[Congressional Bills 107th Congress]
[From the U.S. Government Publishing Office]
[H.R. 2458 Engrossed in House (EH)]

  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
107th CONGRESS
  2d Session
                                H. R. 2458

_______________________________________________________________________

                                 AN ACT


 
   To enhance the management and promotion of electronic Government 
  services and processes by establishing a Federal Chief Information 
Officer within the Office of Management and Budget, and by establishing 
    a broad framework of measures that require using Internet-based 
    information technology to enhance citizen access to Government 
           information and services, and for other purposes.

    Be it enacted by the Senate and House of Representatives of the 
United States of America in Congress assembled,

SECTION 1. SHORT TITLE; TABLE OF CONTENTS.

    (a) Short Title.--This Act may be cited as the ``E-Government Act 
of 2002''.
    (b) Table of Contents.--The table of contents for this Act is as 
follows:

Sec. 1. Short title; table of contents.
Sec. 2. Findings and purposes.
TITLE I--OFFICE OF MANAGEMENT AND BUDGET ELECTRONIC GOVERNMENT SERVICES

Sec. 101. Management and promotion of electronic government services.
Sec. 102. Conforming amendments.
  TITLE II--FEDERAL MANAGEMENT AND PROMOTION OF ELECTRONIC GOVERNMENT 
                                SERVICES

Sec. 201. Definitions.
Sec. 202. Federal agency responsibilities.
Sec. 203. Compatibility of executive agency methods for use and 
                            acceptance of electronic signatures.
Sec. 204. Federal Internet portal.
Sec. 205. Federal courts.
Sec. 206. Regulatory agencies.
Sec. 207. Accessibility, usability, and preservation of government 
                            information.
Sec. 208. Privacy provisions.
Sec. 209. Federal information technology workforce development.
Sec. 210. Share-in-savings initiatives.
Sec. 211. Authorization for acquisition of information technology by 
                            State and local governments through Federal 
                            supply schedules.
Sec. 212. Integrated reporting study and pilot projects.
Sec. 213. Community technology centers.
Sec. 214. Enhancing crisis management through advanced information 
                            technology.
Sec. 215. Disparities in access to the Internet.
Sec. 216. Common protocols for geographic information systems.
                    TITLE III--INFORMATION SECURITY

Sec. 301. Information security.
Sec. 302. Management of information technology.
Sec. 303. National Institute of Standards and Technology.
Sec. 304. Information Security and Privacy Advisory Board.
Sec. 305. Technical and conforming amendments.
     TITLE IV--AUTHORIZATION OF APPROPRIATIONS AND EFFECTIVE DATES

Sec. 401. Authorization of appropriations.
Sec. 402. Effective dates.
TITLE V--CONFIDENTIAL INFORMATION PROTECTION AND STATISTICAL EFFICIENCY

Sec. 501. Short title.
Sec. 502. Definitions.
Sec. 503. Coordination and oversight of policies.
Sec. 504. Effect on other laws.
            Subtitle A--Confidential Information Protection

Sec. 511. Findings and purposes.
Sec. 512. Limitations on use and disclosure of data and information.
Sec. 513. Fines and penalties.
                   Subtitle B--Statistical Efficiency

Sec. 521. Findings and purposes.
Sec. 522. Designation of statistical agencies.
Sec. 523. Responsibilities of designated statistical agencies.
Sec. 524. Sharing of business data among designated statistical 
                            agencies.
Sec. 525. Limitations on use of business data provided by designated 
                            statistical agencies.
Sec. 526. Conforming amendments.

SEC. 2. FINDINGS AND PURPOSES.

    (a) Findings.--Congress finds the following:
            (1) The use of computers and the Internet is rapidly 
        transforming societal interactions and the relationships among 
        citizens, private businesses, and the Government.
            (2) The Federal Government has had uneven success in 
        applying advances in information technology to enhance 
        governmental functions and services, achieve more efficient 
        performance, increase access to Government information, and 
        increase citizen participation in Government.
            (3) Most Internet-based services of the Federal Government 
        are developed and presented separately, according to the 
        jurisdictional boundaries of an individual department or 
        agency, rather than being integrated cooperatively according to 
        function or topic.
            (4) Internet-based Government services involving 
        interagency cooperation are especially difficult to develop and 
        promote, in part because of a lack of sufficient funding 
        mechanisms to support such interagency cooperation.
            (5) Electronic Government has its impact through improved 
        Government performance and outcomes within and across agencies.
            (6) Electronic Government is a critical element in the 
        management of Government, to be implemented as part of a 
        management framework that also addresses finance, procurement, 
        human capital, and other challenges to improve the performance 
        of Government.
            (7) To take full advantage of the improved Government 
        performance that can be achieved through the use of Internet-
        based technology requires strong leadership, better 
        organization, improved interagency collaboration, and more 
        focused oversight of agency compliance with statutes related to 
        information resource management.
    (b) Purposes.--The purposes of this Act are the following:
            (1) To provide effective leadership of Federal Government 
        efforts to develop and promote electronic Government services 
        and processes by establishing an Administrator of a new Office 
        of Electronic Government within the Office of Management and 
        Budget.
            (2) To promote use of the Internet and other information 
        technologies to provide increased opportunities for citizen 
        participation in Government.
            (3) To promote interagency collaboration in providing 
        electronic Government services, where this collaboration would 
        improve the service to citizens by integrating related 
        functions, and in the use of internal electronic Government 
        processes, where this collaboration would improve the 
        efficiency and effectiveness of the processes.
            (4) To improve the ability of the Government to achieve 
        agency missions and program performance goals.
            (5) To promote the use of the Internet and emerging 
        technologies within and across Government agencies to provide 
        citizen-centric Government information and services.
            (6) To reduce costs and burdens for businesses and other 
        Government entities.
            (7) To promote better informed decisionmaking by policy 
        makers.
            (8) To promote access to high quality Government 
        information and services across multiple channels.
            (9) To make the Federal Government more transparent and 
        accountable.
            (10) To transform agency operations by utilizing, where 
        appropriate, best practices from public and private sector 
        organizations.
            (11) To provide enhanced access to Government information 
        and services in a manner consistent with laws regarding 
        protection of personal privacy, national security, records 
        retention, access for persons with disabilities, and other 
        relevant laws.

TITLE I--OFFICE OF MANAGEMENT AND BUDGET ELECTRONIC GOVERNMENT SERVICES

SEC. 101. MANAGEMENT AND PROMOTION OF ELECTRONIC GOVERNMENT SERVICES.

    (a) In General.--Title 44, United States Code, is amended by 
inserting after chapter 35 the following:

    ``CHAPTER 36--MANAGEMENT AND PROMOTION OF ELECTRONIC GOVERNMENT 
                                SERVICES

``Sec.
``3601. Definitions.
``3602. Office of Electronic Government.
``3603. Chief Information Officers Council.
``3604. E-Government Fund.
``3605. Program to encourage innovative solutions to enhance electronic 
                            Government services and processes.
``3606. E-Government report.
``Sec. 3601. Definitions
    ``In this chapter, the definitions under section 3502 shall apply, 
and the term--
            ``(1) `Administrator' means the Administrator of the Office 
        of Electronic Government established under section 3602;
            ``(2) `Council' means the Chief Information Officers 
        Council established under section 3603;
            ``(3) `electronic Government' means the use by the 
        Government of web-based Internet applications and other 
        information technologies, combined with processes that 
        implement these technologies, to--
                    ``(A) enhance the access to and delivery of 
                Government information and services to the public, 
                other agencies, and other Government entities; or
                    ``(B) bring about improvements in Government 
                operations that may include effectiveness, efficiency, 
                service quality, or transformation;
            ``(4) `enterprise architecture'--
                    ``(A) means--
                            ``(i) a strategic information asset base, 
                        which defines the mission;
                            ``(ii) the information necessary to perform 
                        the mission;
                            ``(iii) the technologies necessary to 
                        perform the mission; and
                            ``(iv) the transitional processes for 
                        implementing new technologies in response to 
                        changing mission needs; and
                    ``(B) includes--
                            ``(i) a baseline architecture;
                            ``(ii) a target architecture; and
                            ``(iii) a sequencing plan;
            ``(5) `Fund' means the E-Government Fund established under 
        section 3604;
            ``(6) `interoperability' means the ability of different 
        operating and software systems, applications, and services to 
        communicate and exchange data in an accurate, effective, and 
        consistent manner;
            ``(7) `integrated service delivery' means the provision of 
        Internet-based Federal Government information or services 
        integrated according to function or topic rather than separated 
        according to the boundaries of agency jurisdiction; and
            ``(8) `tribal government' means--
                    ``(A) the governing body of any Indian tribe, band, 
                nation, or other organized group or community located 
                in the continental United States (excluding the State 
                of Alaska) that is recognized as eligible for the 
                special programs and services provided by the United 
                States to Indians because of their status as Indians, 
                and
                    ``(B) any Alaska Native regional or village 
                corporation established pursuant to the Alaska Native 
                Claims Settlement Act (43 U.S.C. 1601 et seq.).
``Sec. 3602. Office of Electronic Government
    ``(a) There is established in the Office of Management and Budget 
an Office of Electronic Government.
    ``(b) There shall be at the head of the Office an Administrator who 
shall be appointed by the President.
    ``(c) The Administrator shall assist the Director in carrying out--
            ``(1) all functions under this chapter;
            ``(2) all of the functions assigned to the Director under 
        title II of the E-Government Act of 2002; and
            ``(3) other electronic government initiatives, consistent 
        with other statutes.
    ``(d) The Administrator shall assist the Director and the Deputy 
Director for Management and work with the Administrator of the Office 
of Information and Regulatory Affairs in setting strategic direction 
for implementing electronic Government, under relevant statutes, 
including--
            ``(1) chapter 35;
            ``(2) subtitle III of title 40, United States Code;
            ``(3) section 552a of title 5 (commonly referred to as the 
        `Privacy Act');
            ``(4) the Government Paperwork Elimination Act (44 U.S.C. 
        3504 note); and
            ``(5) the Federal Information Security Management Act of 
        2002.
    ``(e) The Administrator shall work with the Administrator of the 
Office of Information and Regulatory Affairs and with other offices 
within the Office of Management and Budget to oversee implementation of 
electronic Government under this chapter, chapter 35, the E-Government 
Act of 2002, and other relevant statutes, in a manner consistent with 
law, relating to--
            ``(1) capital planning and investment control for 
        information technology;
            ``(2) the development of enterprise architectures;
            ``(3) information security;
            ``(4) privacy;
            ``(5) access to, dissemination of, and preservation of 
        Government information;
            ``(6) accessibility of information technology for persons 
        with disabilities; and
            ``(7) other areas of electronic Government.
    ``(f) Subject to requirements of this chapter, the Administrator 
shall assist the Director by performing electronic Government functions 
as follows:
            ``(1) Advise the Director on the resources required to 
        develop and effectively administer electronic Government 
        initiatives.
            ``(2) Recommend to the Director changes relating to 
        Governmentwide strategies and priorities for electronic 
        Government.
            ``(3) Provide overall leadership and direction to the 
        executive branch on electronic Government.
            ``(4) Promote innovative uses of information technology by 
        agencies, particularly initiatives involving multiagency 
        collaboration, through support of pilot projects, research, 
        experimentation, and the use of innovative technologies.
            ``(5) Oversee the distribution of funds from, and ensure 
        appropriate administration and coordination of, the E-
        Government Fund established under section 3604.
            ``(6) Coordinate with the Administrator of General Services 
        regarding programs undertaken by the General Services 
        Administration to promote electronic government and the 
        efficient use of information technologies by agencies.
            ``(7) Lead the activities of the Chief Information Officers 
        Council established under section 3603 on behalf of the Deputy 
        Director for Management, who shall chair the council.
            ``(8) Assist the Director in establishing policies which 
        shall set the framework for information technology standards 
        for the Federal Government developed by the National Institute 
        of Standards and Technology and promulgated by the Secretary of 
        Commerce under section 11331 of title 40, taking into account, 
        if appropriate, recommendations of the Chief Information 
        Officers Council, experts, and interested parties from the 
        private and nonprofit sectors and State, local, and tribal 
        governments, and maximizing the use of commercial standards as 
        appropriate, including the following:
                    ``(A) Standards and guidelines for 
                interconnectivity and interoperability as described 
                under section 3504.
                    ``(B) Consistent with the process under section 
                207(d) of the E-Government Act of 2002, standards and 
                guidelines for categorizing Federal Government 
                electronic information to enable efficient use of 
                technologies, such as through the use of extensible 
                markup language.
                    ``(C) Standards and guidelines for Federal 
                Government computer system efficiency and security.
            ``(9) Sponsor ongoing dialogue that--
                    ``(A) shall be conducted among Federal, State, 
                local, and tribal government leaders on electronic 
                Government in the executive, legislative, and judicial 
                branches, as well as leaders in the private and 
                nonprofit sectors, to encourage collaboration and 
                enhance understanding of best practices and innovative 
                approaches in acquiring, using, and managing 
                information resources;
                    ``(B) is intended to improve the performance of 
                governments in collaborating on the use of information 
                technology to improve the delivery of Government 
                information and services; and
                    ``(C) may include--
                            ``(i) development of innovative models--
                                    ``(I) for electronic Government 
                                management and Government information 
                                technology contracts; and
                                    ``(II) that may be developed 
                                through focused discussions or using 
                                separately sponsored research;
                            ``(ii) identification of opportunities for 
                        public-private collaboration in using Internet-
                        based technology to increase the efficiency of 
                        Government-to-business transactions;
                            ``(iii) identification of mechanisms for 
                        providing incentives to program managers and 
                        other Government employees to develop and 
                        implement innovative uses of information 
                        technologies; and
                            ``(iv) identification of opportunities for 
                        public, private, and intergovernmental 
                        collaboration in addressing the disparities in 
                        access to the Internet and information 
                        technology.
            ``(10) Sponsor activities to engage the general public in 
        the development and implementation of policies and programs, 
        particularly activities aimed at fulfilling the goal of using 
        the most effective citizen-centered strategies and those 
        activities which engage multiple agencies providing similar or 
        related information and services.
            ``(11) Oversee the work of the General Services 
        Administration and other agencies in developing the integrated 
        Internet-based system under section 204 of the E-Government Act 
        of 2002.
            ``(12) Coordinate with the Administrator for Federal 
        Procurement Policy to ensure effective implementation of 
        electronic procurement initiatives.
            ``(13) Assist Federal agencies, including the General 
        Services Administration, the Department of Justice, and the 
        United States Access Board in--
                    ``(A) implementing accessibility standards under 
                section 508 of the Rehabilitation Act of 1973 (29 
                U.S.C. 794d); and
                    ``(B) ensuring compliance with those standards 
                through the budget review process and other means.
            ``(14) Oversee the development of enterprise architectures 
        within and across agencies.
            ``(15) Assist the Director and the Deputy Director for 
        Management in overseeing agency efforts to ensure that 
        electronic Government activities incorporate adequate, risk-
        based, and cost-effective security compatible with business 
        processes.
            ``(16) Administer the Office of Electronic Government 
        established under this section.
            ``(17) Assist the Director in preparing the E-Government 
        report established under section 3606.
    ``(g) The Director shall ensure that the Office of Management and 
Budget, including the Office of Electronic Government, the Office of 
Information and Regulatory Affairs, and other relevant offices, have 
adequate staff and resources to properly fulfill all functions under 
the E-Government Act of 2002.
``Sec. 3603. Chief Information Officers Council
    ``(a) There is established in the executive branch a Chief 
Information Officers Council.
    ``(b) The members of the Council shall be as follows:
            ``(1) The Deputy Director for Management of the Office of 
        Management and Budget, who shall act as chairperson of the 
        Council.
            ``(2) The Administrator of the Office of Electronic 
        Government.
            ``(3) The Administrator of the Office of Information and 
        Regulatory Affairs.
            ``(4) The chief information officer of each agency 
        described under section 901(b) of title 31.
            ``(5) The chief information officer of the Central 
        Intelligence Agency.
            ``(6) The chief information officer of the Department of 
        the Army, the Department of the Navy, and the Department of the 
        Air Force, if chief information officers have been designated 
        for such departments under section 3506(a)(2)(B).
            ``(7) Any other officer or employee of the United States 
        designated by the chairperson.
    ``(c)(1) The Administrator of the Office of Electronic Government 
shall lead the activities of the Council on behalf of the Deputy 
Director for Management.
    ``(2)(A) The Vice Chairman of the Council shall be selected by the 
Council from among its members.
    ``(B) The Vice Chairman shall serve a 1-year term, and may serve 
multiple terms.
    ``(3) The Administrator of General Services shall provide 
administrative and other support for the Council.
    ``(d) The Council is designated the principal interagency forum for 
improving agency practices related to the design, acquisition, 
development, modernization, use, operation, sharing, and performance of 
Federal Government information resources.
    ``(e) In performing its duties, the Council shall consult regularly 
with representatives of State, local, and tribal governments.
    ``(f) The Council shall perform functions that include the 
following:
            ``(1) Develop recommendations for the Director on 
        Government information resources management policies and 
        requirements.
            ``(2) Share experiences, ideas, best practices, and 
        innovative approaches related to information resources 
        management.
            ``(3) Assist the Administrator in the identification, 
        development, and coordination of multiagency projects and other 
        innovative initiatives to improve Government performance 
        through the use of information technology.
            ``(4) Promote the development and use of common performance 
        measures for agency information resources management under this 
        chapter and title II of the E-Government Act of 2002.
            ``(5) Work as appropriate with the National Institute of 
        Standards and Technology and the Administrator to develop 
        recommendations on information technology standards developed 
        under section 20 of the National Institute of Standards and 
        Technology Act (15 U.S.C. 278g-3) and promulgated under section 
        11331 of title 40, and maximize the use of commercial standards 
        as appropriate, including the following:
                    ``(A) Standards and guidelines for 
                interconnectivity and interoperability as described 
                under section 3504.
                    ``(B) Consistent with the process under section 
                207(d) of the E-Government Act of 2002, standards and 
                guidelines for categorizing Federal Government 
                electronic information to enable efficient use of 
                technologies, such as through the use of extensible 
                markup language.
                    ``(C) Standards and guidelines for Federal 
                Government computer system efficiency and security.
            ``(6) Work with the Office of Personnel Management to 
        assess and address the hiring, training, classification, and 
        professional development needs of the Government related to 
        information resources management.
            ``(7) Work with the Archivist of the United States to 
        assess how the Federal Records Act can be addressed effectively 
        by Federal information resources management activities.
``Sec. 3604. E-Government Fund
    ``(a)(1) There is established in the Treasury of the United States 
the E-Government Fund.
    ``(2) The Fund shall be administered by the Administrator of the 
General Services Administration to support projects approved by the 
Director, assisted by the Administrator of the Office of Electronic 
Government, that enable the Federal Government to expand its ability, 
through the development and implementation of innovative uses of the 
Internet or other electronic methods, to conduct activities 
electronically.
    ``(3) Projects under this subsection may include efforts to--
            ``(A) make Federal Government information and services more 
        readily available to members of the public (including 
        individuals, businesses, grantees, and State and local 
        governments);
            ``(B) make it easier for the public to apply for benefits, 
        receive services, pursue business opportunities, submit 
        information, and otherwise conduct transactions with the 
        Federal Government; and
            ``(C) enable Federal agencies to take advantage of 
        information technology in sharing information and conducting 
        transactions with each other and with State and local 
        governments.
    ``(b)(1) The Administrator shall--
            ``(A) establish procedures for accepting and reviewing 
        proposals for funding;
            ``(B) consult with interagency councils, including the 
        Chief Information Officers Council, the Chief Financial 
        Officers Council, and other interagency management councils, in 
        establishing procedures and reviewing proposals; and
            ``(C) assist the Director in coordinating resources that 
        agencies receive from the Fund with other resources available 
        to agencies for similar purposes.
    ``(2) When reviewing proposals and managing the Fund, the 
Administrator shall observe and incorporate the following procedures:
            ``(A) A project requiring substantial involvement or 
        funding from an agency shall be approved by a senior official 
        with agencywide authority on behalf of the head of the agency, 
        who shall report directly to the head of the agency.
            ``(B) Projects shall adhere to fundamental capital planning 
        and investment control processes.
            ``(C) Agencies shall identify in their proposals resource 
        commitments from the agencies involved and how these resources 
        would be coordinated with support from the Fund, and include 
        plans for potential continuation of projects after all funds 
        made available from the Fund are expended.
            ``(D) After considering the recommendations of the 
        interagency councils, the Director, assisted by the 
        Administrator, shall have final authority to determine which of 
        the candidate projects shall be funded from the Fund.
            ``(E) Agencies shall assess the results of funded projects.
    ``(c) In determining which proposals to recommend for funding, the 
Administrator--
            ``(1) shall consider criteria that include whether a 
        proposal--
                    ``(A) identifies the group to be served, including 
                citizens, businesses, the Federal Government, or other 
                governments;
                    ``(B) indicates what service or information the 
                project will provide that meets needs of groups 
                identified under subparagraph (A);
                    ``(C) ensures proper security and protects privacy;
                    ``(D) is interagency in scope, including projects 
                implemented by a primary or single agency that--
                            ``(i) could confer benefits on multiple 
                        agencies; and
                            ``(ii) have the support of other agencies; 
                        and
                    ``(E) has performance objectives that tie to agency 
                missions and strategic goals, and interim results that 
                relate to the objectives; and
            ``(2) may also rank proposals based on criteria that 
        include whether a proposal--
                    ``(A) has Governmentwide application or 
                implications;
                    ``(B) has demonstrated support by the public to be 
                served;
                    ``(C) integrates Federal with State, local, or 
                tribal approaches to service delivery;
                    ``(D) identifies resource commitments from 
                nongovernmental sectors;
                    ``(E) identifies resource commitments from the 
                agencies involved;
                    ``(F) uses web-based technologies to achieve 
                objectives;
                    ``(G) identifies records management and records 
                access strategies;
                    ``(H) supports more effective citizen participation 
                in and interaction with agency activities that further 
                progress toward a more citizen-centered Government;
                    ``(I) directly delivers Government information and 
                services to the public or provides the infrastructure 
                for delivery;
                    ``(J) supports integrated service delivery;
                    ``(K) describes how business processes across 
                agencies will reflect appropriate transformation 
                simultaneous to technology implementation; and
                    ``(L) is new or innovative and does not supplant 
                existing funding streams within agencies.
    ``(d) The Fund may be used to fund the integrated Internet-based 
system under section 204 of the E-Government Act of 2002.
    ``(e) None of the funds provided from the Fund may be transferred 
to any agency until 15 days after the Administrator of the General 
Services Administration has submitted to the Committees on 
Appropriations of the Senate and the House of Representatives, the 
Committee on Governmental Affairs of the Senate, the Committee on 
Government Reform of the House of Representatives, and the appropriate 
authorizing committees of the Senate and the House of Representatives, 
a notification and description of how the funds are to be allocated and 
how the expenditure will further the purposes of this chapter.
    ``(f)(1) The Director shall report annually to Congress on the 
operation of the Fund, through the report established under section 
3606.
    ``(2) The report under paragraph (1) shall describe--
            ``(A) all projects which the Director has approved for 
        funding from the Fund; and
            ``(B) the results that have been achieved to date for these 
        funded projects.
    ``(g)(1) There are authorized to be appropriated to the Fund--
            ``(A) $45,000,000 for fiscal year 2003;
            ``(B) $50,000,000 for fiscal year 2004;
            ``(C) $100,000,000 for fiscal year 2005;
            ``(D) $150,000,000 for fiscal year 2006; and
            ``(E) such sums as are necessary for fiscal year 2007.
    ``(2) Funds appropriated under this subsection shall remain 
available until expended.
``Sec. 3605. Program to encourage innovative solutions to enhance 
              electronic Government services and processes
    ``(a) Establishment of Program.--The Administrator shall establish 
and promote a Governmentwide program to encourage contractor innovation 
and excellence in facilitating the development and enhancement of 
electronic Government services and processes.
    ``(b) Issuance of Announcements Seeking Innovative Solutions.--
Under the program, the Administrator, in consultation with the Council 
and the Administrator for Federal Procurement Policy, shall issue 
announcements seeking unique and innovative solutions to facilitate the 
development and enhancement of electronic Government services and 
processes.
    ``(c) Multiagency Technical Assistance Team.--(1) The 
Administrator, in consultation with the Council and the Administrator 
for Federal Procurement Policy, shall convene a multiagency technical 
assistance team to assist in screening proposals submitted to the 
Administrator to provide unique and innovative solutions to facilitate 
the development and enhancement of electronic Government services and 
processes. The team shall be composed of employees of the agencies 
represented on the Council who have expertise in scientific and 
technical disciplines that would facilitate the assessment of the 
feasibility of the proposals.
    ``(2) The technical assistance team shall--
            ``(A) assess the feasibility, scientific and technical 
        merits, and estimated cost of each proposal; and
            ``(B) submit each proposal, and the assessment of the 
        proposal, to the Administrator.
    ``(3) The technical assistance team shall not consider or evaluate 
proposals submitted in response to a solicitation for offers for a 
pending procurement or for a specific agency requirement.
    ``(4) After receiving proposals and assessments from the technical 
assistance team, the Administrator shall consider recommending 
appropriate proposals for funding under the E-Government Fund 
established under section 3604 or, if appropriate, forward the proposal 
and the assessment of it to the executive agency whose mission most 
coincides with the subject matter of the proposal.
``Sec. 3606. E-Government report
    ``(a) Not later than March 1 of each year, the Director shall 
submit an E-Government status report to the Committee on Governmental 
Affairs of the Senate and the Committee on Government Reform of the 
House of Representatives.
    ``(b) The report under subsection (a) shall contain--
            ``(1) a summary of the information reported by agencies 
        under section 202(f) of the E-Government Act of 2002;
            ``(2) the information required to be reported by section 
        3604(f); and
            ``(3) a description of compliance by the Federal Government 
        with other goals and provisions of the E-Government Act of 
        2002.''.
    (b) Technical and Conforming Amendment.--The table of chapters for 
title 44, United States Code, is amended by inserting after the item 
relating to chapter 35 the following:

``36. Management and Promotion of Electronic Government         3601''.
                            Services.

SEC. 102. CONFORMING AMENDMENTS.

    (a) Electronic Government and Information Technologies.--
            (1) In general.--Chapter 3 of title 40, United States Code, 
        is amended by inserting after section 304 the following new 
        section:
``Sec. 305. Electronic Government and information technologies
    ``The Administrator of General Services shall consult with the 
Administrator of the Office of Electronic Government on programs 
undertaken by the General Services Administration to promote electronic 
Government and the efficient use of information technologies by Federal 
agencies.''.
            (2) Technical and conforming amendment.--The table of 
        sections for chapter 3 of such title is amended by inserting 
        after the item relating to section 304 the following:

``305. Electronic Government and information technologies.''.
    (b) Modification of Deputy Director for Management Functions.--
Section 503(b) of title 31, United States Code, is amended--
            (1) by redesignating paragraphs (5), (6), (7), (8), and 
        (9), as paragraphs (6), (7), (8), (9), and (10), respectively; 
        and
            (2) by inserting after paragraph (4) the following:
            ``(5) Chair the Chief Information Officers Council 
        established under section 3603 of title 44.''.
    (c) Office of Electronic Government.--
            (1) In general.--Chapter 5 of title 31, United States Code, 
        is amended by inserting after section 506 the following:
``Sec. 507. Office of Electronic Government
    ``The Office of Electronic Government, established under section 
3602 of title 44, is an office in the Office of Management and 
Budget.''.
            (2) Technical and conforming amendment.--The table of 
        sections for chapter 5 of title 31, United States Code, is 
        amended by inserting after the item relating to section 506 the 
        following:

``507. Office of Electronic Government.''.

  TITLE II--FEDERAL MANAGEMENT AND PROMOTION OF ELECTRONIC GOVERNMENT 
                                SERVICES

SEC. 201. DEFINITIONS.

    Except as otherwise provided, in this title the definitions under 
sections 3502 and 3601 of title 44, United States Code, shall apply.

SEC. 202. FEDERAL AGENCY RESPONSIBILITIES.

    (a) In General.--The head of each agency shall be responsible for--
            (1) complying with the requirements of this Act (including 
        the amendments made by this Act), the related information 
        resource management policies and guidance established by the 
        Director of the Office of Management and Budget, and the 
        related information technology standards promulgated by the 
        Secretary of Commerce;
            (2) ensuring that the information resource management 
        policies and guidance established under this Act by the 
        Director, and the related information technology standards 
        promulgated by the Secretary of Commerce are communicated 
        promptly and effectively to all relevant officials within their 
        agency; and
            (3) supporting the efforts of the Director and the 
        Administrator of the General Services Administration to 
        develop, maintain, and promote an integrated Internet-based 
        system of delivering Federal Government information and 
        services to the public under section 204.
    (b) Performance Integration.--
            (1) Agencies shall develop performance measures that 
        demonstrate how electronic government enables progress toward 
        agency objectives, strategic goals, and statutory mandates.
            (2) In measuring performance under this section, agencies 
        shall rely on existing data collections to the extent 
        practicable.
            (3) Areas of performance measurement that agencies should 
        consider include--
                    (A) customer service;
                    (B) agency productivity; and
                    (C) adoption of innovative information technology, 
                including the appropriate use of commercial best 
                practices.
            (4) Agencies shall link their performance goals, as 
        appropriate, to key groups, including citizens, businesses, and 
        other governments, and to internal Federal Government 
        operations.
            (5) As appropriate, agencies shall work collectively in 
        linking their performance goals to groups identified under 
        paragraph (4) and shall use information technology in 
        delivering Government information and services to those groups.
    (c) Avoiding Diminished Access.--When promulgating policies and 
implementing programs regarding the provision of Government information 
and services over the Internet, agency heads shall consider the impact 
on persons without access to the Internet, and shall, to the extent 
practicable--
            (1) ensure that the availability of Government information 
        and services has not been diminished for individuals who lack 
        access to the Internet; and
            (2) pursue alternate modes of delivery that make Government 
        information and services more accessible to individuals who do 
        not own computers or lack access to the Internet.
    (d) Accessibility to People With Disabilities.--All actions taken 
by Federal departments and agencies under this Act shall be in 
compliance with section 508 of the Rehabilitation Act of 1973 (29 
U.S.C. 794d).
    (e) Sponsored Activities.--Agencies shall sponsor activities that 
use information technology to engage the public in the development and 
implementation of policies and programs.
    (f) Chief Information Officers.--The Chief Information Officer of 
each of the agencies designated under chapter 36 of title 44, United 
States Code (as added by this Act) shall be responsible for--
            (1) participating in the functions of the Chief Information 
        Officers Council; and
            (2) monitoring the implementation, within their respective 
        agencies, of information technology standards promulgated by 
        the Secretary of Commerce, including common standards for 
        interconnectivity and interoperability, categorization of 
        Federal Government electronic information, and computer system 
        efficiency and security.
    (g) E-Government Status Report.--
            (1) In general.--Each agency shall compile and submit to 
        the Director an annual E-Government Status Report on--
                    (A) the status of the implementation by the agency 
                of electronic government initiatives;
                    (B) compliance by the agency with this Act; and
                    (C) how electronic Government initiatives of the 
                agency improve performance in delivering programs to 
                constituencies.
            (2) Submission.--Each agency shall submit an annual report 
        under this subsection--
                    (A) to the Director at such time and in such manner 
                as the Director requires;
                    (B) consistent with related reporting requirements; 
                and
                    (C) which addresses any section in this title 
                relevant to that agency.
    (h) Use of Technology.--Nothing in this Act supersedes the 
responsibility of an agency to use or manage information technology to 
deliver Government information and services that fulfill the statutory 
mission and programs of the agency.
    (i) National Security Systems.--
            (1) Inapplicability.--Except as provided under paragraph 
        (2), this title does not apply to national security systems as 
        defined in section 11103 of title 40, United States Code.
            (2) Applicability.--This section, section 203, and section 
        214 do apply to national security systems to the extent 
        practicable and consistent with law.

SEC. 203. COMPATIBILITY OF EXECUTIVE AGENCY METHODS FOR USE AND 
              ACCEPTANCE OF ELECTRONIC SIGNATURES.

    (a) Purpose.--The purpose of this section is to achieve 
interoperable implementation of electronic signatures for appropriately 
secure electronic transactions with Government.
    (b) Electronic Signatures.--In order to fulfill the objectives of 
the Government Paperwork Elimination Act (Public Law 105-277; 112 Stat. 
2681-749 through 2681-751), each Executive agency (as defined under 
section 105 of title 5, United States Code) shall ensure that its 
methods for use and acceptance of electronic signatures are compatible 
with the relevant policies and procedures issued by the Director.
    (c) Authority for Electronic Signatures.--The Administrator of 
General Services shall support the Director by establishing a framework 
to allow efficient interoperability among Executive agencies when using 
electronic signatures, including processing of digital signatures.
    (d) Authorization of Appropriations.--There are authorized to be 
appropriated to the General Services Administration, to ensure the 
development and operation of a Federal bridge certification authority 
for digital signature compatibility, and for other activities 
consistent with this section, $8,000,000 or such sums as are necessary 
in fiscal year 2003, and such sums as are necessary for each fiscal 
year thereafter.

SEC. 204. FEDERAL INTERNET PORTAL.

    (a) In General.--
            (1) Public access.--The Director shall work with the 
        Administrator of the General Services Administration and other 
        agencies to maintain and promote an integrated Internet-based 
        system of providing the public with access to Government 
        information and services.
            (2) Criteria.--To the extent practicable, the integrated 
        system shall be designed and operated according to the 
        following criteria:
                    (A) The provision of Internet-based Government 
                information and services directed to key groups, 
                including citizens, business, and other governments, 
                and integrated according to function or topic rather 
                than separated according to the boundaries of agency 
                jurisdiction.
                    (B) An ongoing effort to ensure that Internet-based 
                Government services relevant to a given citizen 
                activity are available from a single point.
                    (C) Access to Federal Government information and 
                services consolidated, as appropriate, with Internet-
                based information and services provided by State, 
                local, and tribal governments.
                    (D) Access to Federal Government information held 
                by 1 or more agencies shall be made available in a 
                manner that protects privacy, consistent with law.
    (b) Authorization of Appropriations.--There are authorized to be 
appropriated to the General Services Administration $15,000,000 for the 
maintenance, improvement, and promotion of the integrated Internet-
based system for fiscal year 2003, and such sums as are necessary for 
fiscal years 2004 through 2007.

SEC. 205. FEDERAL COURTS.

    (a) Individual Court Websites.--The Chief Justice of the United 
States, the chief judge of each circuit and district and of the Court 
of Federal Claims, and the chief bankruptcy judge of each district 
shall cause to be established and maintained, for the court of which 
the judge is chief justice or judge, a website that contains the 
following information or links to websites with the following 
information:
            (1) Location and contact information for the courthouse, 
        including the telephone numbers and contact names for the 
        clerk's office and justices' or judges' chambers.
            (2) Local rules and standing or general orders of the 
        court.
            (3) Individual rules, if in existence, of each justice or 
        judge in that court.
            (4) Access to docket information for each case.
            (5) Access to the substance of all written opinions issued 
        by the court, regardless of whether such opinions are to be 
        published in the official court reporter, in a text searchable 
        format.
            (6) Access to documents filed with the courthouse in 
        electronic form, to the extent provided under subsection (c).
            (7) Any other information (including forms in a format that 
        can be downloaded) that the court determines useful to the 
        public.
    (b) Maintenance of Data Online.--
            (1) Update of information.--The information and rules on 
        each website shall be updated regularly and kept reasonably 
        current.
            (2) Closed cases.--Electronic files and docket information 
        for cases closed for more than 1 year are not required to be 
        made available online, except all written opinions with a date 
        of issuance after the effective date of this section shall 
        remain available online.
    (c) Electronic Filings.--
            (1) In general.--Except as provided under paragraph (2) or 
        in the rules prescribed under paragraph (3), each court shall 
        make any document that is filed electronically publicly 
        available online. A court may convert any document that is 
        filed in paper form to electronic form. To the extent such 
        conversions are made, all such electronic versions of the 
        document shall be made available online.
            (2) Exceptions.--Documents that are filed that are not 
        otherwise available to the public, such as documents filed 
        under seal, shall not be made available online.
            (3) Privacy and security concerns.--(A)(i) The Supreme 
        Court shall prescribe rules, in accordance with sections 2072 
        and 2075 of title 28, United States Code, to protect privacy 
        and security concerns relating to electronic filing of 
        documents and the public availability under this subsection of 
        documents filed electronically.
            (ii) Such rules shall provide to the extent practicable for 
        uniform treatment of privacy and security issues throughout the 
        Federal courts.
            (iii) Such rules shall take into consideration best 
        practices in Federal and State courts to protect private 
        information or otherwise maintain necessary information 
        security.
            (iv) To the extent that such rules provide for the 
        redaction of certain categories of information in order to 
        protect privacy and security concerns, such rules shall provide 
        that a party that wishes to file an otherwise proper document 
        containing such information may file an unredacted document 
        under seal, which shall be retained by the court as part of the 
        record, and which, at the discretion of the court and subject 
        to any applicable rules issued in accordance with chapter 131 
        of title 28, United States Code, shall be either in lieu of, or 
        in addition, to, a redacted copy in the public file.
            (B)(i) Subject to clause (ii), the Judicial Conference of 
        the United States may issue interim rules, and interpretive 
        statements relating to the application of such rules, which 
        conform to the requirements of this paragraph and which shall 
        cease to have effect upon the effective date of the rules 
        required under subparagraph (A).
            (ii) Pending issuance of the rules required under 
        subparagraph (A), any rule or order of any court, or of the 
        Judicial Conference, providing for the redaction of certain 
        categories of information in order to protect privacy and 
        security concerns arising from electronic filing shall comply 
        with, and be construed in conformity with, subparagraph 
        (A)(iv).
            (C) Not later than 1 year after the rules prescribed under 
        subparagraph (A) take effect, and every 2 years thereafter, the 
        Judicial Conference shall submit to Congress a report on the 
        adequacy of those rules to protect privacy and security.
    (d) Dockets With Links to Documents.--The Judicial Conference of 
the United States shall explore the feasibility of technology to post 
online dockets with links allowing all filings, decisions, and rulings 
in each case to be obtained from the docket sheet of that case.
    (e) Cost of Providing Electronic Docketing Information.--Section 
303(a) of the Judiciary Appropriations Act, 1992 (28 U.S.C. 1913 note) 
is amended in the first sentence by striking ``shall hereafter'' and 
inserting ``may, only to the extent necessary,''.
    (f) Time Requirements.--Not later than 2 years after the effective 
date of this title, the websites under subsection (a) shall be 
established, except that access to documents filed in electronic form 
shall be established not later than 4 years after that effective date.
    (g) Deferral.--
            (1) In general.--
                    (A) Election.--
                            (i) Notification.--The Chief Justice of the 
                        United States, a chief judge, or chief 
                        bankruptcy judge may submit a notification to 
                        the Administrative Office of the United States 
                        Courts to defer compliance with any requirement 
                        of this section with respect to the Supreme 
                        Court, a court of appeals, district, or the 
                        bankruptcy court of a district.
                            (ii) Contents.--A notification submitted 
                        under this subparagraph shall state--
                                    (I) the reasons for the deferral; 
                                and
                                    (II) the online methods, if any, or 
                                any alternative methods, such court or 
                                district is using to provide greater 
                                public access to information.
                    (B) Exception.--To the extent that the Supreme 
                Court, a court of appeals, district, or bankruptcy 
                court of a district maintains a website under 
                subsection (a), the Supreme Court or that court of 
                appeals or district shall comply with subsection 
                (b)(1).
            (2) Report.--Not later than 1 year after the effective date 
        of this title, and every year thereafter, the Judicial 
        Conference of the United States shall submit a report to the 
        Committees on Governmental Affairs and the Judiciary of the 
        Senate and the Committees on Government Reform and the 
        Judiciary of the House of Representatives that--
                    (A) contains all notifications submitted to the 
                Administrative Office of the United States Courts under 
                this subsection; and
                    (B) summarizes and evaluates all notifications.

SEC. 206. REGULATORY AGENCIES.

    (a) Purposes.--The purposes of this section are to--
            (1) improve performance in the development and issuance of 
        agency regulations by using information technology to increase 
        access, accountability, and transparency; and
            (2) enhance public participation in Government by 
        electronic means, consistent with requirements under subchapter 
        II of chapter 5 of title 5, United States Code, (commonly 
        referred to as the ``Administrative Procedures Act'').
    (b) Information Provided by Agencies Online.--To the extent 
practicable as determined by the agency in consultation with the 
Director, each agency (as defined under section 551 of title 5, United 
States Code) shall ensure that a publicly accessible Federal Government 
website includes all information about that agency required to be 
published in the Federal Register under paragraphs (1) and (2) of 
section 552(a) of title 5, United States Code.
    (c) Submissions by Electronic Means.--To the extent practicable, 
agencies shall accept submissions under section 553(c) of title 5, 
United States Code, by electronic means.
    (d) Electronic Docketing.--
            (1) In general.--To the extent practicable, as determined 
        by the agency in consultation with the Director, agencies shall 
        ensure that a publicly accessible Federal Government website 
        contains electronic dockets for rulemakings under section 553 
        of title 5, United States Code.
            (2) Information available.--Agency electronic dockets shall 
        make publicly available online to the extent practicable, as 
        determined by the agency in consultation with the Director--
                    (A) all submissions under section 553(c) of title 
                5, United States Code; and
                    (B) other materials that by agency rule or practice 
                are included in the rulemaking docket under section 
                553(c) of title 5, United States Code, whether or not 
                submitted electronically.
    (e) Time Limitation.--Agencies shall implement the requirements of 
this section consistent with a timetable established by the Director 
and reported to Congress in the first annual report under section 3606 
of title 44 (as added by this Act).

SEC. 207. ACCESSIBILITY, USABILITY, AND PRESERVATION OF GOVERNMENT 
              INFORMATION.

    (a) Purpose.--The purpose of this section is to improve the methods 
by which Government information, including information on the Internet, 
is organized, preserved, and made accessible to the public.
    (b) Definitions.--In this section, the term--
            (1) ``Committee'' means the Interagency Committee on 
        Government Information established under subsection (c); and
            (2) ``directory'' means a taxonomy of subjects linked to 
        websites that--
                    (A) organizes Government information on the 
                Internet according to subject matter; and
                    (B) may be created with the participation of human 
                editors.
    (c) Interagency Committee.--
            (1) Establishment.--Not later than 180 days after the date 
        of enactment of this title, the Director shall establish the 
        Interagency Committee on Government Information.
            (2) Membership.--The Committee shall be chaired by the 
        Director or the designee of the Director and--
                    (A) shall include representatives from--
                            (i) the National Archives and Records 
                        Administration;
                            (ii) the offices of the Chief Information 
                        Officers from Federal agencies; and
                            (iii) other relevant officers from the 
                        executive branch; and
                    (B) may include representatives from the Federal 
                legislative and judicial branches.
            (3) Functions.--The Committee shall--
                    (A) engage in public consultation to the maximum 
                extent feasible, including consultation with interested 
                communities such as public advocacy organizations;
                    (B) conduct studies and submit recommendations, as 
                provided under this section, to the Director and 
                Congress; and
                    (C) share effective practices for access to, 
                dissemination of, and retention of Federal information.
            (4) Termination.--The Committee may be terminated on a date 
        determined by the Director, except the Committee may not 
        terminate before the Committee submits all recommendations 
        required under this section.
    (d) Categorizing of Information.--
            (1) Committee functions.--Not later than 2 years after the 
        date of enactment of this Act, the Committee shall submit 
        recommendations to the Director on--
                    (A) the adoption of standards, which are open to 
                the maximum extent feasible, to enable the organization 
                and categorization of Government information--
                            (i) in a way that is searchable 
                        electronically, including by searchable 
                        identifiers; and
                            (iii) in ways that are interoperable across 
                        agencies;
                    (B) the definition of categories of Government 
                information which should be classified under the 
                standards; and
                    (C) determining priorities and developing schedules 
                for the initial implementation of the standards by 
                agencies.
            (2) Functions of the director.--Not later than 1 year after 
        the submission of recommendations under paragraph (1), the 
        Director shall issue policies--
                    (A) requiring that agencies use standards, which 
                are open to the maximum extent feasible, to enable the 
                organization and categorization of Government 
                information--
                            (i) in a way that is searchable 
                        electronically, including by searchable 
                        identifiers;
                            (ii) in ways that are interoperable across 
                        agencies; and
                            (iii) that are, as appropriate, consistent 
                        with the provisions under section 3602(f)(8) of 
                        title 44, United States Code;
                    (B) defining categories of Government information 
                which shall be required to be classified under the 
                standards; and
                    (C) determining priorities and developing schedules 
                for the initial implementation of the standards by 
                agencies.
            (3) Modification of policies.--After the submission of 
        agency reports under paragraph (4), the Director shall modify 
        the policies, as needed, in consultation with the Committee and 
        interested parties.
            (4) Agency functions.--Each agency shall report annually to 
        the Director, in the report established under section 202(g), 
        on compliance of that agency with the policies issued under 
        paragraph (2)(A).
    (e) Public Access to Electronic Information.--
            (1) Committee functions.--Not later than 2 years after the 
        date of enactment of this Act, the Committee shall submit 
        recommendations to the Director and the Archivist of the United 
        States on--
                    (A) the adoption by agencies of policies and 
                procedures to ensure that chapters 21, 25, 27, 29, and 
                31 of title 44, United States Code, are applied 
                effectively and comprehensively to Government 
                information on the Internet and to other electronic 
                records; and
                    (B) the imposition of timetables for the 
                implementation of the policies and procedures by 
                agencies.
            (2) Functions of the archivist.--Not later than 1 year 
        after the submission of recommendations by the Committee under 
        paragraph (1), the Archivist of the United States shall issue 
        policies--
                    (A) requiring the adoption by agencies of policies 
                and procedures to ensure that chapters 21, 25, 27, 29, 
                and 31 of title 44, United States Code, are applied 
                effectively and comprehensively to Government 
                information on the Internet and to other electronic 
                records; and
                    (B) imposing timetables for the implementation of 
                the policies, procedures, and technologies by agencies.
            (3) Modification of policies.--After the submission of 
        agency reports under paragraph (4), the Archivist of the United 
        States shall modify the policies, as needed, in consultation 
        with the Committee and interested parties.
            (4) Agency functions.--Each agency shall report annually to 
        the Director, in the report established under section 202(g), 
        on compliance of that agency with the policies issued under 
        paragraph (2)(A).
    (f) Agency Websites.--
            (1) Standards for agency websites.--Not later than 2 years 
        after the effective date of this title, the Director shall 
        promulgate guidance for agency websites that includes--
                    (A) requirements that websites include direct links 
                to--
                            (i) descriptions of the mission and 
                        statutory authority of the agency;
                            (ii) information made available to the 
                        public under subsections (a)(1) and (b) of 
                        section 552 of title 5, United States Code 
                        (commonly referred to as the ``Freedom of 
                        Information Act'');
                            (iii) information about the organizational 
                        structure of the agency; and
                            (iv) the strategic plan of the agency 
                        developed under section 306 of title 5, United 
                        States Code; and
                    (B) minimum agency goals to assist public users to 
                navigate agency websites, including--
                            (i) speed of retrieval of search results;
                            (ii) the relevance of the results;
                            (iii) tools to aggregate and disaggregate 
                        data; and
                            (iv) security protocols to protect 
                        information.
            (2) Agency requirements.--(A) Not later than 2 years after 
        the date of enactment of this Act, each agency shall--
                    (i) consult with the Committee and solicit public 
                comment;
                    (ii) establish a process for determining which 
                Government information the agency intends to make 
                available and accessible to the public on the Internet 
                and by other means;
                    (iii) develop priorities and schedules for making 
                Government information available and accessible;
                    (iv) make such final determinations, priorities, 
                and schedules available for public comment;
                    (v) post such final determinations, priorities, and 
                schedules on the Internet; and
                    (vi) submit such final determinations, priorities, 
                and schedules to the Director, in the report 
                established under section 202(g).
            (B) Each agency shall update determinations, priorities, 
        and schedules of the agency, as needed, after consulting with 
        the Committee and soliciting public comment, if appropriate.
            (3) Public domain directory of public federal government 
        websites.--
                    (A) Establishment.--Not later than 2 years after 
                the effective date of this title, the Director and each 
                agency shall--
                            (i) develop and establish a public domain 
                        directory of public Federal Government 
                        websites; and
                            (ii) post the directory on the Internet 
                        with a link to the integrated Internet-based 
                        system established under section 204.
                    (B) Development.--With the assistance of each 
                agency, the Director shall--
                            (i) direct the development of the directory 
                        through a collaborative effort, including input 
                        from--
                                    (I) agency librarians;
                                    (II) information technology 
                                managers;
                                    (III) program managers;
                                    (IV) records managers;
                                    (V) Federal depository librarians; 
                                and
                                    (VI) other interested parties; and
                            (ii) develop a public domain taxonomy of 
                        subjects used to review and categorize public 
                        Federal Government websites.
                    (C) Update.--With the assistance of each agency, 
                the Administrator of the Office of Electronic 
                Government shall--
                            (i) update the directory as necessary, but 
                        not less than every 6 months; and
                            (ii) solicit interested persons for 
                        improvements to the directory.
    (g) Access to Federally Funded Research and Development.--
            (1) Development and maintenance of governmentwide 
        repository and website.--
                    (A) Repository and website.--The Director of the 
                Office of Management and Budget (or the Director's 
                delegate), in consultation with the Director of the 
                Office of Science and Technology Policy and other 
                relevant agencies, shall ensure the development and 
                maintenance of--
                            (i) a repository that fully integrates, to 
                        the maximum extent feasible, information about 
                        research and development funded by the Federal 
                        Government, and the repository shall--
                                    (I) include information about 
                                research and development funded by the 
                                Federal Government, consistent with any 
                                relevant protections for the 
                                information under section 552 of title 
                                5, United States Code, and performed 
                                by--
                                            (aa) institutions not a 
                                        part of the Federal Government, 
                                        including State, local, and 
                                        foreign governments; industrial 
                                        firms; educational 
                                        institutions; not-for-profit 
                                        organizations; federally funded 
                                        research and development 
                                        centers; and private 
                                        individuals; and
                                            (bb) entities of the 
                                        Federal Government, including 
                                        research and development 
                                        laboratories, centers, and 
                                        offices; and
                            (II) integrate information about each 
                        separate research and development task or 
                        award, including--
                                            (aa) the dates upon which 
                                        the task or award is expected 
                                        to start and end;
                                            (bb) a brief summary 
                                        describing the objective and 
                                        the scientific and technical 
                                        focus of the task or award;
                                            (cc) the entity or 
                                        institution performing the task 
                                        or award and its contact 
                                        information;
                                            (dd) the total amount of 
                                        Federal funds expected to be 
                                        provided to the task or award 
                                        over its lifetime and the 
                                        amount of funds expected to be 
                                        provided in each fiscal year in 
                                        which the work of the task or 
                                        award is ongoing;
                                            (ee) any restrictions 
                                        attached to the task or award 
                                        that would prevent the sharing 
                                        with the general public of any 
                                        or all of the information 
                                        required by this subsection, 
                                        and the reasons for such 
                                        restrictions; and
                                            (ff) such other information 
                                        as may be determined to be 
                                        appropriate; and
                            (ii) 1 or more websites upon which all or 
                        part of the repository of Federal research and 
                        development shall be made available to and 
                        searchable by Federal agencies and non-Federal 
                        entities, including the general public, to 
                        facilitate--
                                    (I) the coordination of Federal 
                                research and development activities;
                                    (II) collaboration among those 
                                conducting Federal research and 
                                development;
                                    (III) the transfer of technology 
                                among Federal agencies and between 
                                Federal agencies and non-Federal 
                                entities; and
                                    (IV) access by policymakers and the 
                                public to information concerning 
                                Federal research and development 
                                activities.
                    (B) Oversight.--The Director of the Office of 
                Management and Budget shall issue any guidance 
                determined necessary to ensure that agencies provide 
                all information requested under this subsection.
            (2) Agency functions.--Any agency that funds Federal 
        research and development under this subsection shall provide 
        the information required to populate the repository in the 
        manner prescribed by the Director of the Office of Management 
        and Budget.
            (3) Committee functions.--Not later than 18 months after 
        the date of enactment of this Act, working with the Director of 
        the Office of Science and Technology Policy, and after 
        consultation with interested parties, the Committee shall 
        submit recommendations to the Director on--
                    (A) policies to improve agency reporting of 
                information for the repository established under this 
                subsection; and
                    (B) policies to improve dissemination of the 
                results of research performed by Federal agencies and 
                federally funded research and development centers.
            (4) Functions of the director.--After submission of 
        recommendations by the Committee under paragraph (3), the 
        Director shall report on the recommendations of the Committee 
        and Director to Congress, in the E-Government report under 
        section 3606 of title 44 (as added by this Act).
            (5) Authorization of appropriations.--There are authorized 
        to be appropriated for the development, maintenance, and 
        operation of the Governmentwide repository and website under 
        this subsection--
                    (A) $2,000,000 in each of the fiscal years 2003 
                through 2005; and
                    (B) such sums as are necessary in each of the 
                fiscal years 2006 and 2007.

SEC. 208. PRIVACY PROVISIONS.

    (a) Purpose.--The purpose of this section is to ensure sufficient 
protections for the privacy of personal information as agencies 
implement citizen-centered electronic Government.
    (b) Privacy Impact Assessments.--
            (1) Responsibilities of agencies.--
                    (A) In general.--An agency shall take actions 
                described under subparagraph (B) before--
                            (i) developing or procuring information 
                        technology that collects, maintains, or 
                        disseminates information that is in an 
                        identifiable form; or
                            (ii) initiating a new collection of 
                        information that--
                                    (I) will be collected, maintained, 
                                or disseminated using information 
                                technology; and
                                    (II) includes any information in an 
                                identifiable form permitting the 
                                physical or online contacting of a 
                                specific individual, if identical 
                                questions have been posed to, or 
                                identical reporting requirements 
                                imposed on, 10 or more persons, other 
                                than agencies, instrumentalities, or 
                                employees of the Federal Government.
                    (B) Agency activities.--To the extent required 
                under subparagraph (A), each agency shall--
                            (i) conduct a privacy impact assessment;
                            (ii) ensure the review of the privacy 
                        impact assessment by the Chief Information 
                        Officer, or equivalent official, as determined 
                        by the head of the agency; and
                            (iii) if practicable, after completion of 
                        the review under clause (ii), make the privacy 
                        impact assessment publicly available through 
                        the website of the agency, publication in the 
                        Federal Register, or other means.
                    (C) Sensitive information.--Subparagraph (B)(iii) 
                may be modified or waived for security reasons, or to 
                protect classified, sensitive, or private information 
                contained in an assessment.
                    (D) Copy to director.--Agencies shall provide the 
                Director with a copy of the privacy impact assessment 
                for each system for which funding is requested.
            (2) Contents of a privacy impact assessment.--
                    (A) In general.--The Director shall issue guidance 
                to agencies specifying the required contents of a 
                privacy impact assessment.
                    (B) Guidance.--The guidance shall--
                            (i) ensure that a privacy impact assessment 
                        is commensurate with the size of the 
                        information system being assessed, the 
                        sensitivity of information that is in an 
                        identifiable form in that system, and the risk 
                        of harm from unauthorized release of that 
                        information; and
                            (ii) require that a privacy impact 
                        assessment address--
                                    (I) what information is to be 
                                collected;
                                    (II) why the information is being 
                                collected;
                                    (III) the intended use of the 
                                agency of the information;
                                    (IV) with whom the information will 
                                be shared;
                                    (V) what notice or opportunities 
                                for consent would be provided to 
                                individuals regarding what information 
                                is collected and how that information 
                                is shared;
                                    (VI) how the information will be 
                                secured; and
                                    (VII) whether a system of records 
                                is being created under section 552a of 
                                title 5, United States Code, (commonly 
                                referred to as the ``Privacy Act'').
            (3) Responsibilities of the director.--The Director shall--
                    (A) develop policies and guidelines for agencies on 
                the conduct of privacy impact assessments;
                    (B) oversee the implementation of the privacy 
                impact assessment process throughout the Government; 
                and
                    (C) require agencies to conduct privacy impact 
                assessments of existing information systems or ongoing 
                collections of information that is in an identifiable 
                form as the Director determines appropriate.
    (c) Privacy Protections on Agency Websites.--
            (1) Privacy policies on websites.--
                    (A) Guidelines for notices.--The Director shall 
                develop guidance for privacy notices on agency websites 
                used by the public.
                    (B) Contents.--The guidance shall require that a 
                privacy notice address, consistent with section 552a of 
                title 5, United States Code--
                            (i) what information is to be collected;
                            (ii) why the information is being 
                        collected;
                            (iii) the intended use of the agency of the 
                        information;
                            (iv) with whom the information will be 
                        shared;
                            (v) what notice or opportunities for 
                        consent would be provided to individuals 
                        regarding what information is collected and how 
                        that information is shared;
                            (vi) how the information will be secured; 
                        and
                            (vii) the rights of the individual under 
                        section 552a of title 5, United States Code 
                        (commonly referred to as the ``Privacy Act''), 
                        and other laws relevant to the protection of 
                        the privacy of an individual.
            (2) Privacy policies in machine-readable formats.--The 
        Director shall issue guidance requiring agencies to translate 
        privacy policies into a standardized machine-readable format.
    (d) Definition.--In this section, the term ``identifiable form'' 
means any representation of information that permits the identity of an 
individual to whom the information applies to be reasonably inferred by 
either direct or indirect means.

SEC. 209. FEDERAL INFORMATION TECHNOLOGY WORKFORCE DEVELOPMENT.

    (a) Purpose.--The purpose of this section is to improve the skills 
of the Federal workforce in using information technology to deliver 
Government information and services.
    (b) Workforce Development.--
            (1) In general.--In consultation with the Director of the 
        Office of Management and Budget, the Chief Information Officers 
        Council, and the Administrator of General Services, the 
        Director of the Office of Personnel Management shall--
                    (A) analyze, on an ongoing basis, the personnel 
                needs of the Federal Government related to information 
                technology and information resource management;
                    (B) identify where current information technology 
                and information resource management training do not 
                satisfy the personnel needs described in subparagraph 
                (A);
                    (C) oversee the development of curricula, training 
                methods, and training priorities that correspond to the 
                projected personnel needs of the Federal Government 
                related to information technology and information 
                resource management; and
                    (D) assess the training of Federal employees in 
                information technology disciplines in order to ensure 
                that the information resource management needs of the 
                Federal Government are addressed.
            (2) Information technology training programs.--The head of 
        each Executive agency, after consultation with the Director of 
        the Office of Personnel Management, the Chief Information 
        Officers Council, and the Administrator of General Services, 
        shall establish and operate information technology training 
        programs consistent with the requirements of this subsection. 
        Such programs shall--
                    (A) have curricula covering a broad range of 
                information technology disciplines corresponding to the 
                specific information technology and information 
                resource management needs of the agency involved;
                    (B) be developed and applied according to rigorous 
                standards; and
                    (C) be designed to maximize efficiency, through the 
                use of self-paced courses, online courses, on-the-job 
                training, and the use of remote instructors, wherever 
                such features can be applied without reducing the 
                effectiveness of the training or negatively impacting 
                academic standards.
            (3) Governmentwide policies and evaluation.--The Director 
        of the Office of Personnel Management, in coordination with the 
        Director of the Office of Management and Budget, shall issue 
        policies to promote the development of performance standards 
        for training and uniform implementation of this subsection by 
        Executive agencies, with due regard for differences in program 
        requirements among agencies that may be appropriate and 
        warranted in view of the agency mission. The Director of the 
        Office of Personnel Management shall evaluate the 
        implementation of the provisions of this subsection by 
        Executive agencies.
            (4) Chief information officer authorities and 
        responsibilities.--Subject to the authority, direction, and 
        control of the head of an Executive agency, the chief 
        information officer of such agency shall carry out all powers, 
        functions, and duties of the head of the agency with respect to 
        implementation of this subsection. The chief information 
        officer shall ensure that the policies of the agency head 
        established in accordance with this subsection are implemented 
        throughout the agency.
            (5) Information technology training reporting.--The 
        Director of the Office of Management and Budget shall ensure 
        that the heads of Executive agencies collect and maintain 
        standardized information on the information technology and 
        information resources management workforce related to the 
        implementation of this subsection.
            (6) Authority to detail employees to non-Federal 
        employers.--In carrying out the preceding provisions of this 
        subsection, the Director of the Office of Personnel Management 
        may provide for a program under which a Federal employee may be 
        detailed to a non-Federal employer. The Director of the Office 
        of Personnel Management shall prescribe regulations for such 
        program, including the conditions for service and duties as the 
        Director considers necessary.
            (7) Coordination provision.--An assignment described in 
        section 3703 of title 5, United States Code, may not be made 
        unless a program under paragraph (6) is established, and the 
        assignment is made in accordance with the requirements of such 
        program.
            (8) Employee participation.--Subject to information 
        resource management needs and the limitations imposed by 
        resource needs in other occupational areas, and consistent with 
        their overall workforce development strategies, agencies shall 
        encourage employees to participate in occupational information 
        technology training.
            (9) Authorization of Appropriations.--There are authorized 
        to be appropriated to the Office of Personnel Management for 
        the implementation of this subsection, $15,000,000 in fiscal 
        year 2003, and such sums as are necessary for each fiscal year 
        thereafter.
            (10) Executive agency defined.--For purposes of this 
        subsection, the term ``Executive agency'' has the meaning given 
        the term ``agency'' under section 3701 of title 5, United 
        States Code (as added by subsection (c)).
    (c) Information Technology Exchange Program.--
            (1) In general.--Subpart B of part III of title 5, United 
        States Code, is amended by adding at the end the following:

         ``CHAPTER 37--INFORMATION TECHNOLOGY EXCHANGE PROGRAM

``Sec.
``3701. Definitions.
``3702. General provisions.
``3703. Assignment of employees to private sector organizations.
``3704. Assignment of employees from private sector organizations.
``3705. Application to Office of the Chief Technology Officer of the 
                            District of Columbia.
``3706. Reporting requirement.
``3707. Regulations.
``Sec. 3701. Definitions
    ``For purposes of this chapter--
            ``(1) the term `agency' means an Executive agency, but does 
        not include the General Accounting Office; and
            ``(2) the term `detail' means--
                    ``(A) the assignment or loan of an employee of an 
                agency to a private sector organization without a 
                change of position from the agency that employs the 
                individual, or
                    ``(B) the assignment or loan of an employee of a 
                private sector organization to an agency without a 
                change of position from the private sector organization 
                that employs the individual,
        whichever is appropriate in the context in which such term is 
        used.
``Sec. 3702. General provisions
    ``(a) Assignment Authority.--On request from or with the agreement 
of a private sector organization, and with the consent of the employee 
concerned, the head of an agency may arrange for the assignment of an 
employee of the agency to a private sector organization or an employee 
of a private sector organization to the agency. An eligible employee is 
an individual who--
            ``(1) works in the field of information technology 
        management;
            ``(2) is considered an exceptional performer by the 
        individual's current employer; and
            ``(3) is expected to assume increased information 
        technology management responsibilities in the future.
An employee of an agency shall be eligible to participate in this 
program only if the employee is employed at the GS-11 level or above 
(or equivalent) and is serving under a career or career-conditional 
appointment or an appointment of equivalent tenure in the excepted 
service, and applicable requirements of section 209(b) of the E-
Government Act of 2002 are met with respect to the proposed assignment 
of such employee.
    ``(b) Agreements.--Each agency that exercises its authority under 
this chapter shall provide for a written agreement between the agency 
and the employee concerned regarding the terms and conditions of the 
employee's assignment. In the case of an employee of the agency, the 
agreement shall--
            ``(1) require the employee to serve in the civil service, 
        upon completion of the assignment, for a period equal to the 
        length of the assignment; and
            ``(2) provide that, in the event the employee fails to 
        carry out the agreement (except for good and sufficient reason, 
        as determined by the head of the agency from which assigned) 
        the employee shall be liable to the United States for payment 
        of all expenses of the assignment.
An amount under paragraph (2) shall be treated as a debt due the United 
States.
    ``(c) Termination.--Assignments may be terminated by the agency or 
private sector organization concerned for any reason at any time.
    ``(d) Duration.--Assignments under this chapter shall be for a 
period of between 3 months and 1 year, and may be extended in 3-month 
increments for a total of not more than 1 additional year, except that 
no assignment under this chapter may commence after the end of the 5-
year period beginning on the date of the enactment of this chapter.
    ``(e) Assistance.--The Chief Information Officers Council, by 
agreement with the Office of Personnel Management, may assist in the 
administration of this chapter, including by maintaining lists of 
potential candidates for assignment under this chapter, establishing 
mentoring relationships for the benefit of individuals who are given 
assignments under this chapter, and publicizing the program.
    ``(f) Considerations.--In exercising any authority under this 
chapter, an agency shall take into consideration--
            ``(1) the need to ensure that small business concerns are 
        appropriately represented with respect to the assignments 
        described in sections 3703 and 3704, respectively; and
            ``(2) how assignments described in section 3703 might best 
        be used to help meet the needs of the agency for the training 
        of employees in information technology management.
``Sec. 3703. Assignment of employees to private sector organizations
    ``(a) In General.--An employee of an agency assigned to a private 
sector organization under this chapter is deemed, during the period of 
the assignment, to be on detail to a regular work assignment in his 
agency.
    ``(b) Coordination With Chapter 81.--Notwithstanding any other 
provision of law, an employee of an agency assigned to a private sector 
organization under this chapter is entitled to retain coverage, rights, 
and benefits under subchapter I of chapter 81, and employment during 
the assignment is deemed employment by the United States, except that, 
if the employee or the employee's dependents receive from the private 
sector organization any payment under an insurance policy for which the 
premium is wholly paid by the private sector organization, or other 
benefit of any kind on account of the same injury or death, then, the 
amount of such payment or benefit shall be credited against any 
compensation otherwise payable under subchapter I of chapter 81.
    ``(c) Reimbursements.--The assignment of an employee to a private 
sector organization under this chapter may be made with or without 
reimbursement by the private sector organization for the travel and 
transportation expenses to or from the place of assignment, subject to 
the same terms and conditions as apply with respect to an employee of a 
Federal agency or a State or local government under section 3375, and 
for the pay, or a part thereof, of the employee during assignment. Any 
reimbursements shall be credited to the appropriation of the agency 
used for paying the travel and transportation expenses or pay.
    ``(d) Tort Liability; Supervision.--The Federal Tort Claims Act and 
any other Federal tort liability statute apply to an employee of an 
agency assigned to a private sector organization under this chapter. 
The supervision of the duties of an employee of an agency so assigned 
to a private sector organization may be governed by an agreement 
between the agency and the organization.
    ``(e) Small Business Concerns.--
            ``(1) In general.--The head of each agency shall take such 
        actions as may be necessary to ensure that, of the assignments 
        made under this chapter from such agency to private sector 
        organizations in each year, at least 20 percent are to small 
        business concerns.
            ``(2) Definitions.--For purposes of this subsection--
                    ``(A) the term `small business concern' means a 
                business concern that satisfies the definitions and 
                standards specified by the Administrator of the Small 
                Business Administration under section 3(a)(2) of the 
                Small Business Act (as from time to time amended by the 
                Administrator);
                    ``(B) the term `year' refers to the 12-month period 
                beginning on the date of the enactment of this chapter, 
                and each succeeding 12-month period in which any 
                assignments under this chapter may be made; and
                    ``(C) the assignments `made' in a year are those 
                commencing in such year.
            ``(3) Reporting requirement.--An agency which fails to 
        comply with paragraph (1) in a year shall, within 90 days after 
        the end of such year, submit a report to the Committees on 
        Government Reform and Small Business of the House of 
        Representatives and the Committees on Governmental Affairs and 
        Small Business of the Senate. The report shall include--
                    ``(A) the total number of assignments made under 
                this chapter from such agency to private sector 
                organizations in the year;
                    ``(B) of that total number, the number (and 
                percentage) made to small business concerns; and
                    ``(C) the reasons for the agency's noncompliance 
                with paragraph (1).
            ``(4) Exclusion.--This subsection shall not apply to an 
        agency in any year in which it makes fewer than 5 assignments 
        under this chapter to private sector organizations.
``Sec. 3704. Assignment of employees from private sector organizations
    ``(a) In General.--An employee of a private sector organization 
assigned to an agency under this chapter is deemed, during the period 
of the assignment, to be on detail to such agency.
    ``(b) Terms and Conditions.--An employee of a private sector 
organization assigned to an agency under this chapter--
            ``(1) may continue to receive pay and benefits from the 
        private sector organization from which he is assigned;
            ``(2) is deemed, notwithstanding subsection (a), to be an 
        employee of the agency for the purposes of--
                    ``(A) chapter 73;
                    ``(B) sections 201, 203, 205, 207, 208, 209, 603, 
                606, 607, 643, 654, 1905, and 1913 of title 18;
                    ``(C) sections 1343, 1344, and 1349(b) of title 31;
                    ``(D) the Federal Tort Claims Act and any other 
                Federal tort liability statute;
                    ``(E) the Ethics in Government Act of 1978;
                    ``(F) section 1043 of the Internal Revenue Code of 
                1986; and
                    ``(G) section 27 of the Office of Federal 
                Procurement Policy Act;
            ``(3) may not have access to any trade secrets or to any 
        other nonpublic information which is of commercial value to the 
        private sector organization from which he is assigned; and
            ``(4) is subject to such regulations as the President may 
        prescribe.
The supervision of an employee of a private sector organization 
assigned to an agency under this chapter may be governed by agreement 
between the agency and the private sector organization concerned. Such 
an assignment may be made with or without reimbursement by the agency 
for the pay, or a part thereof, of the employee during the period of 
assignment, or for any contribution of the private sector organization 
to employee benefit systems.
    ``(c) Coordination With Chapter 81.--An employee of a private 
sector organization assigned to an agency under this chapter who 
suffers disability or dies as a result of personal injury sustained 
while performing duties during the assignment shall be treated, for the 
purpose of subchapter I of chapter 81, as an employee as defined by 
section 8101 who had sustained the injury in the performance of duty, 
except that, if the employee or the employee's dependents receive from 
the private sector organization any payment under an insurance policy 
for which the premium is wholly paid by the private sector 
organization, or other benefit of any kind on account of the same 
injury or death, then, the amount of such payment or benefit shall be 
credited against any compensation otherwise payable under subchapter I 
of chapter 81.
    ``(d) Prohibition Against Charging Certain Costs to the Federal 
Government.--A private sector organization may not charge the Federal 
Government, as direct or indirect costs under a Federal contract, the 
costs of pay or benefits paid by the organization to an employee 
assigned to an agency under this chapter for the period of the 
assignment.
``Sec. 3705. Application to Office of the Chief Technology Officer of 
              the District of Columbia
    ``(a) In General.--The Chief Technology Officer of the District of 
Columbia may arrange for the assignment of an employee of the Office of 
the Chief Technology Officer to a private sector organization, or an 
employee of a private sector organization to such Office, in the same 
manner as the head of an agency under this chapter.
    ``(b) Terms and Conditions.--An assignment made pursuant to 
subsection (a) shall be subject to the same terms and conditions as an 
assignment made by the head of an agency under this chapter, except 
that in applying such terms and conditions to an assignment made 
pursuant to subsection (a), any reference in this chapter to a 
provision of law or regulation of the United States shall be deemed to 
be a reference to the applicable provision of law or regulation of the 
District of Columbia, including the applicable provisions of the 
District of Columbia Government Comprehensive Merit Personnel Act of 
1978 (sec. 1-601.01 et seq., D.C. Official Code) and section 601 of the 
District of Columbia Campaign Finance Reform and Conflict of Interest 
Act (sec. 1-1106.01, D.C. Official Code).
    ``(c) Definition.--For purposes of this section, the term `Office 
of the Chief Technology Officer' means the office established in the 
executive branch of the government of the District of Columbia under 
the Office of the Chief Technology Officer Establishment Act of 1998 
(sec. 1-1401 et seq., D.C. Official Code).
``Sec. 3706. Reporting requirement
    ``(a) In General.--The Office of Personnel Management shall, not 
later than April 30 and October 31 of each year, prepare and submit to 
the Committee on Government Reform of the House of Representatives and 
the Committee on Governmental Affairs of the Senate a semiannual report 
summarizing the operation of this chapter during the immediately 
preceding 6-month period ending on March 31 and September 30, 
respectively.
    ``(b) Content.--Each report shall include, with respect to the 6-
month period to which such report relates--
            ``(1) the total number of individuals assigned to, and the 
        total number of individuals assigned from, each agency during 
        such period;
            ``(2) a brief description of each assignment included under 
        paragraph (1), including--
                    ``(A) the name of the assigned individual, as well 
                as the private sector organization and the agency 
                (including the specific bureau or other agency 
                component) to or from which such individual was 
                assigned;
                    ``(B) the respective positions to and from which 
                the individual was assigned, including the duties and 
                responsibilities and the pay grade or level associated 
                with each; and
                    ``(C) the duration and objectives of the 
                individual's assignment; and
            ``(3) such other information as the Office considers 
        appropriate.
    ``(c) Publication.--A copy of each report submitted under 
subsection (a)--
            ``(1) shall be published in the Federal Register; and
            ``(2) shall be made publicly available on the Internet.
    ``(d) Agency Cooperation.--On request of the Office, agencies shall 
furnish such information and reports as the Office may require in order 
to carry out this section.
``Sec. 3707. Regulations
    ``The Director of the Office of Personnel Management shall 
prescribe regulations for the administration of this chapter.''.
            (2) Report.--Not later than 4 years after the date of the 
        enactment of this Act, the General Accounting Office shall 
        prepare and submit to the Committee on Government Reform of the 
        House of Representatives and the Committee on Governmental 
        Affairs of the Senate a report on the operation of chapter 37 
        of title 5, United States Code (as added by this subsection). 
        Such report shall include--
                    (A) an evaluation of the effectiveness of the 
                program established by such chapter; and
                    (B) a recommendation as to whether such program 
                should be continued (with or without modification) or 
                allowed to lapse.
            (3) Clerical Amendment.--The analysis for part III of title 
        5, United States Code, is amended by inserting after the item 
        relating to chapter 35 the following:

``37. Information Technology Exchange Program...............    3701''.
    (d) Ethics Provisions.--
            (1) One-year restriction on certain communications.--
        Section 207(c)(2)(A) of title 18, United States Code, is 
        amended--
                    (A) by striking ``or'' at the end of clause (iii);
                    (B) by striking the period at the end of clause 
                (iv) and inserting ``; or''; and
                    (C) by adding at the end the following:
                    ``(v) assigned from a private sector organization 
                to an agency under chapter 37 of title 5.''.
            (2) Disclosure of confidential information.--Section 1905 
        of title 18, United States Code, is amended by inserting ``or 
        being an employee of a private sector organization who is or 
        was assigned to an agency under chapter 37 of title 5,'' after 
        ``(15 U.S.C. 1311-1314),''.
            (3) Contract advice.--Section 207 of title 18, United 
        States Code, is amended by adding at the end the following:
    ``(l) Contract Advice by Former Details.--Whoever, being an 
employee of a private sector organization assigned to an agency under 
chapter 37 of title 5, within one year after the end of that 
assignment, knowingly represents or aids, counsels, or assists in 
representing any other person (except the United States) in connection 
with any contract with that agency shall be punished as provided in 
section 216 of this title.''.
            (4) Restriction on disclosure of procurement information.--
        Section 27 of the Office of Federal Procurement Policy Act (41 
        U.S.C. 423) is amended in subsection (a)(1) by adding at the 
        end the following new sentence: ``In the case of an employee of 
        a private sector organization assigned to an agency under 
        chapter 37 of title 5, United States Code, in addition to the 
        restriction in the preceding sentence, such employee shall not, 
        other than as provided by law, knowingly disclose contractor 
        bid or proposal information or source selection information 
        during the three-year period after the end of the assignment of 
        such employee.''.
    (e) Report on Existing Exchange Programs.--
            (1) Exchange program defined.--For purposes of this 
        subsection, the term ``exchange program'' means an executive 
        exchange program, the program under subchapter VI of chapter 33 
        of title 5, United States Code, and any other program which 
        allows for--
                    (A) the assignment of employees of the Federal 
                Government to non-Federal employers;
                    (B) the assignment of employees of non-Federal 
                employers to the Federal Government; or
                    (C) both.
            (2) Reporting requirement.--Not later than 1 year after the 
        date of the enactment of this Act, the Office of Personnel 
        Management shall prepare and submit to the Committee on 
        Government Reform of the House of Representatives and the 
        Committee on Governmental Affairs of the Senate a report 
        identifying all existing exchange programs.
            (3) Specific information.--The report shall, for each such 
        program, include--
                    (A) a brief description of the program, including 
                its size, eligibility requirements, and terms or 
                conditions for participation;
                    (B) specific citation to the law or other authority 
                under which the program is established;
                    (C) the names of persons to contact for more 
                information, and how they may be reached; and
                    (D) any other information which the Office 
                considers appropriate.
    (f) Report on the Establishment of a Governmentwide Information 
Technology Training Program.--
            (1) In general.--Not later January 1, 2003, the Office of 
        Personnel Management, in consultation with the Chief 
        Information Officers Council and the Administrator of General 
        Services, shall review and submit to the Committee on 
        Government Reform of the House of Representatives and the 
        Committee on Governmental Affairs of the Senate a written 
        report on the following:
                    (A) The adequacy of any existing information 
                technology training programs available to Federal 
                employees on a Governmentwide basis.
                    (B)(i) If one or more such programs already exist, 
                recommendations as to how they might be improved.
                    (ii) If no such program yet exists, recommendations 
                as to how such a program might be designed and 
                established.
                    (C) With respect to any recommendations under 
                subparagraph (B), how the program under chapter 37 of 
                title 5, United States Code, might be used to help 
                carry them out.
            (2) Cost estimate.--The report shall, for any recommended 
        program (or improvements) under paragraph (1)(B), include the 
        estimated costs associated with the implementation and 
        operation of such program as so established (or estimated 
        difference in costs of any such program as so improved).
    (g) Technical and Conforming Amendments.--
            (1) Amendments to title 5, united states code.--Title 5, 
        United States Code, is amended--
                    (A) in section 3111, by adding at the end the 
                following:
    ``(d) Notwithstanding section 1342 of title 31, the head of an 
agency may accept voluntary service for the United States under chapter 
37 of this title and regulations of the Office of Personnel 
Management.'';
                    (B) in section 4108, by striking subsection (d); 
                and
                    (C) in section 7353(b), by adding at the end the 
                following:
    ``(4) Nothing in this section precludes an employee of a private 
sector organization, while assigned to an agency under chapter 37, from 
continuing to receive pay and benefits from such organization in 
accordance with such chapter.''.
            (2) Amendment to title 18, united states code.--Section 209 
        of title 18, United States Code, is amended by adding at the 
        end the following:
    ``(g)(1) This section does not prohibit an employee of a private 
sector organization, while assigned to an agency under chapter 37 of 
title 5, from continuing to receive pay and benefits from such 
organization in accordance with such chapter.
    ``(2) For purposes of this subsection, the term `agency' means an 
agency (as defined by section 3701 of title 5) and the Office of the 
Chief Technology Officer of the District of Columbia.''.
            (3) Other amendments.--Section 125(c)(1) of Public Law 100-
        238 (5 U.S.C. 8432 note) is amended--
                    (A) in subparagraph (B), by striking ``or'' at the 
                end;
                    (B) in subparagraph (C), by striking ``and'' at the 
                end and inserting ``or''; and
                    (C) by adding at the end the following:
                    ``(D) an individual assigned from a Federal agency 
                to a private sector organization under chapter 37 of 
                title 5, United States Code; and''.

SEC. 210. SHARE-IN-SAVINGS INITIATIVES.

    (a) Defense Contracts.--(1) Chapter 137 of title 10, United States 
Code, is amended by adding at the end the following new section:
``Sec. 2332. Share-in-savings contracts
    ``(a) Authority To Enter Into Share-in-Savings Contracts.--(1) The 
head of an agency may enter into a share-in-savings contract for 
information technology (as defined in section 11101(6) of title 40) in 
which the Government awards a contract to improve mission-related or 
administrative processes or to accelerate the achievement of its 
mission and share with the contractor in savings achieved through 
contract performance.
    ``(2)(A) Except as provided in subparagraph (B), a share-in-savings 
contract shall be awarded for a period of not more than five years.
    ``(B) A share-in-savings contract may be awarded for a period 
greater than five years, but not more than 10 years, if the head of the 
agency determines in writing prior to award of the contract that--
            ``(i) the level of risk to be assumed and the investment to 
        be undertaken by the contractor is likely to inhibit the 
        government from obtaining the needed information technology 
        competitively at a fair and reasonable price if the contract is 
        limited in duration to a period of five years or less; and
            ``(ii) usage of the information technology to be acquired 
        is likely to continue for a period of time sufficient to 
        generate reasonable benefit for the government.
    ``(3) Contracts awarded pursuant to the authority of this section 
shall, to the maximum extent practicable, be performance-based 
contracts that identify objective outcomes and contain performance 
standards that will be used to measure achievement and milestones that 
must be met before payment is made.
    ``(4) Contracts awarded pursuant to the authority of this section 
shall include a provision containing a quantifiable baseline that is to 
be the basis upon which a savings share ratio is established that 
governs the amount of payment a contractor is to receive under the 
contract. Before commencement of performance of such a contract, the 
senior procurement executive of the agency shall determine in writing 
that the terms of the provision are quantifiable and will likely yield 
value to the Government.
    ``(5)(A) The head of the agency may retain savings realized through 
the use of a share-in-savings contract under this section that are in 
excess of the total amount of savings paid to the contractor under the 
contract, but may not retain any portion of such savings that is 
attributable to a decrease in the number of civilian employees of the 
Federal Government performing the function. Except as provided in 
subparagraph (B), savings shall be credited to the appropriation or 
fund against which charges were made to carry out the contract and 
shall be used for information technology.
    ``(B) Amounts retained by the agency under this subsection shall--
            ``(i) without further appropriation, remain available until 
        expended; and
            ``(ii) be applied first to fund any contingent liabilities 
        associated with share-in-savings procurements that are not 
        fully funded.
    ``(b) Cancellation and Termination.--(1) If funds are not made 
available for the continuation of a share-in-savings contract entered 
into under this section in a subsequent fiscal year, the contract shall 
be canceled or terminated. The costs of cancellation or termination may 
be paid out of--
            ``(A) appropriations available for the performance of the 
        contract;
            ``(B) appropriations available for acquisition of the 
        information technology procured under the contract, and not 
        otherwise obligated; or
            ``(C) funds subsequently appropriated for payments of costs 
        of cancellation or termination, subject to the limitations in 
        paragraph (3).
    ``(2) The amount payable in the event of cancellation or 
termination of a share-in-savings contract shall be negotiated with the 
contractor at the time the contract is entered into.
    ``(3)(A) Subject to subparagraph (B), the head of an agency may 
enter into share-in-savings contracts under this section in any given 
fiscal year even if funds are not made specifically available for the 
full costs of cancellation or termination of the contract if funds are 
available and sufficient to make payments with respect to the first 
fiscal year of the contract and the following conditions are met 
regarding the funding of cancellation and termination liability:
            ``(i) The amount of unfunded contingent liability for the 
        contract does not exceed the lesser of--
                    ``(I) 25 percent of the estimated costs of a 
                cancellation or termination; or
                    ``(II) $5,000,000.
            ``(ii) Unfunded contingent liability in excess of 
        $1,000,000 has been approved by the Director of the Office of 
        Management and Budget or the Director's designee.
    ``(B) The aggregate number of share-in-savings contracts that may 
be entered into under subparagraph (A) by all agencies to which this 
chapter applies in a fiscal year may not exceed 5 in each of fiscal 
years 2003, 2004, and 2005.
    ``(c) Definitions.--In this section:
            ``(1) The term `contractor' means a private entity that 
        enters into a contract with an agency.
            ``(2) The term `savings' means--
                    ``(A) monetary savings to an agency; or
                    ``(B) savings in time or other benefits realized by 
                the agency, including enhanced revenues (other than 
                enhanced revenues from the collection of fees, taxes, 
                debts, claims, or other amounts owed the Federal 
                Government).
            ``(3) The term `share-in-savings contract' means a contract 
        under which--
                    ``(A) a contractor provides solutions for--
                            ``(i) improving the agency's mission-
                        related or administrative processes; or
                            ``(ii) accelerating the achievement of 
                        agency missions; and
                    ``(B) the head of the agency pays the contractor an 
                amount equal to a portion of the savings derived by the 
                agency from--
                            ``(i) any improvements in mission-related 
                        or administrative processes that result from 
                        implementation of the solution; or
                            ``(ii) acceleration of achievement of 
                        agency missions.
    ``(d) Termination.--No share-in-savings contracts may be entered 
into under this section after September 30, 2005.''.
    (2) The table of sections at the beginning of such chapter is 
amended by adding at the end of the following new item:

``2332. Share-in-savings contracts.''.
    (b) Other Contracts.--Title III of the Federal Property and 
Administrative Services Act of 1949 is amended by adding at the end the 
following:

``SEC. 317. SHARE-IN-SAVINGS CONTRACTS.

    ``(a) Authority To Enter Into Share-in-Savings Contracts.--(1) The 
head of an executive agency may enter into a share-in-savings contract 
for information technology (as defined in section 11101(6) of title 40, 
United States Code) in which the Government awards a contract to 
improve mission-related or administrative processes or to accelerate 
the achievement of its mission and share with the contractor in savings 
achieved through contract performance.
    ``(2)(A) Except as provided in subparagraph (B), a share-in-savings 
contract shall be awarded for a period of not more than five years.
    ``(B) A share-in-savings contract may be awarded for a period 
greater than five years, but not more than 10 years, if the head of the 
agency determines in writing prior to award of the contract that--
            ``(i) the level of risk to be assumed and the investment to 
        be undertaken by the contractor is likely to inhibit the 
        government from obtaining the needed information technology 
        competitively at a fair and reasonable price if the contract is 
        limited in duration to a period of five years or less; and
            ``(ii) usage of the information technology to be acquired 
        is likely to continue for a period of time sufficient to 
        generate reasonable benefit for the government.
    ``(3) Contracts awarded pursuant to the authority of this section 
shall, to the maximum extent practicable, be performance-based 
contracts that identify objective outcomes and contain performance 
standards that will be used to measure achievement and milestones that 
must be met before payment is made.
    ``(4) Contracts awarded pursuant to the authority of this section 
shall include a provision containing a quantifiable baseline that is to 
be the basis upon which a savings share ratio is established that 
governs the amount of payment a contractor is to receive under the 
contract. Before commencement of performance of such a contract, the 
senior procurement executive of the agency shall determine in writing 
that the terms of the provision are quantifiable and will likely yield 
value to the Government.
    ``(5)(A) The head of the agency may retain savings realized through 
the use of a share-in-savings contract under this section that are in 
excess of the total amount of savings paid to the contractor under the 
contract, but may not retain any portion of such savings that is 
attributable to a decrease in the number of civilian employees of the 
Federal Government performing the function. Except as provided in 
subparagraph (B), savings shall be credited to the appropriation or 
fund against which charges were made to carry out the contract and 
shall be used for information technology.
    ``(B) Amounts retained by the agency under this subsection shall--
            ``(i) without further appropriation, remain available until 
        expended; and
            ``(ii) be applied first to fund any contingent liabilities 
        associated with share-in-savings procurements that are not 
        fully funded.
    ``(b) Cancellation and Termination.--(1) If funds are not made 
available for the continuation of a share-in-savings contract entered 
into under this section in a subsequent fiscal year, the contract shall 
be canceled or terminated. The costs of cancellation or termination may 
be paid out of--
            ``(A) appropriations available for the performance of the 
        contract;
            ``(B) appropriations available for acquisition of the 
        information technology procured under the contract, and not 
        otherwise obligated; or
            ``(C) funds subsequently appropriated for payments of costs 
        of cancellation or termination, subject to the limitations in 
        paragraph (3).
    ``(2) The amount payable in the event of cancellation or 
termination of a share-in-savings contract shall be negotiated with the 
contractor at the time the contract is entered into.
    ``(3)(A) Subject to subparagraph (B), the head of an executive 
agency may enter into share-in-savings contracts under this section in 
any given fiscal year even if funds are not made specifically available 
for the full costs of cancellation or termination of the contract if 
funds are available and sufficient to make payments with respect to the 
first fiscal year of the contract and the following conditions are met 
regarding the funding of cancellation and termination liability:
            ``(i) The amount of unfunded contingent liability for the 
        contract does not exceed the lesser of--
                    ``(I) 25 percent of the estimated costs of a 
                cancellation or termination; or
                    ``(II) $5,000,000.
            ``(ii) Unfunded contingent liability in excess of 
        $1,000,000 has been approved by the Director of the Office of 
        Management and Budget or the Director's designee.
    ``(B) The aggregate number of share-in-savings contracts that may 
be entered into under subparagraph (A) by all executive agencies to 
which this chapter applies in a fiscal year may not exceed 5 in each of 
fiscal years 2003, 2004, and 2005.
    ``(c) Definitions.--In this section:
            ``(1) The term `contractor' means a private entity that 
        enters into a contract with an agency.
            ``(2) The term `savings' means--
                    ``(A) monetary savings to an agency; or
                    ``(B) savings in time or other benefits realized by 
                the agency, including enhanced revenues (other than 
                enhanced revenues from the collection of fees, taxes, 
                debts, claims, or other amounts owed the Federal 
                Government).
            ``(3) The term `share-in-savings contract' means a contract 
        under which--
                    ``(A) a contractor provides solutions for--
                            ``(i) improving the agency's mission-
                        related or administrative processes; or
                            ``(ii) accelerating the achievement of 
                        agency missions; and
                    ``(B) the head of the agency pays the contractor an 
                amount equal to a portion of the savings derived by the 
                agency from--
                            ``(i) any improvements in mission-related 
                        or administrative processes that result from 
                        implementation of the solution; or
                            ``(ii) acceleration of achievement of 
                        agency missions.
    ``(d) Termination.--No share-in-savings contracts may be entered 
into under this section after September 30, 2005.''.
    (c) Development of Incentives.--The Director of the Office of 
Management and Budget shall, in consultation with the Committee on 
Governmental Affairs of the Senate, the Committee on Government Reform 
of the House of Representatives, and executive agencies, develop 
techniques to permit an executive agency to retain a portion of the 
savings (after payment of the contractor's share of the savings) 
derived from share-in-savings contracts as funds are appropriated to 
the agency in future fiscal years.
    (d) Regulations.--Not later than 270 days after the date of the 
enactment of this Act, the Federal Acquisition Regulation shall be 
revised to implement the provisions enacted by this section. Such 
revisions shall--
            (1) provide for the use of competitive procedures in the 
        selection and award of share-in-savings contracts to--
                    (A) ensure the contractor's share of savings 
                reflects the risk involved and market conditions; and
                    (B) otherwise yield greatest value to the 
                government; and
            (2) allow appropriate regulatory flexibility to facilitate 
        the use of share-in-savings contracts by executive agencies, 
        including the use of innovative provisions for technology 
        refreshment and nonstandard Federal Acquisition Regulation 
        contract clauses.
    (e) Additional Guidance.--The Administrator of General Services 
shall--
            (1) identify potential opportunities for the use of share-
        in-savings contracts; and
            (2) in consultation with the Director of the Office of 
        Management and Budget, provide guidance to executive agencies 
        for determining mutually beneficial savings share ratios and 
        baselines from which savings may be measured.
    (f) OMB Report to Congress.--In consultation with executive 
agencies, the Director of the Office of Management and Budget shall, 
not later than 2 years after the date of the enactment of this Act, 
submit to Congress a report containing--
            (1) a description of the number of share-in-savings 
        contracts entered into by each executive agency under by this 
        section and the amendments made by this section, and, for each 
        contract identified--
                    (A) the information technology acquired;
                    (B) the total amount of payments made to the 
                contractor; and
                    (C) the total amount of savings or other measurable 
                benefits realized;
            (2) a description of the ability of agencies to determine 
        the baseline costs of a project against which savings can be 
        measured; and
            (3) any recommendations, as the Director deems appropriate, 
        regarding additional changes in law that may be necessary to 
        ensure effective use of share-in-savings contracts by executive 
        agencies.
    (g) GAO Report to Congress.--The Comptroller General shall, not 
later than 6 months after the report required under subsection (f) is 
submitted to Congress, conduct a review of that report and submit to 
Congress a report containing--
            (1) the results of the review;
            (2) an independent assessment by the Comptroller General of 
        the effectiveness of the use of share-in-savings contracts in 
        improving the mission-related and administrative processes of 
        the executive agencies and the achievement of agency missions; 
        and
            (3) a recommendation on whether the authority to enter into 
        share-in-savings contracts should be continued.
    (h) Repeal of Share-in-Savings Pilot Program.--
            (1) Repeal.--Section 11521 of title 40, United States Code, 
        is repealed.
            (2) Conforming amendments to pilot program authority.--
                    (A) Section 11501 of title 40, United States Code, 
                is amended--
                            (i) in the section heading, by striking 
                        ``programs'' and inserting ``program'';
                            (ii) in subsection (a)(1), by striking 
                        ``conduct pilot programs'' and inserting 
                        ``conduct a pilot program pursuant to the 
                        requirements of section 11521 of this title'';
                            (iii) in subsection (a)(2), by striking 
                        ``each pilot program'' and inserting ``the 
                        pilot program'';
                            (iv) in subsection (b), by striking 
                        ``Limitations.--'' and all that follows through 
                        ``$750,000,000.'' and inserting the following: 
                        ``Limitation on Amount.--The total amount 
                        obligated for contracts entered into under the 
                        pilot program conducted under this chapter may 
                        not exceed $375,000,000.''; and
                            (v) in subsection (c)(1), by striking ``a 
                        pilot'' and inserting ``the pilot''.
                    (B) The following provisions of chapter 115 of such 
                title are each amended by striking ``a pilot'' each 
                place it appears and inserting ``the pilot'':
                            (i) Section 11502(a).
                            (ii) Section 11502(b).
                            (iii) Section 11503(a).
                            (iv) Section 11504.
                    (C) Section 11505 of such chapter is amended by 
                striking ``programs'' and inserting ``program''.
            (3) Additional conforming amendments.--
                    (A) Section 11522 of title 40, United States Code, 
                is redesignated as section 11521.
                    (B) The chapter heading for chapter 115 of such 
                title is amended by striking ``PROGRAMS'' and inserting 
                ``PROGRAM''.
                    (C) The subchapter heading for subchapter I and for 
                subchapter II of such chapter are each amended by 
                striking ``PROGRAMS'' and inserting ``PROGRAM''.
                    (D) The item relating to subchapter I in the table 
                of sections at the beginning of such chapter is amended 
                to read as follows:

              ``SUBCHAPTER I--CONDUCT OF PILOT PROGRAM''.

                    (E) The item relating to subchapter II in the table 
                of sections at the beginning of such chapter is amended 
                to read as follows:

               ``SUBCHAPTER II--SPECIFIC PILOT PROGRAM''.

                    (F) The item relating to section 11501 in the table 
                of sections at the beginning of such is amended by 
                striking ``programs'' and inserting ``program''.
                    (G) The table of sections at the beginning of such 
                chapter is amended by striking the item relating to 
                section 11521 and redesignating the item relating to 
                section 11522 as section 11521.
                    (H) The item relating to chapter 115 in the table 
                of chapters for subtitle III of title 40, United States 
                Code, is amended to read as follows:

``115. INFORMATION TECHNOLOGY ACQUISITION PILOT PROGRAM.....   11501''.
    (i) Definitions.--In this section, the terms ``contractor'', 
``savings'', and ``share-in-savings contract'' have the meanings given 
those terms in section 317 of the Federal Property and Administrative 
Services Act of 1949 (as added by subsection (b)).

SEC. 211. AUTHORIZATION FOR ACQUISITION OF INFORMATION TECHNOLOGY BY 
              STATE AND LOCAL GOVERNMENTS THROUGH FEDERAL SUPPLY 
              SCHEDULES.

    (a) Authority To Use Certain Supply Schedules.--Section 502 of 
title 40, United States Code, is amended by adding at the end the 
following new subsection:
    ``(c) Use of Certain Supply Schedules.--
            ``(1) In general.--The Administrator may provide for the 
        use by State or local governments of Federal supply schedules 
        of the General Services Administration for automated data 
        processing equipment (including firmware), software, supplies, 
        support equipment, and services (as contained in Federal supply 
        classification code group 70).
            ``(2) Voluntary use.--In any case of the use by a State or 
        local government of a Federal supply schedule pursuant to 
        paragraph (1), participation by a firm that sells to the 
        Federal Government through the supply schedule shall be 
        voluntary with respect to a sale to the State or local 
        government through such supply schedule.
            ``(3) Definitions.--In this subsection:
                    ``(A) The term `State or local government' includes 
                any State, local, regional, or tribal government, or 
                any instrumentality thereof (including any local 
                educational agency or institution of higher education).
                    ``(B) The term `tribal government' means--
                            ``(i) the governing body of any Indian 
                        tribe, band, nation, or other organized group 
                        or community located in the continental United 
                        States (excluding the State of Alaska) that is 
                        recognized as eligible for the special programs 
                        and services provided by the United States to 
                        Indians because of their status as Indians, and
                            ``(ii) any Alaska Native regional or 
                        village corporation established pursuant to the 
                        Alaska Native Claims Settlement Act (43 U.S.C. 
                        1601 et seq.).
                    ``(C) The term `local educational agency' has the 
                meaning given that term in section 8013 of the 
                Elementary and Secondary Education Act of 1965 (20 
                U.S.C. 7713).
                    ``(D) The term `institution of higher education' 
                has the meaning given that term in section 101(a) of 
                the Higher Education Act of 1965 (20 U.S.C. 
                1001(a)).''.
    (b) Procedures.--Not later than 30 days after the date of the 
enactment of this Act, the Administrator of General Services shall 
establish procedures to implement section 501(c) of title 40, United 
States Code (as added by subsection (a)).
    (c) Report.--Not later than December 31, 2004, the Administrator 
shall submit to the Committee on Government Reform of the House of 
Representatives and the Committee on Governmental Affairs of the Senate 
a report on the implementation and effects of the amendment made by 
subsection (a).

SEC. 212. INTEGRATED REPORTING STUDY AND PILOT PROJECTS.

    (a) Purposes.--The purposes of this section are to--
            (1) enhance the interoperability of Federal information 
        systems;
            (2) assist the public, including the regulated community, 
        in electronically submitting information to agencies under 
        Federal requirements, by reducing the burden of duplicate 
        collection and ensuring the accuracy of submitted information; 
        and
            (3) enable any person to integrate and obtain similar 
        information held by 1 or more agencies under 1 or more Federal 
        requirements without violating the privacy rights of an 
        individual.
    (b) Definitions.--In this section, the term--
            (1) ``agency'' means an Executive agency as defined under 
        section 105 of title 5, United States Code; and
            (2) ``person'' means any individual, trust, firm, joint 
        stock company, corporation (including a government 
        corporation), partnership, association, State, municipality, 
        commission, political subdivision of a State, interstate body, 
        or agency or component of the Federal Government.
    (c) Report.--
            (1) In general.--Not later than 3 years after the date of 
        enactment of this Act, the Director shall oversee a study, in 
        consultation with agencies, the regulated community, public 
        interest organizations, and the public, and submit a report to 
        the Committee on Governmental Affairs of the Senate and the 
        Committee on Government Reform of the House of Representatives 
        on progress toward integrating Federal information systems 
        across agencies.
            (2) Contents.--The report under this section shall--
                    (A) address the integration of data elements used 
                in the electronic collection of information within 
                databases established under Federal statute without 
                reducing the quality, accessibility, scope, or utility 
                of the information contained in each database;
                    (B) address the feasibility of developing, or 
                enabling the development of, software, including 
                Internet-based tools, for use by reporting persons in 
                assembling, documenting, and validating the accuracy of 
                information electronically submitted to agencies under 
                nonvoluntary, statutory, and regulatory requirements;
                    (C) address the feasibility of developing a 
                distributed information system involving, on a 
                voluntary basis, at least 2 agencies, that--
                            (i) provides consistent, dependable, and 
                        timely public access to the information 
                        holdings of 1 or more agencies, or some portion 
                        of such holdings, without requiring public 
                        users to know which agency holds the 
                        information; and
                            (ii) allows the integration of public 
                        information held by the participating agencies;
                    (D) address the feasibility of incorporating other 
                elements related to the purposes of this section at the 
                discretion of the Director; and
                    (E) make any recommendations that the Director 
                deems appropriate on the use of integrated reporting 
                and information systems, to reduce the burden on 
                reporting and strengthen public access to databases 
                within and across agencies.
    (d) Pilot Projects To Encourage Integrated Collection and 
Management of Data and Interoperability of Federal Information 
Systems.--
            (1) In general.--In order to provide input to the study 
        under subsection (c), the Director shall designate, in 
        consultation with agencies, a series of no more than 5 pilot 
        projects that integrate data elements. The Director shall 
        consult with agencies, the regulated community, public interest 
        organizations, and the public on the implementation of the 
        pilot projects.
            (2) Goals of pilot projects.--
                    (A) In general.--Each goal described under 
                subparagraph (B) shall be addressed by at least 1 pilot 
                project each.
                    (B) Goals.--The goals under this paragraph are to--
                            (i) reduce information collection burdens 
                        by eliminating duplicative data elements within 
                        2 or more reporting requirements;
                            (ii) create interoperability between or 
                        among public databases managed by 2 or more 
                        agencies using technologies and techniques that 
                        facilitate public access; and
                            (iii) develop, or enable the development 
                        of, software to reduce errors in electronically 
                        submitted information.
            (3) Input.--Each pilot project shall seek input from users 
        on the utility of the pilot project and areas for improvement. 
        To the extent practicable, the Director shall consult with 
        relevant agencies and State, tribal, and local governments in 
        carrying out the report and pilot projects under this section.
    (e) Protections.--The activities authorized under this section 
shall afford protections for--
            (1) confidential business information consistent with 
        section 552(b)(4) of title 5, United States Code, and other 
        relevant law;
            (2) personal privacy information under sections 552(b) (6) 
        and (7)(C) and 552a of title 5, United States Code, and other 
        relevant law;
            (3) other information consistent with section 552(b)(3) of 
        title 5, United States Code, and other relevant law; and
            (4) confidential statistical information collected under a 
        confidentiality pledge, solely for statistical purposes, 
        consistent with the Office of Management and Budget's Federal 
        Statistical Confidentiality Order, and other relevant law.

SEC. 213. COMMUNITY TECHNOLOGY CENTERS.

    (a) Purposes.--The purposes of this section are to--
            (1) study and enhance the effectiveness of community 
        technology centers, public libraries, and other institutions 
        that provide computer and Internet access to the public; and
            (2) promote awareness of the availability of on-line 
        government information and services, to users of community 
        technology centers, public libraries, and other public 
        facilities that provide access to computer technology and 
        Internet access to the public.
    (b) Study and Report.--Not later than 2 years after the effective 
date of this title, the Administrator shall--
            (1) ensure that a study is conducted to evaluate the best 
        practices of community technology centers that have received 
        Federal funds; and
            (2) submit a report on the study to--
                    (A) the Committee on Governmental Affairs of the 
                Senate;
                    (B) the Committee on Health, Education, Labor, and 
                Pensions of the Senate;
                    (C) the Committee on Government Reform of the House 
                of Representatives; and
                    (D) the Committee on Education and the Workforce of 
                the House of Representatives.
    (c) Contents.--The report under subsection (b) may consider--
            (1) an evaluation of the best practices being used by 
        successful community technology centers;
            (2) a strategy for--
                    (A) continuing the evaluation of best practices 
                used by community technology centers; and
                    (B) establishing a network to share information and 
                resources as community technology centers evolve;
            (3) the identification of methods to expand the use of best 
        practices to assist community technology centers, public 
        libraries, and other institutions that provide computer and 
        Internet access to the public;
            (4) a database of all community technology centers that 
        have received Federal funds, including--
                    (A) each center's name, location, services 
                provided, director, other points of contact, number of 
                individuals served; and
                    (B) other relevant information;
            (5) an analysis of whether community technology centers 
        have been deployed effectively in urban and rural areas 
        throughout the Nation; and
            (6) recommendations of how to--
                    (A) enhance the development of community technology 
                centers; and
                    (B) establish a network to share information and 
                resources.
    (d) Cooperation.--All agencies that fund community technology 
centers shall provide to the Administrator any information and 
assistance necessary for the completion of the study and the report 
under this section.
    (e) Assistance.--
            (1) In general.--The Administrator, in consultation with 
        the Secretary of Education, shall work with other relevant 
        Federal agencies, and other interested persons in the private 
        and nonprofit sectors to--
                    (A) assist in the implementation of 
                recommendations; and
                    (B) identify other ways to assist community 
                technology centers, public libraries, and other 
                institutions that provide computer and Internet access 
                to the public.
            (2) Types of assistance.--Assistance under this subsection 
        may include--
                    (A) contribution of funds;
                    (B) donations of equipment, and training in the use 
                and maintenance of the equipment; and
                    (C) the provision of basic instruction or training 
                material in computer skills and Internet usage.
    (f) Online Tutorial.--
            (1) In general.--The Administrator, in consultation with 
        the Secretary of Education, the Director of the Institute of 
        Museum and Library Services, other relevant agencies, and the 
        public, shall develop an online tutorial that--
                    (A) explains how to access Government information 
                and services on the Internet; and
                    (B) provides a guide to available online resources.
            (2) Distribution.--The Administrator, with assistance from 
        the Secretary of Education, shall distribute information on the 
        tutorial to community technology centers, public libraries, and 
        other institutions that afford Internet access to the public.
    (g) Promotion of Community Technology Centers.--The Administrator, 
with assistance from the Department of Education and in consultation 
with other agencies and organizations, shall promote the availability 
of community technology centers to raise awareness within each 
community where such a center is located.
    (h) Authorization of Appropriations.--There are authorized to be 
appropriated for the study of best practices at community technology 
centers, for the development and dissemination of the online tutorial, 
and for the promotion of community technology centers under this 
section--
            (1) $2,000,000 in fiscal year 2003;
            (2) $2,000,000 in fiscal year 2004; and
            (3) such sums as are necessary in fiscal years 2005 through 
        2007.

SEC. 214. ENHANCING CRISIS MANAGEMENT THROUGH ADVANCED INFORMATION 
              TECHNOLOGY.

    (a) Purpose.--The purpose of this section is to improve how 
information technology is used in coordinating and facilitating 
information on disaster preparedness, response, and recovery, while 
ensuring the availability of such information across multiple access 
channels.
    (b) In General.--
            (1) Study on enhancement of crisis response.--Not later 
        than 90 days after the date of enactment of this Act, the 
        Administrator, in consultation with the Federal Emergency 
        Management Agency, shall ensure that a study is conducted on 
        using information technology to enhance crisis preparedness, 
        response, and consequence management of natural and manmade 
        disasters.
            (2) Contents.--The study under this subsection shall 
        address--
                    (A) a research and implementation strategy for 
                effective use of information technology in crisis 
                response and consequence management, including the more 
                effective use of technologies, management of 
                information technology research initiatives, and 
                incorporation of research advances into the information 
                and communications systems of--
                            (i) the Federal Emergency Management 
                        Agency; and
                            (ii) other Federal, State, and local 
                        agencies responsible for crisis preparedness, 
                        response, and consequence management; and
                    (B) opportunities for research and development on 
                enhanced technologies into areas of potential 
                improvement as determined during the course of the 
                study.
            (3) Report.--Not later than 2 years after the date on which 
        a contract is entered into under paragraph (1), the 
        Administrator shall submit a report on the study, including 
        findings and recommendations to--
                    (A) the Committee on Governmental Affairs of the 
                Senate; and
                    (B) the Committee on Government Reform of the House 
                of Representatives.
            (4) Interagency cooperation.--Other Federal departments and 
        agencies with responsibility for disaster relief and emergency 
        assistance shall fully cooperate with the Administrator in 
        carrying out this section.
            (5) Authorization of appropriations.--There are authorized 
        to be appropriated for research under this subsection, such 
        sums as are necessary for fiscal year 2003.
    (c) Pilot Projects.--Based on the results of the research conducted 
under subsection (b), the Administrator, in consultation with the 
Federal Emergency Management Agency, shall initiate pilot projects or 
report to Congress on other activities that further the goal of 
maximizing the utility of information technology in disaster 
management. The Administrator shall cooperate with other relevant 
agencies, and, if appropriate, State, local, and tribal governments, in 
initiating such pilot projects.

SEC. 215. DISPARITIES IN ACCESS TO THE INTERNET.

    (a) Study and Report.--
            (1) Study.--Not later than 90 days after the date of 
        enactment of this Act, the Administrator of General Services 
        shall request that the National Academy of Sciences, acting 
        through the National Research Council, enter into a contract to 
        conduct a study on disparities in Internet access for online 
        Government services.
            (2) Report.--Not later than 2 years after the date of 
        enactment of this Act, the Administrator of General Services 
        shall submit to the Committee on Governmental Affairs of the 
        Senate and the Committee on Government Reform of the House of 
        Representatives a final report of the study under this section, 
        which shall set forth the findings, conclusions, and 
        recommendations of the National Research Council.
    (b) Contents.--The report under subsection (a) shall include a 
study of--
            (1) how disparities in Internet access influence the 
        effectiveness of online Government services, including a review 
        of--
                    (A) the nature of disparities in Internet access;
                    (B) the affordability of Internet service;
                    (C) the incidence of disparities among different 
                groups within the population; and
                    (D) changes in the nature of personal and public 
                Internet access that may alleviate or aggravate 
                effective access to online Government services;
            (2) how the increase in online Government services is 
        influencing the disparities in Internet access and how 
        technology development or diffusion trends may offset such 
        adverse influences; and
            (3) related societal effects arising from the interplay of 
        disparities in Internet access and the increase in online 
        Government services.
    (c) Recommendations.--The report shall include recommendations on 
actions to ensure that online Government initiatives shall not have the 
unintended result of increasing any deficiency in public access to 
Government services.
    (d) Authorization of Appropriations.--There are authorized to be 
appropriated $950,000 in fiscal year 2003 to carry out this section.

SEC. 216. COMMON PROTOCOLS FOR GEOGRAPHIC INFORMATION SYSTEMS.

    (a) Purposes.--The purposes of this section are to--
            (1) reduce redundant data collection and information; and
            (2) promote collaboration and use of standards for 
        government geographic information.
    (b) Definition.--In this section, the term ``geographic 
information'' means information systems that involve locational data, 
such as maps or other geospatial information resources.
    (c) In General.--
            (1) Common protocols.--The Administrator, in consultation 
        with the Secretary of the Interior, working with the Director 
        and through an interagency group, and working with private 
        sector experts, State, local, and tribal governments, 
        commercial and international standards groups, and other 
        interested parties, shall facilitate the development of common 
        protocols for the development, acquisition, maintenance, 
        distribution, and application of geographic information. If 
        practicable, the Administrator shall incorporate 
        intergovernmental and public private geographic information 
        partnerships into efforts under this subsection.
            (2) Interagency group.--The interagency group referred to 
        under paragraph (1) shall include representatives of the 
        National Institute of Standards and Technology and other 
        agencies.
    (d) Director.--The Director shall oversee--
            (1) the interagency initiative to develop common protocols;
            (2) the coordination with State, local, and tribal 
        governments, public private partnerships, and other interested 
        persons on effective and efficient ways to align geographic 
        information and develop common protocols; and
            (3) the adoption of common standards relating to the 
        protocols.
    (e) Common Protocols.--The common protocols shall be designed to--
            (1) maximize the degree to which unclassified geographic 
        information from various sources can be made electronically 
        compatible and accessible; and
            (2) promote the development of interoperable geographic 
        information systems technologies that shall--
                    (A) allow widespread, low-cost use and sharing of 
                geographic data by Federal agencies, State, local, and 
                tribal governments, and the public; and
                    (B) enable the enhancement of services using 
                geographic data.
    (f) Authorization of Appropriations.--There are authorized to be 
appropriated such sums as are necessary to carry out this section, for 
each of the fiscal years 2003 through 2007.

                    TITLE III--INFORMATION SECURITY

SEC. 301. INFORMATION SECURITY.

    (a) Short Title.--This title may be cited as the ``Federal 
Information Security Management Act of 2002''.
    (b) Information Security.--
            (1) In general.--Chapter 35 of title 44, United States 
        Code, is amended by adding at the end the following new 
        subchapter:

                 ``SUBCHAPTER III--INFORMATION SECURITY

``Sec. 3541. Purposes
    ``The purposes of this subchapter are to--
            ``(1) provide a comprehensive framework for ensuring the 
        effectiveness of information security controls over information 
        resources that support Federal operations and assets;
            ``(2) recognize the highly networked nature of the current 
        Federal computing environment and provide effective 
        governmentwide management and oversight of the related 
        information security risks, including coordination of 
        information security efforts throughout the civilian, national 
        security, and law enforcement communities;
            ``(3) provide for development and maintenance of minimum 
        controls required to protect Federal information and 
        information systems;
            ``(4) provide a mechanism for improved oversight of Federal 
        agency information security programs;
            ``(5) acknowledge that commercially developed information 
        security products offer advanced, dynamic, robust, and 
        effective information security solutions, reflecting market 
        solutions for the protection of critical information 
        infrastructures important to the national defense and economic 
        security of the nation that are designed, built, and operated 
        by the private sector; and
            ``(6) recognize that the selection of specific technical 
        hardware and software information security solutions should be 
        left to individual agencies from among commercially developed 
        products.
``Sec. 3542. Definitions
    ``(a) In General.--Except as provided under subsection (b), the 
definitions under section 3502 shall apply to this subchapter.
    ``(b) Additional Definitions.--As used in this subchapter:
            ``(1) The term `information security' means protecting 
        information and information systems from unauthorized access, 
        use, disclosure, disruption, modification, or destruction in 
        order to provide--
                    ``(A) integrity, which means guarding against 
                improper information modification or destruction, and 
                includes ensuring information nonrepudiation and 
                authenticity;
                    ``(B) confidentiality, which means preserving 
                authorized restrictions on access and disclosure, 
                including means for protecting personal privacy and 
                proprietary information; and
                    ``(C) availability, which means ensuring timely and 
                reliable access to and use of information.
            ``(2)(A) The term `national security system' means any 
        information system (including any telecommunications system) 
        used or operated by an agency or by a contractor of an agency, 
        or other organization on behalf of an agency--
                    ``(i) the function, operation, or use of which--
                            ``(I) involves intelligence activities;
                            ``(II) involves cryptologic activities 
                        related to national security;
                            ``(III) involves command and control of 
                        military forces;
                            ``(IV) involves equipment that is an 
                        integral part of a weapon or weapons system; or
                            ``(V) subject to subparagraph (B), is 
                        critical to the direct fulfillment of military 
                        or intelligence missions; or
                    ``(ii) is protected at all times by procedures 
                established for information that have been specifically 
                authorized under criteria established by an Executive 
                order or an Act of Congress to be kept classified in 
                the interest of national defense or foreign policy.
            ``(B) Subparagraph (A)(i)(V) does not include a system that 
        is to be used for routine administrative and business 
        applications (including payroll, finance, logistics, and 
        personnel management applications).
            ``(3) The term `information technology' has the meaning 
        given that term in section 11101 of title 40.
``Sec. 3543. Authority and functions of the Director
    ``(a) In General.--The Director shall oversee agency information 
security policies and practices, including--
            ``(1) developing and overseeing the implementation of 
        policies, principles, standards, and guidelines on information 
        security, including through ensuring timely agency adoption of 
        and compliance with standards promulgated under section 11331 
        of title 40;
            ``(2) requiring agencies, consistent with the standards 
        promulgated under such section 11331 and the requirements of 
        this subchapter, to identify and provide information security 
        protections commensurate with the risk and magnitude of the 
        harm resulting from the unauthorized access, use, disclosure, 
        disruption, modification, or destruction of--
                    ``(A) information collected or maintained by or on 
                behalf of an agency; or
                    ``(B) information systems used or operated by an 
                agency or by a contractor of an agency or other 
                organization on behalf of an agency;
            ``(3) coordinating the development of standards and 
        guidelines under section 20 of the National Institute of 
        Standards and Technology Act (15 U.S.C. 278g-3) with agencies 
        and offices operating or exercising control of national 
        security systems (including the National Security Agency) to 
        assure, to the maximum extent feasible, that such standards and 
        guidelines are complementary with standards and guidelines 
        developed for national security systems;
            ``(4) overseeing agency compliance with the requirements of 
        this subchapter, including through any authorized action under 
        section 11303 of title 40, to enforce accountability for 
        compliance with such requirements;
            ``(5) reviewing at least annually, and approving or 
        disapproving, agency information security programs required 
        under section 3544(b);
            ``(6) coordinating information security policies and 
        procedures with related information resources management 
        policies and procedures;
            ``(7) overseeing the operation of the Federal information 
        security incident center required under section 3546; and
            ``(8) reporting to Congress no later than March 1 of each 
        year on agency compliance with the requirements of this 
        subchapter, including--
                    ``(A) a summary of the findings of evaluations 
                required by section 3545;
                    ``(B) an assessment of the development, 
                promulgation, and adoption of, and compliance with, 
                standards developed under section 20 of the National 
                Institute of Standards and Technology Act (15 U.S.C. 
                278g-3) and promulgated under section 11331 of title 
                40;
                    ``(C) significant deficiencies in agency 
                information security practices;
                    ``(D) planned remedial action to address such 
                deficiencies; and
                    ``(E) a summary of, and the views of the Director 
                on, the report prepared by the National Institute of 
                Standards and Technology under section 20(d)(10) of the 
                National Institute of Standards and Technology Act (15 
                U.S.C. 278g-3).
    ``(b) National Security Systems.--Except for the authorities 
described in paragraphs (4) and (8) of subsection (a), the authorities 
of the Director under this section shall not apply to national security 
systems.
    ``(c) Department of Defense and Central Intelligence Agency 
Systems.--(1) The authorities of the Director described in paragraphs 
(1) and (2) of subsection (a) shall be delegated to the Secretary of 
Defense in the case of systems described in paragraph (2) and to the 
Director of Central Intelligence in the case of systems described in 
paragraph (3).
    ``(2) The systems described in this paragraph are systems that are 
operated by the Department of Defense, a contractor of the Department 
of Defense, or another entity on behalf of the Department of Defense 
that processes any information the unauthorized access, use, 
disclosure, disruption, modification, or destruction of which would 
have a debilitating impact on the mission of the Department of Defense.
    ``(3) The systems described in this paragraph are systems that are 
operated by the Central Intelligence Agency, a contractor of the 
Central Intelligence Agency, or another entity on behalf of the Central 
Intelligence Agency that processes any information the unauthorized 
access, use, disclosure, disruption, modification, or destruction of 
which would have a debilitating impact on the mission of the Central 
Intelligence Agency.
``Sec. 3544. Federal agency responsibilities
    ``(a) In General.--The head of each agency shall--
            ``(1) be responsible for--
                    ``(A) providing information security protections 
                commensurate with the risk and magnitude of the harm 
                resulting from unauthorized access, use, disclosure, 
                disruption, modification, or destruction of--
                            ``(i) information collected or maintained 
                        by or on behalf of the agency; and
                            ``(ii) information systems used or operated 
                        by an agency or by a contractor of an agency or 
                        other organization on behalf of an agency;
                    ``(B) complying with the requirements of this 
                subchapter and related policies, procedures, standards, 
                and guidelines, including--
                            ``(i) information security standards 
                        promulgated under section 11331 of title 40; 
                        and
                            ``(ii) information security standards and 
                        guidelines for national security systems issued 
                        in accordance with law and as directed by the 
                        President; and
                    ``(C) ensuring that information security management 
                processes are integrated with agency strategic and 
                operational planning processes;
            ``(2) ensure that senior agency officials provide 
        information security for the information and information 
        systems that support the operations and assets under their 
        control, including through--
                    ``(A) assessing the risk and magnitude of the harm 
                that could result from the unauthorized access, use, 
                disclosure, disruption, modification, or destruction of 
                such information or information systems;
                    ``(B) determining the levels of information 
                security appropriate to protect such information and 
                information systems in accordance with standards 
                promulgated under section 11331 of title 40, for 
                information security classifications and related 
                requirements;
                    ``(C) implementing policies and procedures to cost-
                effectively reduce risks to an acceptable level; and
                    ``(D) periodically testing and evaluating 
                information security controls and techniques to ensure 
                that they are effectively implemented;
            ``(3) delegate to the agency Chief Information Officer 
        established under section 3506 (or comparable official in an 
        agency not covered by such section) the authority to ensure 
        compliance with the requirements imposed on the agency under 
        this subchapter, including--
                    ``(A) designating a senior agency information 
                security officer who shall--
                            ``(i) carry out the Chief Information 
                        Officer's responsibilities under this section;
                            ``(ii) possess professional qualifications, 
                        including training and experience, required to 
                        administer the functions described under this 
                        section;
                            ``(iii) have information security duties as 
                        that official's primary duty; and
                            ``(iv) head an office with the mission and 
                        resources to assist in ensuring agency 
                        compliance with this section;
                    ``(B) developing and maintaining an agencywide 
                information security program as required by subsection 
                (b);
                    ``(C) developing and maintaining information 
                security policies, procedures, and control techniques 
                to address all applicable requirements, including those 
                issued under section 3543 of this title, and section 
                11331 of title 40;
                    ``(D) training and overseeing personnel with 
                significant responsibilities for information security 
                with respect to such responsibilities; and
                    ``(E) assisting senior agency officials concerning 
                their responsibilities under paragraph (2);
            ``(4) ensure that the agency has trained personnel 
        sufficient to assist the agency in complying with the 
        requirements of this subchapter and related policies, 
        procedures, standards, and guidelines; and
            ``(5) ensure that the agency Chief Information Officer, in 
        coordination with other senior agency officials, reports 
        annually to the agency head on the effectiveness of the agency 
        information security program, including progress of remedial 
        actions.
    ``(b) Agency Program.--Each agency shall develop, document, and 
implement an agencywide information security program, approved by the 
Director under section 3543(a)(5), to provide information security for 
the information and information systems that support the operations and 
assets of the agency, including those provided or managed by another 
agency, contractor, or other source, that includes--
            ``(1) periodic assessments of the risk and magnitude of the 
        harm that could result from the unauthorized access, use, 
        disclosure, disruption, modification, or destruction of 
        information and information systems that support the operations 
        and assets of the agency;
            ``(2) policies and procedures that--
                    ``(A) are based on the risk assessments required by 
                paragraph (1);
                    ``(B) cost-effectively reduce information security 
                risks to an acceptable level;
                    ``(C) ensure that information security is addressed 
                throughout the life cycle of each agency information 
                system; and
                    ``(D) ensure compliance with--
                            ``(i) the requirements of this subchapter;
                            ``(ii) policies and procedures as may be 
                        prescribed by the Director, and information 
                        security standards promulgated under section 
                        11331 of title 40;
                            ``(iii) minimally acceptable system 
                        configuration requirements, as determined by 
                        the agency; and
                            ``(iv) any other applicable requirements, 
                        including standards and guidelines for national 
                        security systems issued in accordance with law 
                        and as directed by the President;
            ``(3) subordinate plans for providing adequate information 
        security for networks, facilities, and systems or groups of 
        information systems, as appropriate;
            ``(4) security awareness training to inform personnel, 
        including contractors and other users of information systems 
        that support the operations and assets of the agency, of--
                    ``(A) information security risks associated with 
                their activities; and
                    ``(B) their responsibilities in complying with 
                agency policies and procedures designed to reduce these 
                risks;
            ``(5) periodic testing and evaluation of the effectiveness 
        of information security policies, procedures, and practices, to 
        be performed with a frequency depending on risk, but no less 
        than annually, of which such testing--
                    ``(A) shall include testing of management, 
                operational, and technical controls of every 
                information system identified in the inventory required 
                under section 3505(c); and
                    ``(B) may include testing relied on in a evaluation 
                under section 3545;
            ``(6) a process for planning, implementing, evaluating, and 
        documenting remedial action to address any deficiencies in the 
        information security policies, procedures, and practices of the 
        agency;
            ``(7) procedures for detecting, reporting, and responding 
        to security incidents, consistent with standards and guidelines 
        issued pursuant to section 3546(b), including--
                    ``(A) mitigating risks associated with such 
                incidents before substantial damage is done;
                    ``(B) notifying and consulting with the Federal 
                information security incident center referred to in 
                section 3546; and
                    ``(C) notifying and consulting with, as 
                appropriate--
                            ``(i) law enforcement agencies and relevant 
                        Offices of Inspector General;
                            ``(ii) an office designated by the 
                        President for any incident involving a national 
                        security system; and
                            ``(iii) any other agency or office, in 
                        accordance with law or as directed by the 
                        President; and
            ``(8) plans and procedures to ensure continuity of 
        operations for information systems that support the operations 
        and assets of the agency.
    ``(c) Agency Reporting.--Each agency shall--
            ``(1) report annually to the Director, the Committees on 
        Government Reform and Science of the House of Representatives, 
        the Committees on Governmental Affairs and Commerce, Science, 
        and Transportation of the Senate, the appropriate authorization 
        and appropriations committees of Congress, and the Comptroller 
        General on the adequacy and effectiveness of information 
        security policies, procedures, and practices, and compliance 
        with the requirements of this subchapter, including compliance 
        with each requirement of subsection (b);
            ``(2) address the adequacy and effectiveness of information 
        security policies, procedures, and practices in plans and 
        reports relating to--
                    ``(A) annual agency budgets;
                    ``(B) information resources management under 
                subchapter 1 of this chapter;
                    ``(C) information technology management under 
                subtitle III of title 40;
                    ``(D) program performance under sections 1105 and 
                1115 through 1119 of title 31, and sections 2801 and 
                2805 of title 39;
                    ``(E) financial management under chapter 9 of title 
                31, and the Chief Financial Officers Act of 1990 (31 
                U.S.C. 501 note; Public Law 101-576) (and the 
                amendments made by that Act);
                    ``(F) financial management systems under the 
                Federal Financial Management Improvement Act (31 U.S.C. 
                3512 note); and
                    ``(G) internal accounting and administrative 
                controls under section 3512 of title 31, (known as the 
                `Federal Managers Financial Integrity Act'); and
            ``(3) report any significant deficiency in a policy, 
        procedure, or practice identified under paragraph (1) or (2)--
                    ``(A) as a material weakness in reporting under 
                section 3512 of title 31; and
                    ``(B) if relating to financial management systems, 
                as an instance of a lack of substantial compliance 
                under the Federal Financial Management Improvement Act 
                (31 U.S.C. 3512 note).
    ``(d) Performance Plan.--(1) In addition to the requirements of 
subsection (c), each agency, in consultation with the Director, shall 
include as part of the performance plan required under section 1115 of 
title 31 a description of--
            ``(A) the time periods, and
            ``(B) the resources, including budget, staffing, and 
        training,
that are necessary to implement the program required under subsection 
(b).
    ``(2) The description under paragraph (1) shall be based on the 
risk assessments required under subsection (b)(2)(1).
    ``(e) Public Notice and Comment.--Each agency shall provide the 
public with timely notice and opportunities for comment on proposed 
information security policies and procedures to the extent that such 
policies and procedures affect communication with the public.
``Sec. 3545. Annual independent evaluation
    ``(a) In General.--(1) Each year each agency shall have performed 
an independent evaluation of the information security program and 
practices of that agency to determine the effectiveness of such program 
and practices.
    ``(2) Each evaluation under this section shall include--
            ``(A) testing of the effectiveness of information security 
        policies, procedures, and practices of a representative subset 
        of the agency's information systems;
            ``(B) an assessment (made on the basis of the results of 
        the testing) of compliance with--
                    ``(i) the requirements of this subchapter; and
                    ``(ii) related information security policies, 
                procedures, standards, and guidelines; and
            ``(C) separate presentations, as appropriate, regarding 
        information security relating to national security systems.
    ``(b) Independent Auditor.--Subject to subsection (c)--
            ``(1) for each agency with an Inspector General appointed 
        under the Inspector General Act of 1978, the annual evaluation 
        required by this section shall be performed by the Inspector 
        General or by an independent external auditor, as determined by 
        the Inspector General of the agency; and
            ``(2) for each agency to which paragraph (1) does not 
        apply, the head of the agency shall engage an independent 
        external auditor to perform the evaluation.
    ``(c) National Security Systems.--For each agency operating or 
exercising control of a national security system, that portion of the 
evaluation required by this section directly relating to a national 
security system shall be performed--
            ``(1) only by an entity designated by the agency head; and
            ``(2) in such a manner as to ensure appropriate protection 
        for information associated with any information security 
        vulnerability in such system commensurate with the risk and in 
        accordance with all applicable laws.
    ``(d) Existing Evaluations.--The evaluation required by this 
section may be based in whole or in part on an audit, evaluation, or 
report relating to programs or practices of the applicable agency.
    ``(e) Agency Reporting.--(1) Each year, not later than such date 
established by the Director, the head of each agency shall submit to 
the Director the results of the evaluation required under this section.
    ``(2) To the extent an evaluation required under this section 
directly relates to a national security system, the evaluation results 
submitted to the Director shall contain only a summary and assessment 
of that portion of the evaluation directly relating to a national 
security system.
    ``(f) Protection of Information.--Agencies and evaluators shall 
take appropriate steps to ensure the protection of information which, 
if disclosed, may adversely affect information security. Such 
protections shall be commensurate with the risk and comply with all 
applicable laws and regulations.
    ``(g) OMB Reports to Congress.--(1) The Director shall summarize 
the results of the evaluations conducted under this section in the 
report to Congress required under section 3543(a)(8).
    ``(2) The Director's report to Congress under this subsection shall 
summarize information regarding information security relating to 
national security systems in such a manner as to ensure appropriate 
protection for information associated with any information security 
vulnerability in such system commensurate with the risk and in 
accordance with all applicable laws.
    ``(3) Evaluations and any other descriptions of information systems 
under the authority and control of the Director of Central Intelligence 
or of National Foreign Intelligence Programs systems under the 
authority and control of the Secretary of Defense shall be made 
available to Congress only through the appropriate oversight committees 
of Congress, in accordance with applicable laws.
    ``(h) Comptroller General.--The Comptroller General shall 
periodically evaluate and report to Congress on--
            ``(1) the adequacy and effectiveness of agency information 
        security policies and practices; and
            ``(2) implementation of the requirements of this 
        subchapter.
``Sec. 3546. Federal information security incident center
    ``(a) In General.--The Director shall ensure the operation of a 
central Federal information security incident center to--
            ``(1) provide timely technical assistance to operators of 
        agency information systems regarding security incidents, 
        including guidance on detecting and handling information 
        security incidents;
            ``(2) compile and analyze information about incidents that 
        threaten information security;
            ``(3) inform operators of agency information systems about 
        current and potential information security threats, and 
        vulnerabilities; and
            ``(4) consult with the National Institute of Standards and 
        Technology, agencies or offices operating or exercising control 
        of national security systems (including the National Security 
        Agency), and such other agencies or offices in accordance with 
        law and as directed by the President regarding information 
        security incidents and related matters.
    ``(b) National Security Systems.--Each agency operating or 
exercising control of a national security system shall share 
information about information security incidents, threats, and 
vulnerabilities with the Federal information security incident center 
to the extent consistent with standards and guidelines for national 
security systems, issued in accordance with law and as directed by the 
President.
``Sec. 3547. National security systems
    ``The head of each agency operating or exercising control of a 
national security system shall be responsible for ensuring that the 
agency--
            ``(1) provides information security protections 
        commensurate with the risk and magnitude of the harm resulting 
        from the unauthorized access, use, disclosure, disruption, 
        modification, or destruction of the information contained in 
        such system;
            ``(2) implements information security policies and 
        practices as required by standards and guidelines for national 
        security systems, issued in accordance with law and as directed 
        by the President; and
            ``(3) complies with the requirements of this subchapter.
``Sec. 3548. Authorization of appropriations
    ``There are authorized to be appropriated to carry out the 
provisions of this subchapter such sums as may be necessary for each of 
fiscal years 2003 through 2007.
``Sec. 3549. Effect on existing law
    ``Nothing in this subchapter, section 11331 of title 40, or section 
20 of the National Standards and Technology Act (15 U.S.C. 278g-3) may 
be construed as affecting the authority of the President, the Office of 
Management and Budget or the Director thereof, the National Institute 
of Standards and Technology, or the head of any agency, with respect to 
the authorized use or disclosure of information, including with regard 
to the protection of personal privacy under section 552a of title 5, 
the disclosure of information under section 552 of title 5, the 
management and disposition of records under chapters 29, 31, or 33 of 
title 44, the management of information resources under subchapter I of 
chapter 35 of this title, or the disclosure of information to the 
Congress or the Comptroller General of the United States. While this 
subchapter is in effect, subchapter II of this chapter shall not 
apply.''.
            (2) Clerical amendment.--The table of sections at the 
        beginning of such chapter 35 is amended by adding at the end 
        the following:

                 ``SUBCHAPTER III--INFORMATION SECURITY

``Sec.
``3541. Purposes.
``3542. Definitions.
``3543. Authority and functions of the Director.
``3544. Federal agency responsibilities.
``3545. Annual independent evaluation.
``3546. Federal information security incident center.
``3547. National security systems.
``3548. Authorization of appropriations.
``3549. Effect on existing law.''.
    (c) Information Security Responsibilities of Certain Agencies.--
            (1) National security responsibilities.--(A) Nothing in 
        this Act (including any amendment made by this Act) shall 
        supersede any authority of the Secretary of Defense, the 
        Director of Central Intelligence, or other agency head, as 
        authorized by law and as directed by the President, with regard 
        to the operation, control, or management of national security 
        systems, as defined by section 3542(b)(2) of title 44, United 
        States Code.
            (B) Section 2224 of title 10, United States Code, is 
        amended--
                    (i) in subsection (b), by striking ``(b) Objectives 
                and Minimum Requirements.--(1)'' and inserting ``(b) 
                Objectives of the Program.--'';
                    (ii) in subsection (b), by striking paragraph (2); 
                and
                    (iii) in subsection (c), in the matter preceding 
                paragraph (1), by inserting ``, including through 
                compliance with subchapter III of chapter 35 of title 
                44'' after ``infrastructure''.
            (2) Atomic energy act of 1954.--Nothing in this Act shall 
        supersede any requirement made by or under the Atomic Energy 
        Act of 1954 (42 U.S.C. 2011 et seq.). Restricted data or 
        formerly restricted data shall be handled, protected, 
        classified, downgraded, and declassified in conformity with the 
        Atomic Energy Act of 1954 (42 U.S.C. 2011 et seq.).

SEC. 302. MANAGEMENT OF INFORMATION TECHNOLOGY.

    (a) In General.--Section 11331 of title 40, United States Code, is 
amended to read as follows:
``Sec. 11331. Responsibilities for Federal information systems 
              standards
    ``(a) Standards and Guidelines.--
            ``(1) Authority to prescribe.--Except as provided under 
        paragraph (2), the Secretary of Commerce shall, on the basis of 
        standards and guidelines developed by the National Institute of 
        Standards and Technology pursuant to paragraphs (2) and (3) of 
        section 20(a) of the National Institute of Standards and 
        Technology Act (15 U.S.C. 278g-3(a)), prescribe standards and 
        guidelines pertaining to Federal information systems.
            ``(2) National security systems.--Standards and guidelines 
        for national security systems (as defined under this section) 
        shall be developed, prescribed, enforced, and overseen as 
        otherwise authorized by law and as directed by the President.
    ``(b) Mandatory Requirements.--
            ``(1) Authority to make mandatory.--Except as provided 
        under paragraph (2), the Secretary shall make standards 
        prescribed under subsection (a)(1) compulsory and binding to 
        the extent determined necessary by the Secretary to improve the 
        efficiency of operation or security of Federal information 
        systems.
            ``(2) Required mandatory standards.--(A) Standards 
        prescribed under subsection (a)(1) shall include information 
        security standards that--
                    ``(i) provide minimum information security 
                requirements as determined under section 20(b) of the 
                National Institute of Standards and Technology Act (15 
                U.S.C. 278g-3(b)); and
                    ``(ii) are otherwise necessary to improve the 
                security of Federal information and information 
                systems.
            ``(B) Information security standards described in 
        subparagraph (A) shall be compulsory and binding.
    ``(c) Authority to Disapprove or Modify.--The President may 
disapprove or modify the standards and guidelines referred to in 
subsection (a)(1) if the President determines such action to be in the 
public interest. The President's authority to disapprove or modify such 
standards and guidelines may not be delegated. Notice of such 
disapproval or modification shall be published promptly in the Federal 
Register. Upon receiving notice of such disapproval or modification, 
the Secretary of Commerce shall immediately rescind or modify such 
standards or guidelines as directed by the President.
    ``(d) Exercise of Authority.--To ensure fiscal and policy 
consistency, the Secretary shall exercise the authority conferred by 
this section subject to direction by the President and in coordination 
with the Director of the Office of Management and Budget.
    ``(e) Application of More Stringent Standards.--The head of an 
executive agency may employ standards for the cost-effective 
information security for information systems within or under the 
supervision of that agency that are more stringent than the standards 
the Secretary prescribes under this section if the more stringent 
standards--
            ``(1) contain at least the applicable standards made 
        compulsory and binding by the Secretary; and
            ``(2) are otherwise consistent with policies and guidelines 
        issued under section 3543 of title 44.
    ``(f) Decisions on Promulgation of Standards.--The decision by the 
Secretary regarding the promulgation of any standard under this section 
shall occur not later than 6 months after the submission of the 
proposed standard to the Secretary by the National Institute of 
Standards and Technology, as provided under section 20 of the National 
Institute of Standards and Technology Act (15 U.S.C. 278g-3).
    ``(g) Definitions.--In this section:
            ``(1) Federal information system.--The term `Federal 
        information system' means an information system used or 
        operated by an executive agency, by a contractor of an 
        executive agency, or by another organization on behalf of an 
        executive agency.
            ``(2) Information security.--The term `information 
        security' has the meaning given that term in section 3542(b)(1) 
        of title 44.
            ``(3) National security system.--The term `national 
        security system' has the meaning given that term in section 
        3542(b)(2) of title 44.''.
    (b) Clerical Amendment.--The item relating to section 11331 in the 
table of sections at the beginning of chapter 113 of such title is 
amended to read as follows:

``11331. Responsibilities for Federal information systems standards.''.

SEC. 303. NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY.

    Section 20 of the National Institute of Standards and Technology 
Act (15 U.S.C. 278g-3), is amended by striking the text and inserting 
the following:
    ``(a) In General.--The Institute shall--
            ``(1) have the mission of developing standards, guidelines, 
        and associated methods and techniques for information systems;
            ``(2) develop standards and guidelines, including minimum 
        requirements, for information systems used or operated by an 
        agency or by a contractor of an agency or other organization on 
        behalf of an agency, other than national security systems (as 
        defined in section 3542(b)(2) of title 44, United States Code); 
        and
            ``(3) develop standards and guidelines, including minimum 
        requirements, for providing adequate information security for 
        all agency operations and assets, but such standards and 
        guidelines shall not apply to national security systems.
    ``(b) Minimum Requirements for Standards and Guidelines.--The 
standards and guidelines required by subsection (a) shall include, at a 
minimum--
            ``(1)(A) standards to be used by all agencies to categorize 
        all information and information systems collected or maintained 
        by or on behalf of each agency based on the objectives of 
        providing appropriate levels of information security according 
        to a range of risk levels;
            ``(B) guidelines recommending the types of information and 
        information systems to be included in each such category; and
            ``(C) minimum information security requirements for 
        information and information systems in each such category;
            ``(2) a definition of and guidelines concerning detection 
        and handling of information security incidents; and
            ``(3) guidelines developed in conjunction with the 
        Department of Defense, including the National Security Agency, 
        for identifying an information system as a national security 
        system consistent with applicable requirements for national 
        security systems, issued in accordance with law and as directed 
        by the President.
    ``(c) Development of Standards and Guidelines.--In developing 
standards and guidelines required by subsections (a) and (b), the 
Institute shall--
            ``(1) consult with other agencies and offices and the 
        private sector (including the Director of the Office of 
        Management and Budget, the Departments of Defense and Energy, 
        the National Security Agency, the General Accounting Office, 
        and the Secretary of Homeland Security) to assure--
                    ``(A) use of appropriate information security 
                policies, procedures, and techniques, in order to 
                improve information security and avoid unnecessary and 
                costly duplication of effort; and
                    ``(B) that such standards and guidelines are 
                complementary with standards and guidelines employed 
                for the protection of national security systems and 
                information contained in such systems;
            ``(2) provide the public with an opportunity to comment on 
        proposed standards and guidelines;
            ``(3) submit to the Secretary of Commerce for promulgation 
        under section 11331 of title 40, United States Code--
                    ``(A) standards, as required under subsection 
                (b)(1)(A), no later than 12 months after the date of 
                the enactment of this section; and
                    ``(B) minimum information security requirements for 
                each category, as required under subsection (b)(1)(C), 
                no later than 36 months after the date of the enactment 
                of this section;
            ``(4) issue guidelines as required under subsection 
        (b)(1)(B), no later than 18 months after the date of the 
        enactment of this section;
            ``(5) to the maximum extent practicable, ensure that such 
        standards and guidelines do not require the use or procurement 
        of specific products, including any specific hardware or 
        software;
            ``(6) to the maximum extent practicable, ensure that such 
        standards and guidelines provide for sufficient flexibility to 
        permit alternative solutions to provide equivalent levels of 
        protection for identified information security risks; and
            ``(7) to the maximum extent practicable, use flexible, 
        performance-based standards and guidelines that permit the use 
        of off-the-shelf commercially developed information security 
        products.
    ``(d) Information Security Functions.--The Institute shall--
            ``(1) submit standards developed pursuant to subsection 
        (a), along with recommendations as to the extent to which these 
        should be made compulsory and binding, to the Secretary of 
        Commerce for promulgation under section 11331 of title 40, 
        United States Code;
            ``(2) provide technical assistance to agencies, upon 
        request, regarding--
                    ``(A) compliance with the standards and guidelines 
                developed under subsection (a);
                    ``(B) detecting and handling information security 
                incidents; and
                    ``(C) information security policies, procedures, 
                and practices;
            ``(3) conduct research, as needed, to determine the nature 
        and extent of information security vulnerabilities and 
        techniques for providing cost-effective information security;
            ``(4) develop and periodically revise performance 
        indicators and measures for agency information security 
        policies and practices;
            ``(5) evaluate private sector information security policies 
        and practices and commercially available information 
        technologies to assess potential application by agencies to 
        strengthen information security;
            ``(6) assist the private sector, upon request, in using and 
        applying the results of activities under this section;
            ``(7) evaluate security policies and practices developed 
        for national security systems to assess potential application 
        by agencies to strengthen information security;
            ``(8) periodically assess the effectiveness of standards 
        and guidelines developed under this section and undertake 
        revisions as appropriate;
            ``(9) solicit and consider the recommendations of the 
        Information Security and Privacy Advisory Board, established by 
        section 21, regarding standards and guidelines developed under 
        subsection (a) and submit such recommendations to the Secretary 
        of Commerce with such standards submitted to the Secretary; and
            ``(10) prepare an annual public report on activities 
        undertaken in the previous year, and planned for the coming 
        year, to carry out responsibilities under this section.
    ``(e) Definitions.--As used in this section--
            ``(1) the term `agency' has the same meaning as provided in 
        section 3502(1) of title 44, United States Code;
            ``(2) the term `information security' has the same meaning 
        as provided in section 3542(b)(1) of such title;
            ``(3) the term `information system' has the same meaning as 
        provided in section 3502(8) of such title;
            ``(4) the term `information technology' has the same 
        meaning as provided in section 11101 of title 40, United States 
        Code; and
            ``(5) the term `national security system' has the same 
        meaning as provided in section 3542(b)(2) of title 44, United 
        States Code.
    ``(f) Authorization of Appropriations.--There are authorized to be 
appropriated to the Secretary of Commerce $20,000,000 for each of 
fiscal years 2003, 2004, 2005, 2006, and 2007 to enable the National 
Institute of Standards and Technology to carry out the provisions of 
this section.''.

SEC. 304. INFORMATION SECURITY AND PRIVACY ADVISORY BOARD.

    Section 21 of the National Institute of Standards and Technology 
Act (15 U.S.C. 278g-4), is amended--
            (1) in subsection (a), by striking ``Computer System 
        Security and Privacy Advisory Board'' and inserting 
        ``Information Security and Privacy Advisory Board'';
            (2) in subsection (a)(1), by striking ``computer or 
        telecommunications'' and inserting ``information technology'';
            (3) in subsection (a)(2)--
                    (A) by striking ``computer or telecommunications 
                technology'' and inserting ``information technology''; 
                and
                    (B) by striking ``computer or telecommunications 
                equipment'' and inserting ``information technology'';
            (4) in subsection (a)(3)--
                    (A) by striking ``computer systems'' and inserting 
                ``information system''; and
                    (B) by striking ``computer systems security'' and 
                inserting ``information security'';
            (5) in subsection (b)(1) by striking ``computer systems 
        security'' and inserting ``information security'';
            (6) in subsection (b) by striking paragraph (2) and 
        inserting the following:
            ``(2) to advise the Institute, the Secretary of Commerce, 
        and the Director of the Office of Management and Budget on 
        information security and privacy issues pertaining to Federal 
        Government information systems, including through review of 
        proposed standards and guidelines developed under section 20; 
        and'';
            (7) in subsection (b)(3) by inserting ``annually'' after 
        ``report'';
            (8) by inserting after subsection (e) the following new 
        subsection:
    ``(f) The Board shall hold meetings at such locations and at such 
time and place as determined by a majority of the Board.'';
            (9) by redesignating subsections (f) and (g) as subsections 
        (g) and (h), respectively; and
            (10) by striking subsection (h), as redesignated by 
        paragraph (9), and inserting the following:
    ``(h) As used in this section, the terms `information system' and 
`information technology' have the meanings given in section 20.''.

SEC. 305. TECHNICAL AND CONFORMING AMENDMENTS.

    (a) Computer Security Act.--Section 11332 of title 40, United 
States Code, and the item relating to that section in the table of 
sections for chapter 113 of such title, are repealed.
    (b) Floyd D. Spence National Defense Authorization Act for Fiscal 
Year 2001.--The Floyd D. Spence National Defense Authorization Act for 
Fiscal Year 2001 (Public Law 106-398) is amended by striking section 
1062 (44 U.S.C. 3531 note).
    (c) Paperwork Reduction Act.--(1) Section 3504(g) of title 44, 
United States Code, is amended--
            (A) by adding ``and'' at the end of paragraph (1);
            (B) in paragraph (2)--
                    (i) by striking ``sections 11331 and 11332(b) and 
                (c) of title 40'' and inserting ``section 11331 of 
                title 40 and subchapter II of this chapter''; and
                    (ii) by striking ``; and'' and inserting a period; 
                and
            (C) by striking paragraph (3).
    (2) Section 3505 of such title is amended by adding at the end--
    ``(c) Inventory of Major Information Systems.--(1) The head of each 
agency shall develop and maintain an inventory of major information 
systems (including major national security systems) operated by or 
under the control of such agency.
    ``(2) The identification of information systems in an inventory 
under this subsection shall include an identification of the interfaces 
between each such system and all other systems or networks, including 
those not operated by or under the control of the agency.
    ``(3) Such inventory shall be--
            ``(A) updated at least annually;
            ``(B) made available to the Comptroller General; and
            ``(C) used to support information resources management, 
        including--
                    ``(i) preparation and maintenance of the inventory 
                of information resources under section 3506(b)(4);
                    ``(ii) information technology planning, budgeting, 
                acquisition, and management under section 3506(h), 
                subtitle III of title 40, and related laws and 
                guidance;
                    ``(iii) monitoring, testing, and evaluation of 
                information security controls under subchapter II;
                    ``(iv) preparation of the index of major 
                information systems required under section 552(g) of 
                title 5, United States Code; and
                    ``(v) preparation of information system inventories 
                required for records management under chapters 21, 29, 
                31, and 33.
    ``(4) The Director shall issue guidance for and oversee the 
implementation of the requirements of this subsection.''.
    (3) Section 3506(g) of such title is amended--
            (A) by adding ``and'' at the end of paragraph (1);
            (B) in paragraph (2)--
                    (i) by striking ``section 11332 of title 40'' and 
                inserting ``subchapter II of this chapter''; and
                    (ii) by striking ``; and'' and inserting a period; 
                and
            (C) by striking paragraph (3).

     TITLE IV--AUTHORIZATION OF APPROPRIATIONS AND EFFECTIVE DATES

SEC. 401. AUTHORIZATION OF APPROPRIATIONS.

    Except for those purposes for which an authorization of 
appropriations is specifically provided in title I or II, including the 
amendments made by such titles, there are authorized to be appropriated 
such sums as are necessary to carry out titles I and II for each of 
fiscal years 2003 through 2007.

SEC. 402. EFFECTIVE DATES.

    (a) Titles I and II.--
            (1) In general.--Except as provided under paragraph (2), 
        titles I and II and the amendments made by such titles shall 
        take effect 120 days after the date of enactment of this Act.
            (2) Immediate enactment.--Sections 207, 214, and 215 shall 
        take effect on the date of enactment of this Act.
    (b) Titles III and IV.--Title III and this title shall take effect 
on the date of enactment of this Act.

TITLE V--CONFIDENTIAL INFORMATION PROTECTION AND STATISTICAL EFFICIENCY

SEC. 501. SHORT TITLE.

    This title may be cited as the ``Confidential Information 
Protection and Statistical Efficiency Act of 2002''.

SEC. 502. DEFINITIONS.

    As used in this title:
            (1) The term ``agency'' means any entity that falls within 
        the definition of the term ``executive agency'' as defined in 
        section 102 of title 31, United States Code, or ``agency'', as 
        defined in section 3502 of title 44, United States Code.
            (2) The term ``agent'' means an individual--
                    (A)(i) who is an employee of a private organization 
                or a researcher affiliated with an institution of 
                higher learning (including a person granted special 
                sworn status by the Bureau of the Census under section 
                23(c) of title 13, United States Code), and with whom a 
                contract or other agreement is executed, on a temporary 
                basis, by an executive agency to perform exclusively 
                statistical activities under the control and 
                supervision of an officer or employee of that agency;
                    (ii) who is working under the authority of a 
                government entity with which a contract or other 
                agreement is executed by an executive agency to perform 
                exclusively statistical activities under the control of 
                an officer or employee of that agency;
                    (iii) who is a self-employed researcher, a 
                consultant, a contractor, or an employee of a 
                contractor, and with whom a contract or other agreement 
                is executed by an executive agency to perform a 
                statistical activity under the control of an officer or 
                employee of that agency; or
                    (iv) who is a contractor or an employee of a 
                contractor, and who is engaged by the agency to design 
                or maintain the systems for handling or storage of data 
                received under this title; and
                    (B) who agrees in writing to comply with all 
                provisions of law that affect information acquired by 
                that agency.
            (3) The term ``business data'' means operating and 
        financial data and information about businesses, tax-exempt 
        organizations, and government entities.
            (4) The term ``identifiable form'' means any representation 
        of information that permits the identity of the respondent to 
        whom the information applies to be reasonably inferred by 
        either direct or indirect means.
            (5) The term ``nonstatistical purpose''--
                    (A) means the use of data in identifiable form for 
                any purpose that is not a statistical purpose, 
                including any administrative, regulatory, law 
                enforcement, adjudicatory, or other purpose that 
                affects the rights, privileges, or benefits of a 
                particular identifiable respondent; and
                    (B) includes the disclosure under section 552 of 
                title 5, United States Code (popularly known as the 
                Freedom of Information Act) of data that are acquired 
                for exclusively statistical purposes under a pledge of 
                confidentiality.
            (6) The term ``respondent'' means a person who, or 
        organization that, is requested or required to supply 
        information to an agency, is the subject of information 
        requested or required to be supplied to an agency, or provides 
        that information to an agency.
            (7) The term ``statistical activities''--
                    (A) means the collection, compilation, processing, 
                or analysis of data for the purpose of describing or 
                making estimates concerning the whole, or relevant 
                groups or components within, the economy, society, or 
                the natural environment; and
                    (B) includes the development of methods or 
                resources that support those activities, such as 
                measurement methods, models, statistical 
                classifications, or sampling frames.
            (8) The term ``statistical agency or unit'' means an agency 
        or organizational unit of the executive branch whose activities 
        are predominantly the collection, compilation, processing, or 
        analysis of information for statistical purposes.
            (9) The term ``statistical purpose''--
                    (A) means the description, estimation, or analysis 
                of the characteristics of groups, without identifying 
                the individuals or organizations that comprise such 
                groups; and
                    (B) includes the development, implementation, or 
                maintenance of methods, technical or administrative 
                procedures, or information resources that support the 
                purposes described in subparagraph (A).

SEC. 503. COORDINATION AND OVERSIGHT OF POLICIES.

    (a) In General.--The Director of the Office of Management and 
Budget shall coordinate and oversee the confidentiality and disclosure 
policies established by this title. The Director may promulgate rules 
or provide other guidance to ensure consistent interpretation of this 
title by the affected agencies.
    (b) Agency Rules.--Subject to subsection (c), agencies may 
promulgate rules to implement this title. Rules governing disclosures 
of information that are authorized by this title shall be promulgated 
by the agency that originally collected the information.
    (c) Review and Approval of Rules.--The Director shall review any 
rules proposed by an agency pursuant to this title for consistency with 
the provisions of this title and chapter 35 of title 44, United States 
Code, and such rules shall be subject to the approval of the Director.
    (d) Reports.--
            (1) The head of each agency shall provide to the Director 
        of the Office of Management and Budget such reports and other 
        information as the Director requests.
            (2) Each Designated Statistical Agency referred to in 
        section 522 shall report annually to the Director of the Office 
        of Management and Budget, the Committee on Government Reform of 
        the House of Representatives, and the Committee on Governmental 
        Affairs of the Senate on the actions it has taken to implement 
        sections 523 and 524. The report shall include copies of each 
        written agreement entered into pursuant to section 524(a) for 
        the applicable year.
            (3) The Director of the Office of Management and Budget 
        shall include a summary of reports submitted to the Director 
        under paragraph (2) and actions taken by the Director to 
        advance the purposes of this title in the annual report to the 
        Congress on statistical programs prepared under section 
        3504(e)(2) of title 44, United States Code.

SEC. 504. EFFECT ON OTHER LAWS.

    (a) Title 44, United States Code.--This title, including amendments 
made by this title, does not diminish the authority under section 3510 
of title 44, United States Code, of the Director of the Office of 
Management and Budget to direct, and of an agency to make, disclosures 
that are not inconsistent with any applicable law.
    (b) Title 13 and Title 44, United States Code.--This title, 
including amendments made by this title, does not diminish the 
authority of the Bureau of the Census to provide information in 
accordance with sections 8, 16, 301, and 401 of title 13, United States 
Code, and section 2108 of title 44, United States Code.
    (c) Title 13, United States Code.--This title, including amendments 
made by this title, shall not be construed as authorizing the 
disclosure for nonstatistical purposes of demographic data or 
information collected by the Census Bureau pursuant to section 9 of 
title 13, United States Code.
    (d) Various Energy Statutes.--Data or information acquired by the 
Energy Information Administration under a pledge of confidentiality and 
designated by the Energy Information Administration to be used for 
exclusively statistical purposes shall not be disclosed in identifiable 
form for nonstatistical purposes under--
            (1) section 12, 20, or 59 of the Federal Energy 
        Administration Act of 1974 (15 U.S.C. 771, 779, 790h);
            (2) section 11 of the Energy Supply and Environmental 
        Coordination Act of 1974 (15 U.S.C. 796); or
            (3) section 205 or 407 of the Department of the Energy 
        Organization Act of 1977 (42 U.S.C. 7135, 7177).
    (e) Section 201  of Congressional Budget Act of 1974.--This title, 
including amendments made by this title, shall not be construed to 
limit any authorities of the Congressional Budget Office to work 
(consistent with laws governing the confidentiality of information the 
disclosure of which would be a violation of law) with databases of 
Designated Statistical Agencies (as defined in section 522), either 
separately or, for data that may be shared pursuant to section 524 of 
this title or other authority, jointly in order to improve the general 
utility of these databases for the statistical purpose of analyzing 
pension and health care financing issues.
    (f) Preemption of State Law.--Nothing in this title shall preempt 
applicable State law regarding the confidentiality of data collected by 
the States.
    (g) Statutes Regarding False Statements.--Notwithstanding section 
512, information collected by an agency for exclusively statistical 
purposes under a pledge of confidentiality may be provided by the 
collecting agency to a law enforcement agency for the prosecution of 
submissions to the collecting agency of false statistical information 
under statutes that authorize criminal penalties (such as section 221 
of title 13, United States Code) or civil penalties for the provision 
of false statistical information, unless such disclosure or use would 
otherwise be prohibited under Federal law.
    (h) Construction.--Nothing in this title shall be construed as 
restricting or diminishing any confidentiality protections or penalties 
for unauthorized disclosure that otherwise apply to data or information 
collected for statistical purposes or nonstatistical purposes, 
including, but not limited to, section 6103 of the Internal Revenue 
Code of 1986 (26 U.S.C. 6103).
    (i) Authority of Congress.--Nothing in this title shall be 
construed to affect the authority of the Congress, including its 
committees, members, or agents, to obtain data or information for a 
statistical purpose, including for oversight of an agency's statistical 
activities.

            Subtitle A--Confidential Information Protection

SEC. 511. FINDINGS AND PURPOSES.

    (a) Findings.--The Congress finds the following:
            (1) Individuals, businesses, and other organizations have 
        varying degrees of legal protection when providing information 
        to the agencies for strictly statistical purposes.
            (2) Pledges of confidentiality by agencies provide 
        assurances to the public that information about individuals or 
        organizations or provided by individuals or organizations for 
        exclusively statistical purposes will be held in confidence and 
        will not be used against such individuals or organizations in 
        any agency action.
            (3) Protecting the confidentiality interests of individuals 
        or organizations who provide information under a pledge of 
        confidentiality for Federal statistical programs serves both 
        the interests of the public and the needs of society.
            (4) Declining trust of the public in the protection of 
        information provided under a pledge of confidentiality to the 
        agencies adversely affects both the accuracy and completeness 
        of statistical analyses.
            (5) Ensuring that information provided under a pledge of 
        confidentiality for statistical purposes receives protection is 
        essential in continuing public cooperation in statistical 
        programs.
    (b) Purposes.--The purposes of this subtitle are the following:
            (1) To ensure that information supplied by individuals or 
        organizations to an agency for statistical purposes under a 
        pledge of confidentiality is used exclusively for statistical 
        purposes.
            (2) To ensure that individuals or organizations who supply 
        information under a pledge of confidentiality to agencies for 
        statistical purposes will neither have that information 
        disclosed in identifiable form to anyone not authorized by this 
        title nor have that information used for any purpose other than 
        a statistical purpose.
            (3) To safeguard the confidentiality of individually 
        identifiable information acquired under a pledge of 
        confidentiality for statistical purposes by controlling access 
        to, and uses made of, such information.

SEC. 512. LIMITATIONS ON USE AND DISCLOSURE OF DATA AND INFORMATION.

    (a) Use of Statistical Data or Information.--Data or information 
acquired by an agency under a pledge of confidentiality and for 
exclusively statistical purposes shall be used by officers, employees, 
or agents of the agency exclusively for statistical purposes.
    (b) Disclosure of Statistical Data or Information.--
            (1) Data or information acquired by an agency under a 
        pledge of confidentiality for exclusively statistical purposes 
        shall not be disclosed by an agency in identifiable form, for 
        any use other than an exclusively statistical purpose, except 
        with the informed consent of the respondent.
            (2) A disclosure pursuant to paragraph (1) is authorized 
        only when the head of the agency approves such disclosure and 
        the disclosure is not prohibited by any other law.
            (3) This section does not restrict or diminish any 
        confidentiality protections in law that otherwise apply to data 
        or information acquired by an agency under a pledge of 
        confidentiality for exclusively statistical purposes.
    (c) Rule for Use of Data or Information for Nonstatistical 
Purposes.--A statistical agency or unit shall clearly distinguish any 
data or information it collects for nonstatistical purposes (as 
authorized by law) and provide notice to the public, before the data or 
information is collected, that the data or information could be used 
for nonstatistical purposes.
    (d) Designation of Agents.--A statistical agency or unit may 
designate agents, by contract or by entering into a special agreement 
containing the provisions required under section 502(2) for treatment 
as an agent under that section, who may perform exclusively statistical 
activities, subject to the limitations and penalties described in this 
title.

SEC. 513. FINES AND PENALTIES.

    Whoever, being an officer, employee, or agent of an agency 
acquiring information for exclusively statistical purposes, having 
taken and subscribed the oath of office, or having sworn to observe the 
limitations imposed by section 512, comes into possession of such 
information by reason of his or her being an officer, employee, or 
agent and, knowing that the disclosure of the specific information is 
prohibited under the provisions of this title, willfully discloses the 
information in any manner to a person or agency not entitled to receive 
it, shall be guilty of a class E felony and imprisoned for not more 
than 5 years, or fined not more than $250,000, or both.

                   Subtitle B--Statistical Efficiency

SEC. 521. FINDINGS AND PURPOSES.

    (a) Findings.--The Congress finds the following:
            (1) Federal statistics are an important source of 
        information for public and private decision-makers such as 
        policymakers, consumers, businesses, investors, and workers.
            (2) Federal statistical agencies should continuously seek 
        to improve their efficiency. Statutory constraints limit the 
        ability of these agencies to share data and thus to achieve 
        higher efficiency for Federal statistical programs.
            (3) The quality of Federal statistics depends on the 
        willingness of businesses to respond to statistical surveys. 
        Reducing reporting burdens will increase response rates, and 
        therefore lead to more accurate characterizations of the 
        economy.
            (4) Enhanced sharing of business data among the Bureau of 
        the Census, the Bureau of Economic Analysis, and the Bureau of 
        Labor Statistics for exclusively statistical purposes will 
        improve their ability to track more accurately the large and 
        rapidly changing nature of United States business. In 
        particular, the statistical agencies will be able to better 
        ensure that businesses are consistently classified in 
        appropriate industries, resolve data anomalies, produce 
        statistical samples that are consistently adjusted for the 
        entry and exit of new businesses in a timely manner, and 
        correct faulty reporting errors quickly and efficiently.
            (5) The Congress enacted the International Investment and 
        Trade in Services Act of 1990 that allowed the Bureau of the 
        Census, the Bureau of Economic Analysis, and the Bureau of 
        Labor Statistics to share data on foreign-owned companies. The 
        Act not only expanded detailed industry coverage from 135 
        industries to over 800 industries with no increase in the data 
        collected from respondents but also demonstrated how data 
        sharing can result in the creation of valuable data products.
            (6) With subtitle A of this title, the sharing of business 
        data among the Bureau of the Census, the Bureau of Economic 
        Analysis, and the Bureau of Labor Statistics continues to 
        ensure the highest level of confidentiality for respondents to 
        statistical surveys.
    (b) Purposes.--The purposes of this subtitle are the following:
            (1) To authorize the sharing of business data among the 
        Bureau of the Census, the Bureau of Economic Analysis, and the 
        Bureau of Labor Statistics for exclusively statistical 
        purposes.
            (2) To reduce the paperwork burdens imposed on businesses 
        that provide requested information to the Federal Government.
            (3) To improve the comparability and accuracy of Federal 
        economic statistics by allowing the Bureau of the Census, the 
        Bureau of Economic Analysis, and the Bureau of Labor Statistics 
        to update sample frames, develop consistent classifications of 
        establishments and companies into industries, improve coverage, 
        and reconcile significant differences in data produced by the 
        three agencies.
            (4) To increase understanding of the United States economy, 
        especially for key industry and regional statistics, to develop 
        more accurate measures of the impact of technology on 
        productivity growth, and to enhance the reliability of the 
        Nation's most important economic indicators, such as the 
        National Income and Product Accounts.

SEC. 522. DESIGNATION OF STATISTICAL AGENCIES.

    For purposes of this subtitle, the term ``Designated Statistical 
Agency'' means each of the following:
            (1) The Bureau of the Census of the Department of Commerce.
            (2) The Bureau of Economic Analysis of the Department of 
        Commerce.
            (3) The Bureau of Labor Statistics of the Department of 
        Labor.

SEC. 523. RESPONSIBILITIES OF DESIGNATED STATISTICAL AGENCIES.

    The head of each of the Designated Statistical Agencies shall--
            (1) identify opportunities to eliminate duplication and 
        otherwise reduce reporting burden and cost imposed on the 
        public in providing information for statistical purposes;
            (2) enter into joint statistical projects to improve the 
        quality and reduce the cost of statistical programs; and
            (3) protect the confidentiality of individually 
        identifiable information acquired for statistical purposes by 
        adhering to safeguard principles, including--
                    (A) emphasizing to their officers, employees, and 
                agents the importance of protecting the confidentiality 
                of information in cases where the identity of 
                individual respondents can reasonably be inferred by 
                either direct or indirect means;
                    (B) training their officers, employees, and agents 
                in their legal obligations to protect the 
                confidentiality of individually identifiable 
                information and in the procedures that must be followed 
                to provide access to such information;
                    (C) implementing appropriate measures to assure the 
                physical and electronic security of confidential data;
                    (D) establishing a system of records that 
                identifies individuals accessing confidential data and 
                the project for which the data were required; and
                    (E) being prepared to document their compliance 
                with safeguard principles to other agencies authorized 
                by law to monitor such compliance.

SEC. 524. SHARING OF BUSINESS DATA AMONG DESIGNATED STATISTICAL 
              AGENCIES.

    (a) In General.--A Designated Statistical Agency may provide 
business data in an identifiable form to another Designated Statistical 
Agency under the terms of a written agreement among the agencies 
sharing the business data that specifies--
            (1) the business data to be shared;
            (2) the statistical purposes for which the business data 
        are to be used;
            (3) the officers, employees, and agents authorized to 
        examine the business data to be shared; and
            (4) appropriate security procedures to safeguard the 
        confidentiality of the business data.
    (b) Responsibilities of Agencies Under Other Laws.--The provision 
of business data by an agency to a Designated Statistical Agency under 
this subtitle shall in no way alter the responsibility of the agency 
providing the data under other statutes (including section 552 of title 
5, United States Code (popularly known as the Freedom of Information 
Act), and section 552b of title 5, United States Code (popularly known 
as the Privacy Act of 1974)) with respect to the provision or 
withholding of such information by the agency providing the data.
    (c) Responsibilities of Officers, Employees, and Agents.--
Examination of business data in identifiable form shall be limited to 
the officers, employees, and agents authorized to examine the 
individual reports in accordance with written agreements pursuant to 
this section. Officers, employees, and agents of a Designated 
Statistical Agency who receive data pursuant to this subtitle shall be 
subject to all provisions of law, including penalties, that relate--
            (1) to the unlawful provision of the business data that 
        would apply to the officers, employees, and agents of the 
        agency that originally obtained the information; and
            (2) to the unlawful disclosure of the business data that 
        would apply to officers, employees, and agents of the agency 
        that originally obtained the information.
    (d) Notice.--Whenever a written agreement concerns data that 
respondents were required by law to report and the respondents were not 
informed that the data could be shared among the Designated Statistical 
Agencies, for exclusively statistical purposes, the terms of such 
agreement shall be described in a public notice issued by the agency 
that intends to provide the data. Such notice shall allow a minimum of 
60 days for public comment.

SEC. 525. LIMITATIONS ON USE OF BUSINESS DATA PROVIDED BY DESIGNATED 
              STATISTICAL AGENCIES.

    (a) Use, Generally.--Business data provided by a Designated 
Statistical Agency pursuant to this subtitle shall be used exclusively 
for statistical purposes.
    (b) Publication.--Publication of business data acquired by a 
Designated Statistical Agency shall occur in a manner whereby the data 
furnished by any particular respondent are not in identifiable form.

SEC. 526. CONFORMING AMENDMENTS.

    (a) Department of Commerce.--Section 1 of the Act of January 27, 
1938 (15 U.S.C. 176a) is amended by striking ``The'' and inserting 
``Except as provided in the Confidential Information Protection and 
Statistical Efficiency Act of 2002, the''.
    (b) Title 13.--Chapter 10 of title 13, United States Code, is 
amended--
            (1) by adding after section 401 the following:
``Sec. 402. Providing business data to Designated Statistical Agencies
    ``The Bureau of the Census may provide business data to the Bureau 
of Economic Analysis and the Bureau of Labor Statistics (`Designated 
Statistical Agencies') if such information is required for an 
authorized statistical purpose and the provision is the subject of a 
written agreement with that Designated Statistical Agency, or their 
successors, as defined in the Confidential Information Protection and 
Statistical Efficiency Act of 2002.''; and
            (2) in the table of sections for the chapter by adding 
        after the item relating to section 401 the following:

``402. Providing business data to Designated Statistical Agencies.''.

            Passed the House of Representatives November 15 
      (legislative day, November 14), 2002.

            Attest:

                                                                 Clerk.
107th CONGRESS

  2d Session

                               H. R. 2458

_______________________________________________________________________

                                 AN ACT

   To enhance the management and promotion of electronic Government 
  services and processes by establishing a Federal Chief Information 
Officer within the Office of Management and Budget, and by establishing 
    a broad framework of measures that require using Internet-based 
    information technology to enhance citizen access to Government 
           information and services, and for other purposes.