114 S931 RS: Strengthening Agency Management and Oversight of Software Assets Act
U.S. Senate
2023-07-25
text/xml
EN
Pursuant to Title 17 Section 105 of the United States Code, this file is not subject to copyright protection and is in the public domain.
1.This Act may be cited as the Strengthening Agency Management and Oversight of Software Assets Act
.2.In this Act:(1)The term Administrator means the Administrator of General Services.(2)The term agency has the meaning given that term in section 3502 of title 44, United States Code.(3)The term cloud computing has the meaning given the term in Special Publication 800–145 of the National Institute of Standards and Technology, or any successor document.(4)The term cloud service provider means an entity offering cloud computing products or services to agencies. (5)The term comprehensive assessment means a comprehensive assessment conducted pursuant to section 3(a).(6)The term Director means the Director of the Office of Management and Budget.(7)The term plan means the plan developed by a Chief Information Officer, or equivalent official, pursuant to section 4(a).(8)The term software entitlement means any software that—(A)has been purchased, leased, or licensed by or billed to an agency under any contract or other business arrangement; and (B)is subject to use limitations. (9)The term software inventory means the software inventory of an agency required pursuant to—(A)section 2(b)(2)(A) of the Making Electronic Government Accountable By Yielding Tangible Efficiencies Act of 2016 (40 U.S.C. 11302 note; Public Law 114–210); or (B)subsequent guidance issued by the Director pursuant to that Act.3.Software entitlement and inventory integrity(a)As soon as practicable, and not later than 1 year after the date of enactment of this Act, the Chief Information Officer of each agency, in consultation with the Chief Financial Officer, the Chief Procurement Officer, and General Counsel of the agency, or the equivalent officials of the agency, shall complete a comprehensive assessment of the software entitlements and software inventories of the agency, which shall include—(1)the current software inventory of the agency, including software entitlements, contracts and other agreements or arrangements of the agency, and a list of the largest software entitlements of the agency separated by vendor and category of software;(2)a comprehensive, detailed accounting of—(A)any software deployed for the agency as of the date of the comprehensive assessment, including, to the extent identifiable, the contracts and other agreements or arrangements that the agency uses to acquire, deploy, or use such software;(B)information and data on software entitlements, which shall include information on any additional fees or costs for the use of cloud services that is not included in the initial costs of the contract, agreement, or arrangement—(i)for which the agency pays;(ii)that are not deployed or in use by the agency; and(iii)that are billed to the agency under any contract or business arrangement that creates redundancy in the deployment or use by the agency; and(C)the extent—(i)to which any software paid for, in use, or deployed throughout the agency is interoperable; and (ii)of the efforts of the agency to improve interoperability of software assets throughout the agency enterprise;(3)a categorization of software licenses of the agency by cost, volume, and type of software;(4)a list of any provisions in the software licenses of the agency that may restrict how the software can be deployed, accessed, or used, including any such restrictions on desktop or server hardware or through a cloud service provider; and(5)an analysis addressing—(A)the accuracy and completeness of the software inventory and software entitlements of the agency before and after the comprehensive assessment;(B)management by the agency of and compliance by the agency with all contracts or other agreements or arrangements that include or implicate software licensing or software management within the agency;(C)the extent to which the agency accurately captures the total cost of enterprise licenses agreements and related costs, including the total cost of upgrades over the life of a contract, cloud usage cost per user, and any other cost associated with the maintenance or servicing of contracts; and (D)compliance with software license management policies of the agency. (b)(1)The head of an agency may enter into 1 or more contracts to support the requirements of subsection (a).(2)Contracts under paragraph (1) shall not include contractors with organization conflicts of interest.(3)Over the course of a comprehensive assessment, contractors hired pursuant to paragraph (1) shall maintain operational independence from the integration, management, and operations of the software inventory and software entitlements of the agency. (c)On the date on which the Chief Information Officer, Chief Financial Officer, Chief Procurement Officer, and General Counsel of an agency, or the equivalent officials of the agency, complete the comprehensive assessment, and not later than 1 year after the date of enactment of this Act, the Chief Information Officer shall submit the comprehensive assessment to—(1)the head of the agency;(2)the Director;(3)the Administrator;(4)the Comptroller General of the United States;(5)the Committee on Homeland Security and Governmental Affairs of the Senate; and(6)the Committee on Oversight and Accountability of the House of Representatives.(d)In order to ensure the utility and standardization of the comprehensive assessment of each agency, including to support the development of each plan and the Government-wide strategy described in section 5, the Director, in consultation with the Administrator, may share information, best practices, and recommendations relating to the activities performed in the course of a comprehensive assessment of an agency. 4.Enterprise Licensing Positioning at Agencies(a)The Chief Information Officer of each agency, in consultation with the Chief Financial Officer and the Chief Procurement Officer of the agency, or the equivalent officials of the agency, shall use the information developed pursuant to the comprehensive assessment of the agency to develop a plan for the agency—(1)to consolidate software licenses of the agency; and (2)to the greatest extent practicable, in order to improve the performance of, and reduce unnecessary costs to, the agency, to adopt enterprise license agreements across the agency, by type or category of software.(b)The plan of an agency shall—(1)include a detailed strategy for—(A)the remediation of any software asset management deficiencies found during the comprehensive assessment of the agency; (B)the ongoing maintenance of software asset management upon the completion of the remediation; and(C)maximizing the effectiveness of software deployed by the agency, including, to the extent practicable, leveraging technologies that—(i)provide in-depth analysis of user behaviors and collect user feedback;(ii)measure actual software usage via analytics that can identify inefficiencies to assist in rationalizing software spending;(iii)allow for segmentation of the user base; (iv)support effective governance and compliance in the use of software; and(v)support interoperable capabilities between software;(2)identify not fewer than 5 categories of software the agency will prioritize for conversion to enterprise licenses as the software entitlements, contracts, and other agreements or arrangements for those categories come up for renewal or renegotiation;(3)provide an estimate of the costs to move to enterprise, open-source, or other licenses that do not restrict the use of software by the agency, and the projected cost savings, efficiency measures, and improvements to agency performance throughout the total software lifecycle;(4)identify potential mitigations to minimize software license restrictions on how such software can be deployed, accessed, or used, including any mitigations that would minimize any such restrictions on desktop or server hardware or through a cloud service provider;(5)ensure that the purchase by the agency of any enterprise license or other software is based on publicly available criteria that are not unduly structured to favor any specific vendor; (6)include any estimates for additional resources, services, or support the agency may need to execute the enterprise licensing position plan;(7)provide information on the prevalence of software products in use across multiple software categories; and(8)include any additional information, data, or analysis determined necessary by the Chief Information Officer, or other equivalent official, of the agency.(c)Consultation and coordinationThe Director, in coordination with the Chief Information Officers Council, the Chief Acquisition Officers Council, the Administrator, and other government and industry representatives identified by the Director, may establish processes to identify, define, and harmonize common definitions, terms and conditions, and other information and criteria to support agency heads in developing and implementing the plans required by this section. (d)The Chief Information Officer, or other equivalent official, of an agency may request support from the Director and the Administrator for any analysis or developmental needs to create the plan of the agency. (e)Not later than 120 days after the date on which the Chief Information Officer, or other equivalent official, of an agency submits the comprehensive assessment pursuant to section 3(c), the head of the agency shall submit to the Director, the Committee on Homeland Security and Governmental Affairs of the Senate, and the Committee on Oversight and Accountability of the House of Representatives the plan of the agency.5.(a)Not later than 2 years after the date of enactment of this Act, the Director, in consultation with the Administrator and the Federal Chief Information Officers Council, shall submit to the Committee on Homeland Security and Governmental Affairs of the Senate and the Committee on Oversight and Accountability of the House of Representatives a strategy that includes—(1)proposals to support the adoption of Government-wide enterprise licenses for software entitlements identified through the comprehensive assessments and plans, including, where appropriate, a cost-benefit analysis;(2)opportunities to leverage Government procurement policies and practices to increase interoperability of software entitlements acquired and deployed to reduce costs and improve performance; (3)the incorporation of data on spending by agencies on, the performance of, and management by agencies of software entitlements as part of the information required under section 11302(c)(3)(B) of title 40, United States Code;(4)where applicable, directions to agencies to examine options and relevant criteria for transitioning to open-source software; and(5)any other information or data collected or analyzed by the Director.(b)(1)With respect to the first budget of the President submitted under section 1105(a) of title 31, United States Code, on or after the date that is 2 years after the date of enactment of this Act, the Director shall ensure that the strategy required under subsection (a) of this section and the plan of each agency are included in the budget justification materials of each agency submitted in conjunction with that budget.(2)With respect to the first 5 budgets of the President submitted under section 1105(a) of title 31, United States Code, after the budget described in paragraph (1), the Director shall—(A)designate performance metrics for agencies for common software licensing, management, and cost criteria; and (B)ensure that the progress of each agency toward the performance metrics is included in the budget justification materials of the agency submitted in conjunction with that budget.6.Not later than 3 years after the date of enactment of this Act, the Comptroller General of the United States shall submit to the Committee on Homeland Security and Governmental Affairs of the Senate and the Committee on Oversight and Accountability of the House of Representatives a report on Government-wide trends, comparisons among agencies, and other analyses of plans and the strategy required under section 5(a) by the Comptroller General of the United States.1.This Act may be cited as the Strengthening Agency Management and Oversight of Software Assets Act
.2.In this Act:(1)The term Administrator means the Administrator of General Services.(2)The term agency has the meaning given that term in section 3502 of title 44, United States Code.(3)The term cloud computing has the meaning given the term in Special Publication 800–145 of the National Institute of Standards and Technology, or any successor document.(4)The term cloud service provider has the meaning given the term in section 3607(b) of title 44, United States Code. (5)The term comprehensive assessment means a comprehensive assessment conducted pursuant to section 3(a).(6)The term Director means the Director of the Office of Management and Budget.(7)The term plan means the plan developed by a Chief Information Officer, or equivalent official, pursuant to section 4(a).(8)The term software entitlement means any software that—(A)has been purchased, leased, or licensed by or billed to an agency under any contract or other business arrangement; and (B)is subject to use limitations. (9)The term software inventory means the software inventory of an agency required pursuant to—(A)section 2(b)(2)(A) of the Making Electronic Government Accountable By Yielding Tangible Efficiencies Act of 2016 (40 U.S.C. 11302 note; Public Law 114–210); or (B)subsequent guidance issued by the Director pursuant to that Act.3.Software inventory update and expansion(a)As soon as practicable, and not later than 18 months after the date of enactment of this Act, the Chief Information Officer of each agency, in consultation with the Chief Financial Officer, the Chief Acquisition Officer, the Chief Data Officer, and General Counsel of the agency, or the equivalent officials of the agency, shall complete a comprehensive assessment of the software paid for by, in use at, or deployed throughout the agency, which shall include—(1)the current software inventory of the agency, including software entitlements, contracts and other agreements or arrangements of the agency, and a list of the largest software entitlements of the agency separated by provider and category of software;(2)a comprehensive, detailed accounting of—(A)any software used by or deployed within the agency, including software developed or built by the agency, or by another agency for use by the agency, including shared services, as of the date of the comprehensive assessment, including, to the extent identifiable, the contracts and other agreements or arrangements used by the agency to acquire, build, deploy, or use such software;(B)information and data on software entitlements, which shall include information on any additional fees or costs, including fees or costs for the use of cloud services, that are not included in the initial costs of the contract, agreement, or arrangement—(i)for which the agency pays;(ii)that are not deployed or in use by the agency; and(iii)that are billed to the agency under any contract or business arrangement that creates duplication, or are otherwise determined to be unnecessary by the Chief Information Officer of the agency, or the equivalent official, in the deployment or use by the agency; and(C)the extent—(i)to which any software paid for, in use, or deployed throughout the agency is interoperable; and (ii)of the efforts of the agency to improve interoperability of software assets throughout the agency enterprise;(3)a categorization of software entitlements of the agency by cost, volume, and type of software;(4)a list of any provisions in the software entitlements of the agency that may restrict how the software can be deployed, accessed, or used, including any such restrictions on desktop or server hardware, through a cloud service provider, or on data ownership or access; and(5)an analysis addressing—(A)the accuracy and completeness of the comprehensive assessment;(B)agency management of and compliance with all contracts or other agreements or arrangements that include or reference software entitlements or software management within the agency;(C)the extent to which the agency accurately captures the total cost of software entitlements and related costs, including the total cost of upgrades over the life of a contract, cloud usage costs, and any other cost associated with the maintenance or servicing of contracts; and (D)compliance with software license management policies of the agency. (b)(1)The head of an agency may enter into 1 or more contracts to support the requirements of subsection (a).(2)Contracts under paragraph (1) shall not include contractors with organizational conflicts of interest, within the meaning given that term under subpart 9.5 of the Federal Acquisition Regulation.(3)Over the course of a comprehensive assessment, contractors hired pursuant to paragraph (1) shall maintain operational independence from the integration, management, and operations of the software inventory and software entitlements of the agency. (c)On the date on which the Chief Information Officer, Chief Financial Officer, Chief Acquisition Officer, the Chief Data Officer, and General Counsel of an agency, or the equivalent officials of the agency, complete the comprehensive assessment, the Chief Information Officer shall submit the comprehensive assessment to the head of the agency. (d)Not later than 30 days after the date on which the head of an agency receives the comprehensive assessment under subsection (c), the head of the agency shall submit the comprehensive assessment to—(1)the Director;(2)the Administrator;(3)the Comptroller General of the United States;(4)the Committee on Homeland Security and Governmental Affairs of the Senate; and(5)the Committee on Oversight and Accountability of the House of Representatives.(e)In order to ensure the utility and standardization of the comprehensive assessment of each agency, including to support the development of each plan and the report required under section 4(e)(2), the Director, in consultation with the Administrator, shall share information, best practices, and recommendations relating to the activities performed in the course of a comprehensive assessment of an agency. 4.Software modernization planning at agencies(a)The Chief Information Officer of each agency, in consultation with the Chief Financial Officer, the Chief Acquisition Officer, the Chief Data Officer, and the General Counsel of the agency, or the equivalent officials of the agency, shall use the information developed pursuant to the comprehensive assessment of the agency to develop a plan for the agency—(1)to consolidate software entitlements of the agency;(2)to ensure that, in order to improve the performance of, and reduce unnecessary costs to, the agency, the Chief Information Officer, Chief Data Officer, and Chief Acquisition Officer of the agency, or the equivalent officers, develop criteria and procedures for how the agency will adopt cost-effective acquisition strategies, including enterprise licensing, across the agency that reduce costs, eliminate excess licenses, and improve performance; and(3)to restrict the ability of a bureau, program, component, or operational entity within the agency to acquire, use, develop, or otherwise leverage any software entitlement (or portion thereof) without the approval of the Chief Information Officer of the agency, in consultation with the Chief Acquisition Officer of the agency, or the equivalent officers of the agency.(b)The plan of an agency shall—(1)include a detailed strategy for—(A)the remediation of any software asset management deficiencies found during the comprehensive assessment of the agency; (B)the ongoing maintenance of software asset management upon the completion of the remediation;(C)automation of software license management processes and incorporation of discovery tools across the agency; (D)ensuring that officers and employees of the agency are adequately trained in the policies, procedures, rules, regulations, and guidance relating to the software acquisition and development of the agency before entering into any agreement relating to any software entitlement (or portion thereof) for the agency, including training on—(i)negotiating options within contracts to address and minimize provisions that restrict how the agency may deploy, access, or use the software, including restrictions on deployment, access, or use on desktop or server hardware and restrictions on data ownership or access;(ii)the differences between acquiring commercial software products and services and acquiring or building custom software; and(iii)determining the costs of different types of licenses and options for adjusting licenses to meet increasing or decreasing demand; and(E)maximizing the effectiveness of software deployed by the agency, including, to the extent practicable, leveraging technologies that—(i)measure actual software usage via analytics that can identify inefficiencies to assist in rationalizing software spending;(ii)allow for segmentation of the user base; (iii)support effective governance and compliance in the use of software; and(iv)support interoperable capabilities between software;(2)identify categories of software the agency could prioritize for conversion to more cost-effective software licenses, including enterprise licenses, as the software entitlements, contracts, and other agreements or arrangements come up for renewal or renegotiation;(3)provide an estimate of the costs to move toward more enterprise, open-source, or other licenses that do not restrict the use of software by the agency, and the projected cost savings, efficiency measures, and improvements to agency performance throughout the total software lifecycle;(4)identify potential mitigations to minimize software license restrictions on how such software can be deployed, accessed, or used, including any mitigations that would minimize any such restrictions on desktop or server hardware, through a cloud service provider, or on data ownership or access;(5)ensure that the purchase by the agency of any software is based on publicly available criteria that are not unduly structured to favor any specific vendor, unless prohibited by law (including regulation); (6)include any estimates for additional resources, services, or support the agency may need to implement the plan;(7)provide information on the prevalence of software products in use across multiple software categories; and(8)include any additional information, data, or analysis determined necessary by the Chief Information Officer, or other equivalent official, of the agency.(c)The Chief Information Officer, or other equivalent official, of an agency may request support from the Director and the Administrator for any analysis or developmental needs to create the plan of the agency. (d)Not later than 1 year after the date on which the head of an agency submits the comprehensive assessment pursuant to section 3(d), the head of the agency shall submit to the Director, the Committee on Homeland Security and Governmental Affairs of the Senate, and the Committee on Oversight and Accountability of the House of Representatives the plan of the agency.(e)Consultation and coordinationThe Director—(1)in coordination with the Administrator, the Chief Information Officers Council, the Chief Acquisition Officers Council, the Chief Data Officers Council, the Chief Financial Officers Council, and other government and industry representatives identified by the Director, shall establish processes, using existing reporting functions, as appropriate, to identify, define, and harmonize common definitions, terms and conditions, standardized requirements, and other information and criteria to support agency heads in developing and implementing the plans required by this section; and(2)in coordination with the Administrator, and not later than 2 years after the date of enactment of this Act, submit to the Committee on Homeland Security and Governmental Affairs of the Senate and the Committee on Oversight and Accountability of the House of Representatives a report detailing recommendations to leverage Government procurement policies and practices with respect to software acquired by, developed by, deployed within, or in use at 1 or more agencies to—(A)increase the interoperability of software licenses, including software entitlements and software built by Government agencies;(B)consolidate licenses, as appropriate;(C)reduce costs;(D)improve performance; and(E)modernize the management and oversight of software entitlements and software built by Government agencies, as identified through an analysis of agency plans.5.Not later than 3 years after the date of enactment of this Act, the Comptroller General of the United States shall submit to the Committee on Homeland Security and Governmental Affairs of the Senate and the Committee on Oversight and Accountability of the House of Representatives a report on—(1)Government-wide trends in agency software asset management practices;(2)comparisons of software asset management practices among agencies;(3)the establishment by the Director of processes to identify, define, and harmonize common definitions, terms, and conditions under section 4(e); (4)agency compliance with the restrictions on contract support under section 3(b); and(5)other analyses of and findings regarding the plans of agencies, as determined by the Comptroller General of the United States.6.No additional funds are authorized to be appropriated for the purpose of carrying out this Act.July 25, 2023Reported with an amendment