[Congressional Record Volume 166, Number 135 (Thursday, July 30, 2020)]
[Senate]
[Pages S4648-S4650]
From the Congressional Record Online through the Government Publishing Office [www.gpo.gov]
DEPARTMENT OF VETERANS AFFAIRS INFORMATION TECHNOLOGY REFORM ACT OF
2019
Mr. SULLIVAN. Mr. President, I ask unanimous consent that the Senate
proceed to the immediate consideration of Calendar No. 423, S. 2336.
The PRESIDING OFFICER. The clerk will report the bill by title.
The legislative clerk read as follows:
A bill (S. 2336) to improve the management of information
technology projects and investments of the Department of
Veterans Affairs, and for other purposes.
There being no objection, the Senate proceeded to consider the bill,
which had been reported from the Committee on Veterans' Affairs.
Mr. SULLIVAN. I ask unanimous consent that the bill be considered
read a third time and passed and that the motion to reconsider be
considered made and laid upon the table.
The PRESIDING OFFICER. Without objection, it is so ordered.
The bill (S. 2336) was ordered to be engrossed for a third reading,
was read the third time, and passed, as follows
S. 2336
Be it enacted by the Senate and House of Representatives of
the United States of America in Congress assembled,
SECTION 1. SHORT TITLE.
This Act may be cited as the ``Department of Veterans
Affairs Information Technology Reform Act of 2019''.
SEC. 2. MANAGEMENT OF DEPARTMENT OF VETERANS AFFAIRS
INFORMATION TECHNOLOGY PROJECTS.
(a) Update of Review Process and Information Technology
Dashboard Chief Information Officer Ratings.--
[[Page S4649]]
(1) In general.--Not later than 180 days after the date of
the enactment of this Act, the Secretary of Veterans Affairs
shall update the review process for information technology
projects of the Department of Veterans Affairs to ensure that
active risks are factored into the Information Technology
Dashboard Chief Information Officer ratings.
(2) Review by comptroller general of the united states.--
Not later than one year after the date on which the Secretary
completes updating the review process under paragraph (1),
the Comptroller General of the United States shall complete a
review such process.
(b) Annual Report on Project Budget Discrepancies.--
(1) In general.--Each fiscal year, not later than 120 days
after the end of the previous fiscal year, the Secretary
shall submit to the Committee on Veterans' Affairs of the
Senate and the Committee on Veterans' Affairs of the House of
Representatives a report on covered information technology
projects of the Department with respect to which the amounts
that were obligated and the amounts expended by the
Department in that fiscal year were, in aggregate, 10 percent
or more greater or less than the amount budgeted for the
project in that fiscal year.
(2) Covered information technology projects.--For purposes
of this subsection, a covered information technology project
of the Department is an information technology project of the
Department for which the Secretary estimates the Department
will expend or obligate $25,000,000 or more for development
and sustainment over a three-year lifecycle.
(3) Mitigation plans.--Each report submitted under
paragraph (1) shall include, for each project described in
the report, a plan to rectify the budget discrepancy and
improve the accuracy of the budget formulation process of the
Department.
SEC. 3. PLAN FOR EXPENDITURES RELATING TO DEPARTMENT OF
VETERANS AFFAIRS INFORMATION TECHNOLOGY
PROJECTS AND INVESTMENTS.
(a) Plan Required.--
(1) In general.--The Secretary of Veterans Affairs shall
submit to the appropriate committees of Congress a plan for
expenditures of the Department of Veterans Affairs relating
to large information technology projects and investments.
(2) Contents.--The report submitted under paragraph (1)
shall include the following:
(A) Identification of each information technology project
and investment planned by the Secretary for which the
Secretary estimates the Department will expend or obligate
$25,000,000 or more for development and sustainment over a
three-year lifecycle.
(B) For each such project and investment, a description
of--
(i) the functional and performance capabilities to be
delivered and the mission benefits to be realized;
(ii) the estimated lifecycle cost, including estimates for
development as well as maintenance and operations; and
(iii) key milestones to be met.
(C) Demonstration that each project and investment is--
(i) consistent with the Information Technology
Modernization Plan of the Department, or successor plan;
(ii) being managed in accordance with applicable lifecycle
management policies and guidance; and
(iii) subject to applicable planning and investment control
requirements of the Department.
(D) A statement as to whether the plan has been reviewed by
the Comptroller General of the United States.
(b) Definition of Appropriate Committees of Congress.--In
this section, the term ``appropriate committees of Congress''
means--
(1) the Committee on Veterans' Affairs and the Committee on
Appropriations of the Senate; and
(2) the Committee on Veterans' Affairs and the Committee on
Appropriations of the House of Representatives.
SEC. 4. BUDGET JUSTIFICATION FOR DEPARTMENT OF VETERANS
AFFAIRS INFORMATION TECHNOLOGY PROGRAMS.
The Secretary of Veterans Affairs shall ensure that
whenever the budget justification materials are submitted to
Congress in support of the Department of Veterans Affairs
budget for a fiscal year (as submitted with the budget of the
President for such fiscal year under section 1105(a) of title
31, United States Code), such budget justification materials
include a specific accounting, including life cycle costs, of
all funds requested for the information technology programs
of the Department.
SEC. 5. DEPARTMENT OF VETERANS AFFAIRS COMPLIANCE WITH OFFICE
OF MANAGEMENT AND BUDGET DATA CENTER
OPTIMIZATION INITIATIVE.
(a) Requirement.--The Secretary of Veterans Affairs shall
ensure that the Department of Veterans Affairs complies with
all applicable requirements of the Data Center Optimization
Initiative (DCOI) of the Office of Management and Budget,
including by--
(1) fully identifying the data center inventory of the
Department; and
(2) meeting any targets assigned by the Director of the
Office of Management and Budget pursuant to such initiative
regarding data center closures, optimization savings, and
optimization metrics.
(b) Plan for Compliance.--Not later than 90 days after the
date of the enactment of this Act, the Secretary shall submit
to the Committee on Veterans' Affairs of the Senate and the
Committee on Veterans' Affairs of the House of
Representatives a plan to fully comply with the requirements
described in subsection (a).
(c) Annual Report.--Not later than March 31, 2020, and in
March of each year thereafter until the date on which the
Director of the Office of Management and Budget determines
that the Department is in full compliance with the
requirements of the initiative referred to in subsection (a),
the Secretary shall submit to the Committee on Veterans'
Affairs of the Senate and the Committee on Veterans' Affairs
of the House of Representatives a report on the progress of
the Secretary in carrying out the plan submitted under
subsection (b).
SEC. 6. ANNUAL LIST OF DEPARTMENT OF VETERANS AFFAIRS
INFORMATION TECHNOLOGY PROJECTS.
(a) Annual List.--Not less frequently than once each year,
the Secretary of Veterans Affairs shall submit to the
appropriate committees of Congress a comprehensive,
prioritized list of all information technology projects being
funded by the Department of Veterans Affairs, disaggregated
by business line or portfolio division.
(b) Definition of Appropriate Committees of Congress.--In
this section, the term ``appropriate committees of Congress''
means--
(1) the Committee on Veterans' Affairs and the Committee on
Appropriations of the Senate; and
(2) the Committee on Veterans' Affairs and the Committee on
Appropriations of the House of Representatives.
SEC. 7. ASSESSMENT OF SUITABILITY OF DEPARTMENT OF VETERANS
AFFAIRS INFORMATION TECHNOLOGY INVESTMENTS FOR
MIGRATION TO CLOUD COMPUTING SERVICE.
(a) Assessment Required.--Not later than one year after the
date of the enactment of this Act, the Secretary of Veterans
Affairs, acting through the Chief Information Officer of the
Department of Veterans Affairs, shall complete an assessment,
in accordance with guidance from the Office of Management and
Budget, of all information technology investments of the
Department of Veterans Affairs to determine the suitability
of the investments for migration to a cloud computing
service.
(b) Mechanism To Track Savings.--The Secretary shall create
a consistent and repeatable mechanism to track savings and
cost avoidances from--
(1) migration of information technology investments to
cloud computing services; and
(2) deployment of cloud computing services.
(c) Report on Spending.--Not later than 180 days after the
date of the enactment of this Act, the Secretary, acting
through the Chief, shall submit to the appropriate committees
of Congress a report on spending by the Department on
information technology investments, disaggregated by
information technology investment.
(d) Definition of Appropriate Committees of Congress.--In
this section, the term ``appropriate committees of Congress''
means--
(1) the Committee on Veterans' Affairs and the Committee on
Appropriations of the Senate; and
(2) the Committee on Veterans' Affairs and the Committee on
Appropriations of the House of Representatives.
SEC. 8. DEPARTMENT OF VETERANS AFFAIRS INFORMATION TECHNOLOGY
MANAGEMENT POLICIES WITH RESPECT TO ROLE OF
CHIEF INFORMATION OFFICER.
The Secretary of Veterans Affairs shall ensure that the
information technology management policies of the Department
of Veterans Affairs address the role of the Chief Information
Officer of the Department with respect to the following key
responsibilities:
(1) Information technology strategic planning.
(2) Information technology workforce.
(3) Information technology planning, programming, and
budgeting.
(4) Information technology investment management.
(5) Innovations and emerging technologies.
SEC. 9. CONTINUOUS MONITORING STRATEGY TO IMPROVE INFORMATION
SECURITY PROGRAMS OF DEPARTMENT OF VETERANS
AFFAIRS.
In order to improve information security programs of the
Department of Veterans Affairs, the Secretary of Veterans
Affairs shall develop a continuous monitoring strategy that
addresses the following:
(1) Organization-defined metrics.
(2) Frequency of monitoring metrics.
(3) Ongoing status monitoring of metrics.
(4) Reporting of security status.
SEC. 10. REVISION OF PROCESSES OF DEPARTMENT OF VETERANS
AFFAIRS OFFICE OF INFORMATION AND TECHNOLOGY
RELATING TO RISK MANAGEMENT.
(a) In General.--Not later than 90 days after the date of
the enactment of this Act, the Secretary of Veterans Affairs,
acting through the Chief Information Officer of the
Department of Veterans Affairs, shall revise the processes of
the Office of Information and Technology of the Department
relating to risk management to include the following:
[[Page S4650]]
(1) Determining costs and benefits of implementing the risk
mitigation plan for each risk.
(2) Collecting performance measures on risk handling
activities.
(b) Review by Comptroller General of the United States.--
Not later than 180 days after the date of the enactment of
this Act, the Comptroller General of the United States shall
complete a review of the processes revised pursuant to
subsection (a).
____________________