[Congressional Bills 115th Congress]
[From the U.S. Government Publishing Office]
[S. 990 Introduced in Senate (IS)]

<DOC>






115th CONGRESS
  1st Session
                                 S. 990

To modernize Government information technology, and for other purposes.


_______________________________________________________________________


                   IN THE SENATE OF THE UNITED STATES

                             April 28, 2017

    Mr. Moran (for himself, Mr. Udall, Mr. Daines, and Mr. Warner) 
introduced the following bill; which was read twice and referred to the 
        Committee on Homeland Security and Governmental Affairs

_______________________________________________________________________

                                 A BILL


 
To modernize Government information technology, and for other purposes.

    Be it enacted by the Senate and House of Representatives of the 
United States of America in Congress assembled,

SECTION 1. SHORT TITLE.

    This Act may be cited as the ``Modernizing Government Technology 
Act of 2017'' or the ``MGT Act''.

SEC. 2. FINDINGS; PURPOSES.

    (a) Findings.--The Congress finds the following:
            (1) The Federal Government spends nearly 75 percent of its 
        annual information technology funding on operating and 
        maintaining existing legacy information technology systems. 
        These systems can pose operational risks, including rising 
        costs and inability to meet mission requirements. These systems 
        also pose security risks, including the inability to use 
        current security best practices, such as data encryption and 
        multi-factor authentication, making these systems particularly 
        vulnerable to malicious cyber activity.
            (2) In 2015, the Government Accountability Office 
        designated improving the management of information technology 
        acquisitions and operations to its biannual High Risk List and 
        identified as a particular concern the increasing level of 
        information technology spending on operations and maintenance, 
        making less funding available for development or modernization. 
        The Government Accountability Office also found that the 
        Federal Government has spent billions on failed and poorly 
        performing information technology investments due to a lack of 
        effective oversight.
            (3) The Federal Government must modernize Federal 
        information technology systems to mitigate existing operational 
        and security risks.
            (4) The efficiencies, cost savings, and greater computing 
        power offered by modernized solutions, such as cloud computing, 
        have the potential to--
                    (A) eliminate inappropriate duplication and reduce 
                costs;
                    (B) address the critical need for cybersecurity by 
                design; and
                    (C) move the Federal Government into a broad, 
                digital-services delivery model that will transform the 
                ability of the Federal Government to meet mission 
                requirements and deliver services to the people of the 
                United States.
    (b) Purposes.--The purposes of this Act are the following:
            (1) Assist the Federal Government in modernizing Federal 
        information technology to mitigate current operational and 
        security risks.
            (2) Incentivize cost savings in Federal information 
        technology through modernization.
            (3) Accelerate the acquisition and deployment of modernized 
        information technology solutions, such as cloud computing, by 
        addressing impediments in the areas of funding, development, 
        and acquisition practices.

SEC. 3. ESTABLISHMENT OF AGENCY INFORMATION TECHNOLOGY SYSTEMS 
              MODERNIZATION AND WORKING CAPITAL FUNDS.

    (a) Information Technology System Modernization and Working Capital 
Funds.--
            (1) Establishment.--The head of a covered agency may 
        establish within such agency an information technology system 
        modernization and working capital fund (in this section 
        referred to as the ``IT working capital fund'') for necessary 
        expenses described in paragraph (3).
            (2) Source of funds.--The following amounts may be 
        deposited into an IT working capital fund:
                    (A) Reprogramming and transfer of funds made 
                available in appropriations Acts subsequent to the date 
                of the enactment of this Act, including transfer of any 
                funds for the operation and maintenance of legacy 
                information technology systems, in compliance with any 
                applicable reprogramming law or guidelines of the 
                Committees on Appropriations of the House of 
                Representatives and the Senate.
                    (B) Amounts made available to the IT working 
                capital fund through discretionary appropriations made 
                available subsequent to the date of the enactment of 
                this Act.
            (3) Use of funds.--An IT working capital fund established 
        under paragraph (1) may be used, subject to the availability of 
        appropriations, only for the following:
                    (A) To improve, retire, or replace existing 
                information technology systems in the covered agency to 
                enhance cybersecurity and to improve efficiency and 
                effectiveness.
                    (B) To transition legacy information technology at 
                the covered agency to cloud computing and other 
                innovative platforms and technologies, including those 
                serving more than one covered agency with common 
                requirements.
                    (C) To assist and support covered agency efforts to 
                provide adequate, risk-based, and cost-effective 
                information technology capabilities that address 
                evolving threats to information security.
                    (D) To reimburse funds transferred to the covered 
                agency from the Technology Modernization Fund 
                established under section 4, with the approval of the 
                Chief Information Officer of the covered agency.
            (4) Existing funds.--An IT working capital fund may not be 
        used to supplant funds provided for the operation and 
        maintenance of any system within an appropriation for the 
        covered agency at the time of establishment of the IT working 
        capital fund.
            (5) Prioritization of funds.--The head of each covered 
        agency shall prioritize funds within the IT working capital 
        fund to be used initially for cost savings activities approved 
        by the Chief Information Officer of the covered agency, in 
        consultation with the Administrator of the Office of Electronic 
        Government. The head of each covered agency may reprogram and 
        transfer any amounts saved as a direct result of such 
        activities for deposit into the applicable IT working capital 
        fund, consistent with paragraph (2)(A).
            (6) Return of funds.--Any funds deposited into an IT 
        working capital fund shall be available for obligation for 
        three years after the last day of the fiscal year in which such 
        funds were deposited.
            (7) Agency cio responsibilities.--In evaluating projects to 
        be funded from the IT working capital fund, the Chief 
        Information Officer of the covered agency shall consider, to 
        the extent applicable, guidance issued pursuant to section 
        4(a)(1) to evaluate applications for funding from the 
        Technology Modernization Fund established under that section 
        that include factors such as a strong business case, technical 
        design, procurement strategy (including adequate use of 
        incremental software development practices), and program 
        management.
    (b) Reporting Requirement.--
            (1) In general.--Not later than one year after the date of 
        the enactment of this Act, and every six months thereafter, the 
        head of each covered agency shall submit to the Director the 
        following, with respect to the IT working capital fund for the 
        covered agency:
                    (A) A list of each information technology 
                investment funded with estimated cost and completion 
                date for each such investment.
                    (B) A summary by fiscal year of obligations, 
                expenditures, and unused balances.
            (2) Public availability.--The Director shall make the 
        information submitted under paragraph (1) publicly available on 
        a website.
    (c) Covered Agency Defined.--In this section, the term ``covered 
agency'' means each agency listed in section 901(b) of title 31, United 
States Code.

SEC. 4. ESTABLISHMENT OF TECHNOLOGY MODERNIZATION FUND AND BOARD.

    (a) Technology Modernization Fund.--
            (1) Establishment.--There is established in the Treasury of 
        the United States a Technology Modernization Fund (in this 
        section referred to as the ``Fund'') for technology-related 
        activities, to improve information technology, to enhance 
        cybersecurity across the Federal Government, and to be 
        administered in accordance with guidance issued by the 
        Director.
            (2) Administration of fund.--The Commissioner of the 
        Technology Transformation Service of the General Services 
        Administration, in consultation with the Chief Information 
        Officers Council and with the approval of the Director, shall 
        administer the Fund in accordance with this subsection.
            (3) Use of funds.--The Commissioner shall, in accordance 
        with the recommendations of the Technology Modernization Board 
        established under subsection (b), use amounts in the Fund for 
        the following purposes:
                    (A) To transfer such amounts, to remain available 
                until expended, to the head of an agency to improve, 
                retire, or replace existing Federal information 
                technology systems to enhance cybersecurity and improve 
                efficiency and effectiveness.
                    (B) For the development, operation, and procurement 
                of information technology products, services, and 
                acquisition vehicles for use by agencies to improve 
                Governmentwide efficiency and cybersecurity in 
                accordance with the requirements of such agencies.
                    (C) To provide services or work performed in 
                support of the activities described under subparagraph 
                (A) or (B).
            (4) Authorization of appropriations; credits; availability 
        of funds.--
                    (A) Authorization of appropriations.--There is 
                authorized to be appropriated to the Fund $250,000,000 
                for each of fiscal years 2018 and 2019.
                    (B) Credits.--In addition to any funds otherwise 
                appropriated, the Fund shall be credited with all 
                reimbursements, advances, or refunds or recoveries 
                relating to information technology or services provided 
                through the Fund.
                    (C) Availability of funds.--Amounts deposited, 
                credited, or otherwise made available to the Fund shall 
                be available, as provided in appropriations Acts, until 
                expended for the purposes described in paragraph (3).
            (5) Reimbursement.--
                    (A) Payment by agency.--For a product or service 
                developed under paragraph (3)(B), including any 
                services or work performed in support of such 
                development under paragraph (3)(C), the head of an 
                agency that uses such product or service shall pay an 
                amount fixed by the Commissioner in accordance with 
                this paragraph.
                    (B) Reimbursement by agency.--The head of an agency 
                shall reimburse the Fund for any transfer made under 
                paragraph (3)(A), including any services or work 
                performed in support of such transfer under paragraph 
                (3)(C), in accordance with the terms established in a 
                written agreement described in paragraph (6). 
                Notwithstanding any other provision of law, an agency 
                may make a reimbursement required by this subparagraph 
                from any appropriation made available subsequent to the 
                date of the enactment of this Act for information 
                technology activities, consistent with any applicable 
                reprogramming law or guidelines of the Committees on 
                Appropriations of the House of Representatives and the 
                Senate. An obligation to make a payment under a written 
                agreement described in paragraph (6) in a fiscal year 
                after the date of the enactment of this Act shall be 
                recorded pursuant to section 1501 of title 31, United 
                States Code, in the fiscal year in which the payment is 
                due.
                    (C) Prices fixed by commissioner.--The 
                Commissioner, in consultation with the Director, shall 
                establish amounts to be paid by an agency and terms of 
                repayment for use of a product or service developed 
                under paragraph (3)(B), including any services or work 
                performed in support of such development under 
                paragraph (3)(C), at levels sufficient to ensure the 
                solvency of the Fund, including operating expenses. 
                Before making any changes to the established amounts 
                and terms of repayment, the Commissioner shall conduct 
                a review and obtain approval from the Director.
                    (D) Failure to make timely reimbursement.--The 
                Commissioner may obtain reimbursement by the issuance 
                of transfer and counterwarrants, or other lawful 
                transfer documents, supported by itemized bills, if 
                payment is not made by an agency--
                            (i) within 90 days after the expiration of 
                        a repayment period described in a written 
                        agreement described in paragraph (6); or
                            (ii) within 45 days after the expiration of 
                        the time period to make a payment under a 
                        payment schedule for a product or service 
                        developed under paragraph (3)(B).
            (6) Written agreement.--
                    (A) In general.--Before the transfer of funds to an 
                agency under paragraph (3)(A), the Commissioner (in 
                consultation with the Director) and the head of the 
                requisitioning agency shall enter into a written 
                agreement documenting the purpose for which the funds 
                will be used and the terms of repayment, which may not 
                exceed five years unless approved by the Director. An 
                agreement made pursuant to this subparagraph shall be 
                recorded as an obligation as provided in paragraph 
                (5)(B).
                    (B) Requirement for use of incremental development 
                practices.--For any funds transferred to an agency 
                under paragraph (3)(A), in the absence of compelling 
                circumstances documented by the Commissioner at the 
                time of transfer, such funds shall be transferred only 
                on an incremental basis, tied to metric-based 
                development milestones achieved by the agency, to be 
                described in a written agreement required under 
                subparagraph (A).
            (7) Reporting requirement.--Not later than six months after 
        the date of the enactment of this Act, the Director shall 
        publish and maintain a list of each project funded by the Fund 
        on a public website, to be updated not less than quarterly, 
        that includes a description of the project, project status 
        (including any schedule delay and cost overruns), and financial 
        expenditure data related to the project.
    (b) Technology Modernization Board.--
            (1) Establishment.--There is established a Technology 
        Modernization Board (in this section referred to as the 
        ``Board'') to evaluate proposals submitted by agencies for 
        funding authorized under the Fund.
            (2) Responsibilities.--The responsibilities of the Board 
        are the following:
                    (A) Provide input to the Director for the 
                development of processes for agencies to submit 
                modernization proposals to the Board and to establish 
                the criteria by which such proposals are evaluated, 
                which shall include addressing the greatest security 
                and operational risks, having the greatest 
                Governmentwide impact, and having a high probability of 
                success based on factors such as a strong business 
                case, technical design, procurement strategy (including 
                adequate use of incremental software development 
                practices), and program management.
                    (B) Make recommendations to the Commissioner to 
                assist agencies in the further development and 
                refinement of select submitted modernization proposals, 
                based on an initial evaluation performed with the 
                assistance of the Commissioner.
                    (C) Review and prioritize, with the assistance of 
                the Commissioner and the Director, modernization 
                proposals based on criteria established pursuant to 
                subparagraph (A).
                    (D) Identify, with the assistance of the 
                Commissioner, opportunities to improve or replace 
                multiple information technology systems with a smaller 
                number of information technology systems common to 
                multiple agencies.
                    (E) Recommend the funding of modernization 
                projects, in accordance with the uses described in 
                subsection (a)(3), to the Commissioner.
                    (F) Monitor, in consultation with the Commissioner, 
                progress and performance in executing approved projects 
                and, if necessary, recommend the suspension or 
                termination of funding for projects based on factors 
                such as failure to meet the terms of a written 
                agreement described in subsection (a)(6).
                    (G) Monitor operating costs of the Fund.
            (3) Membership.--The Board shall consist of eight voting 
        members.
            (4) Chair.--The Chair of the Board shall be the 
        Administrator of the Office of Electronic Government.
            (5) Permanent members.--The permanent members of the Board 
        shall be the following:
                    (A) The Administrator of the Office of Electronic 
                Government.
                    (B) A senior official from the General Services 
                Administration having technical expertise in 
                information technology development, appointed by the 
                Administrator of General Services, with the approval of 
                the Director.
            (6) Additional members of the board.--
                    (A) Appointment.--The other members of the Board 
                shall be appointed as follows:
                            (i) One employee of the National Protection 
                        and Programs Directorate of the Department of 
                        Homeland Security, appointed by the Secretary 
                        of Homeland Security.
                            (ii) One employee of the Department of 
                        Defense, appointed by the Secretary of Defense.
                            (iii) Four Federal employees primarily 
                        having technical expertise in information 
                        technology development, financial management, 
                        cybersecurity and privacy, and acquisition, 
                        appointed by the Director.
                    (B) Term.--Each member of the Board described in 
                subparagraph (A) shall serve a term of one year, which 
                shall be renewable up to three times, at the discretion 
                of the appointing Secretary or Director, as applicable.
            (7) Prohibition on compensation.--Members of the Board may 
        not receive additional pay, allowances, or benefits by reason 
        of their service on the Board.
            (8) Staff.--Upon request of the Chair of the Board, the 
        Director and the Administrator of General Services may detail, 
        on a nonreimbursable basis, any of the personnel of the Office 
        of Management and Budget or the General Services Administration 
        (as the case may be) to the Board to assist the Board in 
        carrying out its functions under this Act.
    (c) Responsibilities of Commissioner.--
            (1) In general.--In addition to the responsibilities 
        described in subsection (b), the Commissioner shall support the 
        activities of the Board and provide technical support to, and, 
        with the concurrence of the Director, oversight of, agencies 
        that receive transfers from the Fund.
            (2) Responsibilities.--The responsibilities of the 
        Commissioner are the following:
                    (A) Provide direct technical support in the form of 
                personnel services or otherwise to agencies transferred 
                amounts under subsection (a)(3)(A) and for products, 
                services, and acquisition vehicles funded under 
                subsection (a)(3)(B).
                    (B) Assist the Board with the evaluation, 
                prioritization, and development of agency modernization 
                proposals.
                    (C) Perform regular project oversight and 
                monitoring of approved agency modernization projects, 
                in consultation with the Board and the Director, to 
                increase the likelihood of successful implementation 
                and reduce waste.
                    (D) Provide the Director with information necessary 
                to meet the requirements of subsection (a)(7).
    (d) Agency Defined.--In this section, the term ``agency'' has the 
meaning given that term in section 551 of title 5, United States Code.

SEC. 5. DEFINITIONS.

    In this Act:
            (1) Cloud computing.--The term ``cloud computing'' has the 
        meaning given that term by the National Institute of Standards 
        and Technology in NIST Special Publication 800-145 and any 
        amendatory or superseding document thereto.
            (2) Commissioner.--The term ``Commissioner'' means the 
        Commissioner of the Technology Transformation Service of the 
        General Services Administration.
            (3) Director.--The term ``Director'' means the Director of 
        the Office of Management and Budget.
            (4) Information technology.--The term ``information 
        technology'' has the meaning given that term in section 3502 of 
        title 44, United States Code.
            (5) Legacy information technology system.--The term 
        ``legacy information technology system'' means an outdated or 
        obsolete system of information technology.
                                 <all>