Short title

This Act may be cited as the

Source code Harmonization And Reuse in Information Technology Act

or the

SHARE IT Act

Definitions

In this Act:(1)

Agency

The term agency has the meaning given that term in section 3502 of title 44, United States Code.(2)

Appropriate congressional committees

The term appropriate congressional committees means the Committee on Homeland Security and Governmental Affairs of the Senate and the Committee on Oversight and Accountability of the House of Representatives.(3)

Custom-developed code

The term custom-developed code—(A)means source code that is—(i)produced in the performance of a contract with an agency or is otherwise exclusively funded by the Federal Government; or(ii)developed by a Federal employee as part of the official duties of the employee;(B)includes—(i)source code, or segregable portions of source code, for which the Federal Government could obtain unlimited rights under part 27 of the Federal Acquisition Regulation or any relevant supplemental acquisition regulations of an agency; and(ii)source code written for a software project, module, plugin, script, middleware, or application programming interface; and(C)does not include—(i)source code that is solely exploratory or disposable in nature, including source code written by a developer experimenting with a new language or library; or(ii)commercial computer software, commercial off-the-shelf software, or configuration scripts for such software.(4)

Federal employee

The term Federal employee has the meaning given the term in section 2105(a) of title 5, United States Code.(5)

Metadata

The term metadata, with respect to custom-developed code—(A)has the meaning given that term in section 3502 of title 44, United States Code; and(B)includes—(i)information on whether the custom-developed code was—(I)produced pursuant to a contract; or(II)shared in a public or private repository;(ii)any contract number under which the custom-developed code was produced; and(iii)any hyperlink to the repository in such the code was shared.(6)

Private repository

The term private repository means a software storage location—(A)that contains source code, documentation, configuration scripts, as appropriate, revision history, and other files; and(B)access to which is restricted to only authorized users.(7)

Public repository

The term public repository means a software storage location—(A)that contains source code, documentation, configuration scripts, as appropriate, revision history, and other files; and(B)access to which is open to the public.(8)

Software

The term software has the meaning given the term computer software in section 2.101 of title 48, Code of Federal Regulations, or any successor regulation.(9)

Source code

The term source code means a collection of computer commands written in a computer programming language that a computer can execute as a piece of software.

Software reuse

(a)

Sharing

Not later than 210 days after the date of enactment of this Act, the head of each agency shall ensure that the custom-developed code of the agency and other key technical components of the code (including documentation, data models, schemas, metadata, architecture designs, configuration scripts, and artifacts required to develop, build, test, and deploy the code) of the code are—(1)stored at not less than 1 public repository or private repository;(2)accessible to Federal employees via procedures developed under subsection (d)(1)(A)(ii)(III); and(3)owned by the agency.(b)

Software reuse rights in procurement contracts

The head of an agency that enters into a contract for the custom development of software shall acquire and exercise rights sufficient to enable the governmentwide access to, sharing of, use of, and modification of any custom-developed code created in the development of such software.(c)

Discovery

Not later than 210 days after the date of enactment of this Act, the head of each agency shall make metadata created on or after such date for the custom-developed code of the agency publicly accessible.(d)

Accountability mechanisms

(1)

Agency cios

Not later than 180 days after the date of enactment of this Act, the Chief Information Officer of each agency, in consultation with the Chief Acquisition Officer, or similar official, of the agency and the Administrator of the Office of Electronic Government, shall develop an agency-wide policy that—(A)implements the requirements of this Act, including—(i)ensuring that custom-developed code follows the best practices established by the Director of the Office and Management and Budget under paragraph (3) for operating repositories and version control systems to keep track of changes and to facilitate collaboration among multiple developers; and(ii)managing the sharing of custom-developed code under subsection (b), and the public accessibility of metadata under subsection (c), including developing—(I)procedures to determine whether any custom-developed code meets the conditions under section 4(b) for an exemption under this Act;(II)procedures for making metadata for custom-developed code publicly accessible pursuant to subsection (c);(III)procedures for Federal employees to gain access to public repositories and private repositories that contain custom developed source code; and(IV)standardized reporting practices across the agency to capture key information relating to a contract under which custom-developed source code was produced for reporting statistics about the contract; and(B)corrects or amends any policies of the agency that are inconsistent with the requirements of this Act.(2)

Administrator of the office of electronic government

(A)

Minimum standard reporting requirements

Not later than 120 days after the date of enactment of this Act, the Administrator of the Office of Electronic Government shall establish minimum standard reporting requirements for the Chief Information Officers of agencies, which shall include information relating to—(i)measuring the frequency of reuse of code, including access and modification under subsection (b);(ii)whether the shared code is maintained;(iii)whether there is a feedback mechanism for improvements to or community development of the shared code; and(iv)the number and circumstances of all exemptions granted under section 4(a)(2).(B)

Reporting requirement

(i)

Requirement

Not later than 1 year after the date of the enactment of this Act, and annually thereafter, the Administrator of the Office of Electronic Government shall publish on a centralized website a report on the implementation of this Act that includes—(I)a complete list of all exemptions granted under section 4(a)(2); and(II)information showing whether each agency has updated the acquisition and other policies of the agency to be compliant with this Act.(ii)

Open Government data asset

The report under clause (i) shall be maintained as an open Government data asset (as defined in section 3502 of title 44, United States Code). (3)

Guidance

The Director of the Office of Management and Budget shall issue guidance, consistent with the purpose of this Act, that establishes best practices and uniform procedures across agencies for the purposes of implementing this subsection.

Exemptions

(a)

In general

(1)

Automatic

(A)

In general

This Act shall not apply to classified source code or source code developed primarily for use in a national security system (as defined in section 11103 of title 40, United States Code).(B)

National security

An exemption from the requirements under section 3 shall apply to classified source code or source code developed—(i)primarily for use in a national security system (as defined in section 11103 of title 40, United States Code); or(ii)by an agency, or part of an agency, that is an element of the intelligence community (as defined in section 3(4) of the National Security Act of 1947 (50 U.S.C. 3003(4)).(C)

Freedom of information act

An exemption from the requirements under section 3 shall apply to source code the disclosure of which is exempt under section 552(b) of title 5, United States Code (commonly known as the Freedom of Information Act).(2)

Discretionary

(A)

Exemption and guidance

(i)

In general

The Chief Information Officer of an agency, in consultation with the Federal Privacy Council, or any successor thereto, may exempt from the requirements of section 3 any source code for which a limited exemption described in subparagraph (B) applies.(ii)

Guidance required

The Federal Privacy Council shall provide guidance to the Chief Information Officer of each agency relating to the limited exemption described in subparagraph (B)(ii) to ensure consistent application of this paragraph across agencies.(B)

Limited exemptions

The limited exemptions described in this paragraph are the following:(i)The head of the agency is prohibited from providing the source code to another individual or entity under another Federal law or regulation, including under—(I)the Export Administration Regulations;(II)the International Traffic in Arms Regulations;(III)the regulations of the Transportation Security Administration relating to the protection of Sensitive Security Information; and(IV)the Federal laws and regulations governing the sharing of classified information not covered by the exemption in paragraph (1).(ii)The sharing or public accessibility of the source code would create an identifiable risk to the privacy of an individual.(b)

Reports required

(1)

Agency reporting

Not later than December 31 of each year, the Chief Information Officer of an agency shall submit to the Administrator of the Office of Electronic Government a report of the source code of the agency to which an exemption under paragraph (1) or (2) of subsection (a) applied during the fiscal year ending on September 30 of that year with a brief narrative justification of each exemption.(2)

Annual report to Congress

Not later than 1 year after the date of enactment of this Act, and annually thereafter, the Administrator of the Office of Electronic Government shall submit to the appropriate congressional committees a report on all exemptions granted under paragraph (1) or (2) of subsection (a) by each agency, including a compilation of all information, including the narrative justification, relating to each such exemption.(3)

Form

The reports under paragraphs (1) and (2) shall be submitted in unclassified form, with a classified annex as appropriate.

Gao report

Not later than 2 years after the date of enactment of this Act, the Comptroller General of the United States shall submit to Congress a report that includes an assessment of the implementation of this Act.

Rule of construction

Nothing in this Act may be construed as requiring the disclosure of information or records that are exempt from public disclosure under section 552 of title 5, United States Code (commonly known as the Freedom of Information Act).

Application

This Act shall apply to custom-developed code that is developed or revised—(1)by a Federal employee not less than 180 days after the date of enactment of this Act; or(2)under a contract awarded pursuant to a solicitation issued not less than 180 days after the date of enactment of this Act.

Revision of Federal Acquisition Regulation

Not later than 1 year after the date of enactment of this Act, the Federal Acquisition Regulation shall be revised as necessary to implement the provisions of this Act.

No additional funding

No additional funds are authorized to be appropriated to carry out this Act.