[Congressional Bills 118th Congress]
[From the U.S. Government Publishing Office]
[H.R. 6190 Introduced in House (IH)]

<DOC>






118th CONGRESS
  1st Session
                                H. R. 6190

  To provide for cybersecurity prioritization in formation technology 
                              procurement.


_______________________________________________________________________


                    IN THE HOUSE OF REPRESENTATIVES

                            November 2, 2023

    Mr. Kean of New Jersey introduced the following bill; which was 
              referred to the Committee on Foreign Affairs

_______________________________________________________________________

                                 A BILL


 
  To provide for cybersecurity prioritization in formation technology 
                              procurement.

    Be it enacted by the Senate and House of Representatives of the 
United States of America in Congress assembled,

SECTION 1. CYBERSECURITY PRIORITIZATION IN INFORMATION TECHNOLOGY 
              PROCUREMENT.

    (a) Sense of Congress.--It is the sense of Congress that--
            (1) the Department has not sufficiently emphasized 
        cybersecurity in its operations or in its procurement of 
        information technology, and that these shortcomings have 
        contributed to numerous cybersecurity incidents at the 
        Department; and
            (2) the Department should prioritize, to the highest level 
        and to a greater extent than it already does, the minimization 
        of cybersecurity risks in its procurement of information 
        technology.
    (b) Annual Report.--The Chief Information Officer in the Bureau of 
Information Resources Management shall submit to the appropriate 
congressional committees an annual report that--
            (1) describes all Department information technology 
        procurement contracts awarded in the year prior to the issuance 
        of the report, including the name of the awardee and the 
        information technology they were contracted to procure;
            (2) for all Department information technology procurement 
        contracts awarded in the year prior to the issuance of the 
        report with contract price exceeding $10 million--
                    (A) details the cybersecurity risks which have been 
                or will be created by the information technology 
                procured or intended to be procured under the contract, 
                including the Department's strategy for mitigating 
                these risks;
                    (B) justifies the Department's choice to award the 
                contract to its particular awardee in light of those 
                cybersecurity risks; and
                    (C) justifies the Department's choice to procure 
                such information technology in light of those 
                cybersecurity risks.
    (c) Definitions.--In this section--
            (1) the term ``appropriate congressional committees'' 
        means--
                    (A) the Committee on Foreign Affairs of the House 
                of Representatives; and
                    (B) the Committee on Foreign Relations of the 
                Senate;
            (2) the term ``cybersecurity incident'' has the meaning 
        given the term ``incident'' in section 3552 of title 44, United 
        States Code;
            (3) the term ``cybersecurity risk'' has the meaning given 
        that term in section 2200 of the Homeland Security Act of 2002 
        (6 U.S.C. 650), except that such term refers exclusively to 
        cybersecurity risks to the Department's information and 
        information systems;
            (4) the term ``Department'' means the Department of State;
            (5) the term ``information system'' has the meaning given 
        that term in section 3502 of title 44, United States Code; and
            (6) the term ``information technology'' has the meaning 
        given that term in section 11101 of title 40, United States 
        Code.
                                 <all>