115 S2032 IS: Legacy IT Reduction Act of 2023 U.S. Senate 2023-06-15 text/xml EN Pursuant to Title 17 Section 105 of the United States Code, this file is not subject to copyright protection and is in the public domain.

II118th CONGRESS1st SessionS. 2032IN THE SENATE OF THE UNITED STATESJune 15, 2023Ms. Hassan (for herself and Mr. Cornyn) introduced the following bill; which was read twice and referred to the Committee on Homeland Security and Governmental AffairsA BILLTo require the reduction of the reliance and expenditures of the Federal Government on legacy information technology systems, and for other purposes.

1.

Short title

This Act may be cited as the Legacy IT Reduction Act of 2023.

2.

Definitions

In this Act:(1)

Administrator

The term Administrator means the Administrator of General Services.(2)

Agency

The term agency means an agency described in paragraph (1) or (2) of section 901(b) of title 31, United States Code.(3)

Chief information officer

The term Chief Information Officer means a Chief Information Officer designated under section 3506(a)(2) of title 44, United States Code.(4)

Comptroller general

The term Comptroller General means the Comptroller General of the United States. (5)

Congressional oversight committee

The term congressional oversight committee means, with respect to a particular agency, a committee or subcommittee of the Senate and the House of Representatives that provides oversight of the agency.(6)

Director

The term Director means the Director of the Office of Management and Budget.(7)

Information technology

The term information technology has the meaning given the term in section 11101 of title 40, United States Code.(8)

IT working capital fund; legacy information technology system

The terms IT working capital fund and legacy information technology system have the meaning given the terms in section 1076 of the National Defense Authorization Act for Fiscal Year 2018 (40 U.S.C. 11301 note; Public Law 115–91).(9)

National security system

The term national security system has the meaning given the term in section 11103 of title 40, United States Code.(10)

Technology Modernization Fund

The term Technology Modernization Fund means the fund established under section 1078(b)(1) of the National Defense Authorization Act for Fiscal Year 2018 (40 U.S.C. 11301 note; Public Law 115–91).

3.

Legacy information technology system inventory

(a)

Inventory of legacy information technology systems

(1)

In general

Not later than 1 year after the date of enactment of this Act, and not later than 5 years thereafter, the Chief Information Officer of each agency shall compile an inventory that lists each legacy information technology system used, operated, or maintained by the agency.(2)

Contents

The Director shall issue guidance prescribing the information that the Chief Information Officer of each agency shall include for each legacy technology information system listed in the inventory required under paragraph (1). In issuing such guidance, the Director shall consider including for each legacy technology information system listed in the inventory—(A)the name or an identification of the legacy information technology system;(B)the office or mission of the agency that the legacy information technology system supports and how the office or mission uses the legacy information technology system;(C)to the extent that information is available—(i)the date of the last update or refresh of the legacy information technology system;(ii)the annual price, including recurring subscription costs and any costs to contract labor, to operate or maintain the legacy information technology system; and(iii)the name and contact information of the vendor; and(D)the date of the next expected update or modernization, retirement, or disposal of the legacy information technology system.(b)

Transparency and accountability

(1)

In general

Upon request by a House of Congress, a congressional oversight committee of an agency, the Comptroller General of the United States, or an inspector general of an agency, the head of the agency shall make available the inventory compiled under subsection (a)(1) or the relevant portion of that inventory.(2)

Reporting

The Director may require an agency to include the inventory compiled under subsection (a)(1) in a reporting structure determined by the Director.

4.

Agency legacy information technology systems modernization plans

(a)

In general

Not later than 2 years after the date of enactment of this Act, and every 5 years thereafter, the head of an agency shall develop and include as part of the information resource management strategic plan of the agency submitted under section 3506(b)(2) of title 44, United States Code, a plan to modernize the legacy information technology systems of the agency.(b)

Contents

A modernization plan of an agency developed under subsection (a) shall include—(1)an inventory of the legacy information technology systems of the agency;(2)an identification of legacy information technology systems that the agency has prioritized for updates, modernization, retirement, or disposal;(3)steps the agency intends to make toward updating, modernizing, retiring, or disposing of the legacy information technology systems of the agency prioritized under paragraph (2) during the 5-year period beginning on the date of submission of the plan; and(4)any additional information that the Director determines necessary or useful for the agency to consider or include to effectively and efficiently execute the modernization plan, which may include—(A)the capacity of the agency to operate and maintain an updated or modernized legacy information technology system;(B)the estimated cost and sources of funding required to execute the modernization plan; and(C)the ability of the agency to adapt an updated or modernized legacy information technology system to changes in policy, technology, or other user needs, as necessary.(c)

Publication and submission to Congress

Not later than 30 days after the date on which the head of an agency submits the modernization plan developed under subsection (a) as part of the information resource management strategic plan of the agency submitted under section 3506(b)(2) of title 44, United States Code, the head of the agency shall submit the modernization plan to the Committee on Homeland Security and Governmental Affairs of the Senate, the Committee on Oversight and Accountability of the House of Representatives, and each congressional oversight committee of the agency.

5.

Role of the Office of Management and Budget

Not later than 180 days after the date of enactment of this Act, the Director, in coordination with the Administrator of the Office of Electronic Government, shall issue guidance on the implementation of this Act and the amendments made by this Act, which shall include— (1)criteria to determine whether information technology qualifies as a legacy information technology system for the purposes of compiling the inventory required under section 3(a)(1);(2)instructions and templates to inform the compilation of the inventory required under section 3(a)(1), as necessary;(3)instructions and templates to inform the compilation and publication of, and any subsequent updates to, the modernization plans required under section 4(a), as necessary; and(4)any other guidance determined necessary for the implementation of this Act or the amendments made by this Act, including how the implementation of this Act or those amendments complements laws, regulations, and guidance relating to information technology modernization.

6.

Comptroller General review

(a)

In general

Not later than 3 years after the date of enactment of this Act, the Comptroller General shall submit to the Committee on Homeland Security and Governmental Affairs of the Senate and the Committee on Oversight and Accountability of the House of Representatives a report on—(1)the implementation of this Act and the amendments made by this Act; and(2)how this Act and the amendments made by this Act function alongside other information technology modernization offices, policies, and programs, such as—(A)the Technology Modernization Fund and the IT working capital fund;(B)the Federal Risk and Authorization Management Program, the 18F program, and the 10X program of the General Services Administration;(C)programs and policies of the Office of Management and Budget, including the Office of Electronic Government and the United States Digital Service; and(D)any other office, policy, or program of the Federal Government determined relevant by the Comptroller General.

7.

Protection of sensitive information; exemption of national security systems

(a)

In general

Nothing in this Act or the amendments made by this Act shall be construed to require the head of an agency to disclose sensitive information that—(1)is protected from disclosure under any other law; or(2)would compromise the security of any information technology system of the Federal Government.(b)

Exemption

Nothing in this Act or the amendments made by this Act shall be construed to authorize or require the head of an agency to inventory, develop a report relating to, or transfer, a national security system.