1.This Act may be cited as the
Secure Federal File Sharing
Act
.
2.
(a)Updated guidance
on use of certain software programsNot later than 90 days after
the date of the enactment of this Act, the Director of the Office of Management
and Budget, after consultation with the Federal Chief Information Officers
Council, shall issue guidance on the use of peer-to-peer file sharing
software—
(1)to prohibit the
download, installation, or use by Government employees and contractors of
open-network peer-to-peer file sharing software on all Federal computers,
computer systems, and networks, including those operated by contractors on the
Government’s behalf, unless such software is approved in accordance with
procedures under subsection (b); and
(2)to address the download, installation, or
use by Government employees and contractors of such software on home or
personal computers as it relates to telework and remotely accessing Federal
computers, computer systems, and networks, including those operated by
contractors on the Government’s behalf.
(b)Approval process
for certain software programsNot later than 90 days after the
date of the enactment of this Act, the Director of the Office of Management and
Budget shall develop a procedure by which the Director, in consultation with
the Chief Information Officer, may receive requests from heads of agencies or
chief information officers of agencies for approval for use by Government
employees and contractors of specific open-network peer-to-peer file sharing
software programs that are—
(1)necessary for the
day-to-day business operations of the agency;
(2)instrumental in
completing a particular task or project that directly supports the agency’s
overall mission;
(3)necessary for use
between, among, or within Federal, State, or local government agencies in order
to perform official agency business; or
(4)necessary for use
during the course of a law enforcement investigation.
(c)Not later
than 180 days after the date of enactment of this Act, the Director of the
Office of Management and Budget shall—
(1)direct agencies to
establish or update personal use policies of the agency to be consistent with
the guidance issued pursuant to subsection (a);
(2)direct agencies to
require any contract awarded by the agency to include a requirement that the
contractor comply with the guidance issued pursuant to subsection (a) in the
performance of the contract;
(3)direct agencies to
update their information technology security or ethics training policies to
ensure that all employees, including those working for contractors on the
Government’s behalf, are aware of the requirements of the guidance required by
subsection (a) and the consequences of engaging in prohibited conduct;
and
(4)direct agencies to
ensure that proper security controls are in place to prevent, detect, and
remove file sharing software that is prohibited by the guidance issued pursuant
to subsection (a) from all Federal computers, computer systems, and networks,
including those operated by contractors on the Government’s behalf.
3.Not later than 1 year
after the date of the enactment of this Act, and annually thereafter, the
Director of the Office of Management and Budget shall submit to the Committee
on Oversight and Government Reform of the House of Representatives and the
Committee on Homeland Security and Governmental Affairs of the Senate a report
on the implementation of this Act, including—
(1)a
justification for each open-network peer-to-peer file sharing software program
that is approved pursuant to subsection (b); and
(2)an inventory of
the agencies where such programs are being used.
4.In this Act:
(1)The
term agency
has the meaning provided the term Executive
agency
by section 105 of title 5, United States
Code.
(2)The
term open-network
, with respect to software, means a network in
which—
(A)access is granted
freely, without limitation or restriction; or
(B)there are little
or no security measures in place.
(3)Peer-to-peer
file sharing softwareThe term peer-to-peer file sharing
software
—
(A)means a program, application, or software
that is commercially marketed or distributed to the public and that
enables—
(i)a file or files on the computer on which
such program is installed to be designated as available for searching and
copying to one or more other computers;
(ii)the
searching of files on the computer on which such program is installed and the
copying of any such file to another computer—
(I)at the initiative of such other computer
and without requiring any action by an owner or authorized user of the computer
on which such program is installed; and
(II)without requiring
an owner or authorized user of the computer on which such program is installed
to have selected or designated another computer as the recipient of any such
file; and
(iii)an owner or authorized user of the computer
on which such program is installed to search files on one or more other
computers using the same or a compatible program, application, or software, and
copy such files to such owner or user’s computer; and
(B)does not include a program, application, or
software designed primarily—
(i)to
operate as a server that is accessible over the Internet using the Internet
Domain Name system;
(ii)to
transmit or receive email messages, instant messaging, real-time audio or video
communications, or real-time voice communications; or
(iii)to
provide network or computer security (including the detection or prevention of
fraudulent activities), network management, maintenance, diagnostics, or
technical support or repair.
(4)The
term contractor
means a prime contractor or a subcontractor, as
defined by the Federal Acquisition Regulation.
5.Budgetary effects
of PAYGO legislation for this ActThe budgetary effects of this Act, for the
purpose of complying with the Statutory Pay-As-You-Go Act of 2010, shall be
determined by reference to the latest statement titled Budgetary Effects
of PAYGO Legislation
for this Act, submitted for printing in the
Congressional Record by the Chairman of the House Budget Committee, provided
that such statement has been submitted prior to the vote on passage.
Passed the House of
Representatives March 24, 2010.
Lorraine C. Miller,
Clerk.