Evaluations conducted 
        under subsection (d)(1) with respect to classified and 
        unclassified computer security shall occur at least once every 
        18 months.
    ``(f) Access to Information.--In carrying out this section, the 
Director shall have access to all records and personnel of the 
Administration concerning its safeguards and security programs, 
including classified and unclassified computer security programs.
    ``(g) Report by Office.--The Office of Independent Security 
Oversight shall, before February 15 of each year, transmit to the 
Administrator and the Secretary an unclassified report, with a 
classified appendix if requested or necessary, summarizing the 
activities of the Office during the immediately preceding calendar 
year. Such report shall include--
            ``(1) a summary of each significant report made to the 
        Administrator pursuant to this section during the reporting 
        period, including a description of key security findings 
        contained in those reports;
            ``(2) the adequacy of corrective actions, if any, taken by 
        the Administration to address significant problems and 
        deficiencies;
            ``(3) an identification of each significant problem or 
        deficiency described in previous annual reports on which 
corrective action has not been effectively completed; and
            ``(4) a description of any significant security policy 
        decision with which the Director is in disagreement, along with 
        an explanation of the reasons for disagreement.
    ``(h) Report by Administrator.--The Administrator shall, before 
March 15 of each year, transmit to the appropriate committees of 
Congress, without alteration, the Office's annual report submitted 
under subsection (g), along with an unclassified report, with a 
classified appendix if requested or necessary, summarizing the 
Administrator's response thereto. Such report from the Administrator 
shall include--
            ``(1) a description of the Administrator's response to each 
        significant report and security finding made to the 
        Administrator pursuant to this section during the reporting 
        period;
            ``(2) an explanation of the reasons for any failure on the 
        part of the Administration to remedy security findings 
        identified by the Office in the current annual report and 
        previous annual reports; and
            ``(3) to the extent relevant, an explanation of how the 
        President's budget submissions will impact the ability of the 
        Administration to remedy unresolved security findings 
        identified by the Office in its annual reports.
    ``(i) Public Availability.--Within 60 days after the transmission 
of the annual reports to the Congress under subsection (h), the 
Administrator shall make copies of the unclassified portions of such 
reports available to the public.
    ``(j) Special Reports.--The Director of the Office of Independent 
Security Oversight shall report immediately to the Administrator 
whenever the Director becomes aware of deficiencies relating to the 
security programs, practices, or operations of the Administration that 
require an immediate response. The Administrator shall, within seven 
calendar days after receiving a report under this subsection, notify 
the appropriate committees of Congress in writing and explain the 
corrective actions taken to address such deficiencies.
    ``(k) Congressional Testimony and Briefings.--The Director of the 
Office of Independent Security Oversight, whenever called to testify 
before a committee of Congress or to brief any Member of Congress or 
congressional staff, shall provide the Administrator with advance 
notice of the subject matter of that testimony or briefing, but shall 
provide the requested information to the Congress without any further 
review, clearance, or approval by any other official in the Executive 
Branch.''.
    (b) Clerical Amendment.--The table of contents at the beginning of 
such Act is amended by inserting after the item relating to section 
3236 the following new item:

``Sec. 3237. Office of Independent Security Oversight.''.
            Amend the title so as to read: ``A bill to ensure that the 
        National Nuclear Security Administration has appropriate 
        mechanisms to independently assess the effectiveness of its 
        policy and site performance in the areas of safeguards and 
        security and cyber security.''.
                                                 Union Calendar No. 412

106th CONGRESS

  2d Session

                               H. R. 3906

                  [Report No. 106-696, Parts I and II]

_______________________________________________________________________

                                 A BILL

 To ensure that the Department of Energy has appropriate mechanisms to 
     independently assess the effectiveness of its policy and site 
performance in the areas of safeguards and security and cyber security.

_______________________________________________________________________

                             July 12, 2000

  Reported from the Committee on the Armed Services with amendments, 
   committed to the Committee of the Whole House on the State of the 
                    Union, and ordered to be printed