[Congressional Bills 118th Congress]
[From the U.S. Government Publishing Office]
[H.R. 6256 Introduced in House (IH)]

<DOC>






118th CONGRESS
  1st Session
                                H. R. 6256

    To require that the Chief Information Officer of the Bureau of 
   Information Resources submit an annual report that lists all the 
   information technology procurement awards and contracts that were 
                       awarded over $10,000,000.


_______________________________________________________________________


                    IN THE HOUSE OF REPRESENTATIVES

                            November 7, 2023

  Mr. Baird introduced the following bill; which was referred to the 
                      Committee on Foreign Affairs

_______________________________________________________________________

                                 A BILL


 
    To require that the Chief Information Officer of the Bureau of 
   Information Resources submit an annual report that lists all the 
   information technology procurement awards and contracts that were 
                       awarded over $10,000,000.

    Be it enacted by the Senate and House of Representatives of the 
United States of America in Congress assembled,

SECTION 1. CYBERSECURITY PRIORITIZATION IN INFORMATION TECHNOLOGY 
              PROCUREMENT.

    (a) Sense of Congress.--It is the sense of Congress that--
            (1) the Department has not sufficiently emphasized 
        cybersecurity in its operations or in its procurement of 
        information technology, and that these shortcomings have 
        contributed to numerous cybersecurity incidents at the 
        Department; and
            (2) the Department should prioritize, to the highest level 
        and to a greater extent than it already does, the minimization 
        of cybersecurity risks in its procurement of information 
        technology.
    (b) Annual Report.--The Chief Information Officer in the Bureau of 
Information Resources Management shall submit to the appropriate 
congressional committees an annual report which--
            (1) describes all Department information technology 
        procurement contracts awarded in the year prior to the issuance 
        of the report, including the name of the awardee and the 
        information technology they were contracted to procure; and
            (2) for all Department information technology procurement 
        contracts awarded in the year prior to the issuance of the 
        report with contract price exceeding $10,000,000--
                    (A) details the cybersecurity risks which have been 
                or will be created by the information technology 
                procured or intended to be procured under the contract, 
                including the Department's strategy for mitigating 
                these risks;
                    (B) justifies the Department's choice to award the 
                contract to its particular awardee in light of those 
                cybersecurity risks; and
                    (C) justifies the Department's choice to procure 
                such information technology in light of those 
                cybersecurity risks.
    (c) Definitions.--In this Act:
            (1) Appropriate congressional committees.--The term 
        ``appropriate congressional committees'' means the House 
        Committee on Foreign Affairs and the Senate Committee on 
        Foreign Relations.
            (2) Cybersecurity incident.--The term ``cybersecurity 
        incident'' has the meaning given the term ``incident'' in 
        section 3552 of title 44, United States Code.
            (3) Cybersecurity risk.--The term ``cybersecurity risk'' 
        has the meaning given that term in section 2200 of the Homeland 
        Security Act of 2002 (6 U.S.C. 650), except that it refers 
        exclusively to cybersecurity risks to the Department's 
        information and information systems.
            (4) Department.--The term ``Department'' means the United 
        States Department of State.
            (5) Information system.--The term ``information system'' 
        has the meaning given that term in section 3502 of title 44, 
        United States Code.
            (6) Information technology.--The term ``information 
        technology'' has the meaning given that term in section 11101 
        of title 40, United States Code.
                                 <all>