[Senate Report 118-332]
[From the U.S. Government Publishing Office]
Calendar No. 752
118th Congress } { Report
SENATE
2d Session } { 118-332
_______________________________________________________________________
MODERNIZING GOVERNMENT TECHNOLOGY
REFORM ACT
__________
R E P O R T
of the
COMMITTEE ON HOMELAND SECURITY AND
GOVERNMENTAL AFFAIRS
UNITED STATES SENATE
to accompany
H.R. 5527
TO AMEND SECTION 1078 OF THE NATIONAL DEFENSE
AUTHORIZATION ACT FOR FISCAL YEAR 2018 TO INCREASE
THE EFFECTIVENESS OF THE TECHNOLOGY MODERNIZATION
FUND, AND FOR OTHER PURPOSES
[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]
December 19 (legislative day, December 16), 2024.--Ordered to be
printed
------
U.S. GOVERNMENT PUBLISHING OFFICE
59-010 WASHINGTON : 2025
COMMITTEE ON HOMELAND SECURITY AND GOVERNMENTAL AFFAIRS
GARY C. PETERS, Michigan, Chairman
THOMAS R. CARPER, Delaware RAND PAUL, Kentucky
MAGGIE HASSAN, New Hampshire RON JOHNSON, Wisconsin
KYRSTEN SINEMA, Arizona JAMES LANKFORD, Oklahoma
JACKY ROSEN, Nevada MITT ROMNEY, Utah
JON OSSOFF, Georgia RICK SCOTT, Florida
RICHARD BLUMENTHAL, Connecticut JOSH HAWLEY, Missouri
ADAM SCHIFF, California ROGER MARSHALL, Kansas
David M. Weinberg, Staff Director
Alan S. Kahn, Chief Counsel
Michelle M. Benecke, Senior Counsel
Tiffany Ann Shujath, U.S. Department of Homeland Security Detailee
William E. Henderson III, Minority Staff Director
Christina N. Salazar, Minority Chief Counsel
Andrew J. Hopkins, Minority Counsel
Laura W. Kilbride, Chief Clerk
Calendar No. 752
118th Congress } { Report
SENATE
2d Session } { 118-332
======================================================================
MODERNIZING GOVERNMENT TECHNOLOGY REFORM ACT
_______
December 19 (legislative day, December 16), 2024.--Ordered to be
printed
_______
Mr. Peters, from the Committee on Homeland Security and Governmental
Affairs, submitted the following
R E P O R T
[To accompany H.R. 5527]
[Including cost estimate of the Congressional Budget Office]
The Committee on Homeland Security and Governmental
Affairs, to which was referred the bill (H.R. 5527) to amend
section 1078 of the National Defense Authorization Act for
Fiscal Year 2018 to increase the effectiveness of the
Technology Modernization Fund, and for other purposes, having
considered the same, reports favorably thereon without
amendment and recommends the bill do pass.
CONTENTS
Page
I. Purpose and Summary..............................................1
II. Background and Need for the Legislation..........................2
III. Legislative History..............................................2
IV. Section-by-Section Analysis of the Bill, as Reported.............3
V. Evaluation of Regulatory Impact..................................4
VI. Congressional Budget Office Cost Estimate........................4
VII. Changes in Existing Law Made by the Bill, as Reported............6
I. Purpose and Summary
H.R. 5527, the Modernizing Government Technology Reform
Act, extends and revises the Technology Modernization Fund
(TMF), a revolving fund administered by the General Services
Administration for technology-related activities. The bill
reauthorizes the TMF and its governing board, the Technology
Modernization Board (TMB), which were established by the
bipartisan Modernizing Government Technology Act of 2017, which
passed as part of the National Defense Authorization Act for
Fiscal Year 2018.\1\
---------------------------------------------------------------------------
\1\Pub. Law 115-91 (2017).
---------------------------------------------------------------------------
The bill includes several measures to improve the
administration of the TMF and ensure program operations adhere
to congressional intent. It would require TMF awards to be
reimbursed at the level needed to ensure the fund is
operational until it sunsets and creates a new requirement that
federal agencies reimburse administrative fees. The bill also
establishes a Federal Legacy IT Inventory, an oversight tool
that will allow Congress to evaluate agency and government-wide
priority items for legacy information and technology systems
modernization and to assess how well the TMF does in funding
these projects.
II. Background and Need for the Legislation
The Technology Modernization Fund (TMF) was established to
improve information technology and enhance cybersecurity across
the federal government.\2\ Agencies may propose to use the fund
for information technology projects that meet certain criteria
set by the Office of Management and Budget (OMB). The
Technology Modernization Board, the governing board for the
TMF, reviews agency proposals and makes recommendations to the
General Services Administration (GSA) on which projects to
award funds. GSA then awards funds and transfers amounts for
funded projects to the relevant agencies, which are required to
reimburse the fund based on the written agreement made between
the agency and GSA in consultation with OMB.\3\
---------------------------------------------------------------------------
\2\National Defense Authorization Act for Fiscal Year 2018, Pub. L.
No. 115-91, (Section 1078).
\3\Id.
---------------------------------------------------------------------------
The TMF is a revolving fund, whereby federal agencies with
funded projects reimburse the fund at a level that would allow
the fund to remain operational and continue to fund projects
over time, until the fund sunsets. The TMF's funding model
offers agencies repayment flexibility outside of the
traditional budget cycle to tackle urgent IT projects. This
unique funding vehicle has enabled agencies to respond in real-
time to critical needs, show customers that they can deliver
modern products and services and, through oversight by the TMF
Board, remain accountable and transparent to taxpayers.\4\
---------------------------------------------------------------------------
\4\Celebrating 5 Years of the Technology Modernization Fund, The
White House (Mar. 14, 2023), (www.whitehouse.gov/omb/briefing-room/
2023/03/14/celebrating-5-years-of-the-technology-modernization-fund/).
---------------------------------------------------------------------------
The bill would extend until December 31, 2031 the award or
transfer of funds from the Fund for any project that is not
already in progress as of such date. The bill also establishes
oversight mechanisms that will allow Congress to assess
progress on government-wide priority items for legacy IT
modernization, and that will ensure increased transparency and
effectiveness.
III. Legislative History
Representative Nancy Mace (R-SC-1) introduced H.R. 5527,
the Modernizing Government Technology Reform Act, on September
18, 2023, with original cosponsor Representative Gerald
Connolly (D-VA-11). The House of Representatives considered
H.R. 5527 on May 21, 2024, under suspension of the rules, and
passed the bill, as amended, by voice vote.
The bill was referred to the Senate Committee on Homeland
Security and Governmental Affairs. The committee considered
H.R. 5527 at a business meeting on July 31, 2024. The bill was
ordered reported favorably by roll call vote of 10 yeas to 1
Nay, with Senators Peters, Carper, Hassan, Sinema, Rosen,
Ossoff, Blumenthal, Butler, Lankford, and Scott voting in the
affirmative, and Senator Paul voting in the negative. Senators
Romney, Hawley, and Marshall voted yea by proxy, for the record
only. Senator Johnson voted nay by proxy, for the record only.
IV. Section-by-Section Analysis of the Bill, as Reported
Section 1. Short title
This section establishes the short title of the bill as the
``Modernization Government Technology Reform Act.''
Section 2. Realigning use of funds with original congressional
intent
This section revises Section 1078 of the National Defense
Authorization Act for Fiscal Year 2018 (P.L. 115-91) (40 U.S.C.
11301 note, ``Establishment of Technology Modernization Fund
and Board'') as follows--
Paragraph (1) modifies the Technology Modernization Fund's
(TMF) authorized use of funds to retain authorization for the
TMF to transfer funds to the head of an agency to modernize,
retire, or replace legacy IT, enhance cybersecurity, improve
long-term efficiency and effectiveness of agency technology,
and improve agency mission delivery. The paragraph also adds a
new requirement for the TMF to transfer funds only to projects
that have not been denied or restricted by Congress and that
will reimburse the Fund to the extent necessary to keep the
Fund operational until it sunsets. The paragraph adds a new
requirement for the Administrator of the General Services
Administration (GSA) to terminate or suspend funding, upon
recommendation from the Technology Modernization Board (TMB),
for any project that includes fraudulent or misleading
information in its project proposal. The paragraph ensures
agencies are able and required to reimburse the TMF and
modifies the terms of repayment to require that it be set at a
level needed to keep the Fund operational until it sunsets, and
to require agencies to provide documents on project status and
use of commercial products and services before receiving funds.
The paragraph establishes a requirement that the fund publish
written agreements related to funded projects and requires
agencies to document market research on commercial products and
services for each project. Finally, the bill updates
requirements related to the Government Accountability Office's
biannual review.
Paragraph (2) adds new requirements to the Technology
Modernization Board's (TMB) project evaluation criteria,
requires the TMB to recommend the suspension or termination of
funds if the project proposal is found to have included
fraudulent or misleading statements, and requires the TMB to
monitor the operating costs of the TMF to ensure total amounts
are no less than those needed to keep the fund operational
until it sunsets.
Paragraph (3) requires that a senior official from the
Cybersecurity and Infrastructure Security Agency be made a
permanent member of the TMB.
Paragraph (4) requires GSA to ensure that total amounts in
the TMF are no less than needed to keep the fund operational
until it sunsets.
Paragraph (5) redesignates subsections to accommodate
changes made by the bill.
Paragraph (6) adds responsibilities of the Federal Chief
Information Officer and agency Chief Information Officers
related to the TMF. The paragraph provides definitions for
thesepositions, requires agency Chief Information Officers to
submit annually a list of high-risk legacy information technology
systems used, operated or maintained by the agency, and requires the
Federal Chief Information Officer to, within 90 days of receiving the
agency lists, compile agency inventories and prioritize 10 legacy
systems that present the greatest security, privacy and operational
risks to the federal government and transmit this list to Congress. The
paragraph also requires the Director of the Office of Management and
Budget to issue guidance on implementing the requirements of this
paragraph.
Paragraph (7) extends through December 31, 2031 the award
or transfer of funds from the Fund for any project that is not
already in progress as of such date.
V. Evaluation of Regulatory Impact
Pursuant to the requirements of paragraph 11(b) of rule
XXVI of the Standing Rules of the Senate, the Committee has
considered the regulatory impact of this bill and determined
that the bill will have no regulatory impact within the meaning
of the rules. The Committee agrees with the Congressional
Budget Office's (CBO) statement that the bill contains no
intergovernmental or private-sector mandates as defined in the
Unfunded Mandates Reform Act (UMRA) and would impose no costs
on state, local, or tribal governments.
VI. Congressional Budget Office Cost Estimate
The Congressional Budget Act of 1974 requires the
Congressional Budget Office, to the extent practicable, to
prepare estimates of the budgetary effects of legislation
ordered reported by Congressional authorizing committees. In
order to provide the Congress with as much information as
possible, the attached table summarizes information about the
estimated direct spending and revenue effects of some of the
legislation that has been ordered reported by the Senate
Committee on Homeland Security and Governmental Affairs during
the 118th Congress. The legislation listed in this table
generally would have small effects, if any, on direct spending
or revenues, CBO estimates. Where possible, the table also
provides information about the legislation's estimated effects
on spending subject to appropriation and on intergovernmental
and private-sector mandates as defined in the Unfunded Mandates
Reform Act.
ESTIMATED BUDGETARY EFFECTS AND MANDATES INFORMATION
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Spending
Last Budget Direct Revenues, subject to Pay-as-you-go Budgetary
Bill number Title Status action function spending, 2025-2034 appropriation, procedures effects Mandates Contact
2025-2034 2025-2029 apply? after 2034
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
H.R. 5527.................... Modernizing Ordered reported 07/31/24 800 0 0 Not Estimated... No No No Matthew
Government Pickford.
Technology
Reform Act.
H.R. 5527 would amend the National Defense Authorization Act for Fiscal Year 2018 to update uses of the Technology Modernization Fund (TMF), a working capital
fund designed to pay for retiring and replacing older information technology (IT) systems. H.R. 5527 also would create new reporting requirements for federal
agencies regarding IT systems. In 2024, $50 million was appropriated for the TMF. CBO estimates that enacting H.R. 5527 would not affect direct spending or
revenues. CBO has not estimated the legislation's effects on spending subject to appropriation. The legislation contains no intergovernmental or private-sector
mandates as defined in the Unfunded Mandates Reform Act.
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
VII. Changes in Existing Law Made by the Bill, as Reported
In compliance with paragraph 12 of rule XXVI of the
Standing Rules of the Senate, changes in existing law made by
the bill, as reported, are shown as follows (existing law
proposed to be omitted is enclosed in brackets, new matter is
printed in italic, and existing law in which no change is
proposed is shown in roman):
NATIONAL DEFENSE AUTHORIZATION
ACT FOR FISCAL YEAR 2018
* * * * * * *
DIVISION A--DEPARTMENT OF
DEFENSE AUTHORIZATIONS
* * * * * * *
TITLE X--GENERAL PROVISIONS
* * * * * * *
Subtitle G--Modernizing Government
Technology
* * * * * * *
SEC. 1078. ESTABLISHMENT OF TECHNOLOGY MODERNIZATION FUND
AND BOARD.
(a) * * *
(b) Technology Modernization Fund.--
(1) * * *
(2) * * *
[(3) Use of funds.--The Administrator shall, in
accordance with recommendations from the Board, use
amounts in the Fund--
[(A) to transfer such amounts, to remain
available until expended, to the head of an
agency for the acquisition of products and
services, or the development of such products
and services when more efficient and cost
effective, to improve, retire, or replace
existing Federal information technology systems
to enhance cybersecurity and privacy and
improve long-term efficiency and effectiveness;
[(B) to transfer such amounts, to remain
available until expended, to the head of an
agency for the operation and procurement of
information technology products and services,
or the development of such products and
services when more efficient and cost
effective, and acquisition vehicles for use by
agencies to improve Governmentwide efficiency
and cybersecurity in accordance with the
requirements of the agencies;
[(C) to provide services or work performed in
support of--
[(i) the activities described in
subparagraph (A) or (B); and
[(ii) the Board and the Director in
carrying out the responsibilities
described in subsection (c)(2); and
[(D) to fund only programs, projects, or
activities or to fund increases for any
programs, projects, or activities that have not
been denied or restricted by Congress.]
(3) Use of funds.--
(A) In general.--The Administrator shall, in
accordance with recommendations from the Board,
use amounts in the Fund for the following:
(i) To transfer such amounts, to
remain available until expended, to the
head of an agency for the acquisition,
procurement, and operation of
information technology, or the
development of information technology
when more efficient and cost effective,
to--
(I) modernize, retire, or
replace legacy information
technology systems used by the
agency;
(II) enhance cybersecurity
and privacy at the agency;
(III) improve long-term
efficiency and effectiveness of
agency information technology;
or
(IV) improve the ability of
the agency to perform the
mission of the agency and
deliver services to the public.
(ii) To provide services or work
performed in support of--
(I) the activities described
in clause (i); and
(II) the Board and the
Director in carrying out the
responsibilities described in
subsection (c)(2).
(iii) To fund only programs,
projects, or activities, or to fund
increases for any programs, projects,
or activities that have not been denied
or restricted by Congress.
(iv) To transfer such amounts only
for programs, projects, or activities
that will be reimbursed to the Fund to
the extent necessary to ensure total
amounts in the Fund are no less than
the amounts needed to keep the Fund
operational until the Fund sunsets
pursuant to subsection (g)(1).
(B) Termination or suspension of funds.--The
Administrator shall, in accordance with
recommendations from the Board, suspend or
terminate funding for any project with respect
to which the head of an agency provided
fraudulent or misleading statements about such
project (including fraudulent statements about
technical design, the business case, or program
management with respect to the project) in the
application or proposal for amounts from the
Fund for such project.
(4) * * *
(5) Reimbursement.--
(A) Reimbursement by agency.--
(i) In general.--The head of an
agency shall reimburse the Fund for any
transfer made under subparagraph (A)
[or (B)] of paragraph (3), including
any services or work performed in
support of the transfer under paragraph
[(3)(C)] (3)(A)(ii), in accordance with
the terms established in a written
agreement described in paragraph (6).
(ii) Reimbursement from subsequent
appropriations.--Notwithstanding any
other provision of law, an agency may
make a reimbursement required under
clause (i) from any appropriation made
available after the date of enactment
of this Act for information technology
activities[, consistent with any
applicable reprogramming law or
guidelines of the Committees on
Appropriations of the Senate and the
House of Representatives].
(iii) * * *
(B) Prices fixed by administrator.--
(i) In general.--The Administrator,
in consultation with the Director,
shall establish amounts to be paid by
an agency under this paragraph and the
terms of repayment for activities
funded under paragraph (3), including
any services or work performed in
support of that development under
[paragraph (3)(C)] paragraph
(3)(A)(ii), at levels sufficient to
ensure [the solvency of the Fund,
including operating expenses] total
amounts in the Fund are no less than
the amounts needed to keep the Fund
operational until the Fund sunsets
pursuant to subsection (g)(1).
(ii) * * *
(C) * * *
(6) Written agreement.--
(A) In general.--Before the transfer of funds
to an agency under [subparagraphs (A) and (B)
of paragraph (3)] paragraph (3)(A)(i) and
before any services or work are provided under
paragraph (3)(A)(ii)(I), the Administrator, in
consultation with the Director, and the head of
the agency shall enter into a written
agreement--
(i) documenting the purpose for which
the funds will be used and the terms of
repayment, which may not exceed 5 years
[unless approved by the Director][;
and]:
(ii) which shall include terms of
repayment that require the head of the
agency to reimburse the Fund for funds
transferred under paragraph (3)(A)(i)
at a level that ensures total amounts
in the Fund are no less than the
amounts needed to keep the Fund
operational until the Fund sunsets
pursuant to subsection (g)(1).
(iii) which shall include terms of
repayment that require the head of the
agency to fully reimburse the Fund for
any services or work provided under
paragraph (3)(A)(ii) in direct support
of the project; and
[(ii)] (iv) which shall be recorded
as an obligation as provided in
paragraph (5)(A).
(B) Requirement for use of incremental
funding, commercial products and services, and
rapid, iterative development practices.--The
Administrator shall ensure--
[(i) for any funds transferred to an
agency under paragraph (3)(A), in the
absence of compelling circumstances
documented by the Administrator at the
time of transfer, that such funds shall
be transferred only on an incremental
basis, tied to metric-based development
milestones achieved by the agency
through the use of rapid, iterative,
development processes; and]
(i) for any funds transferred to an
agency under paragraph (3)(A)(i), in
the absence of compelling circumstances
documented by the Administrator at the
time of transfer, that such funds shall
be transferred only--
(I) on an incremental basis,
tied to metric-based
development milestones achieved
by the agency through the use
of rapid, iterative,
development processes; and
(II) after the head of the
agency has provided the
Director any information the
Director is required to report
pursuant to paragraph
(7)(A)(i); and
(ii) that the use of commercial
products and services are incorporated
to the greatest extent practicable in
activities funded under [subparagraphs
(A) and (B) ofparagraph (3)] paragraph
(3)(A)(i), and that the written agreement required under [paragraph
(6)] this paragraph documents this preference.
(7) Reporting requirements.--
(A) List of projects.--
(i) In general.--Not later than 6
months after the date of enactment of
this Act, the Director shall maintain a
list of each project funded by the
Fund, to be updated not less than
quarterly, that includes a description
of the project, the written agreement
entered into under paragraph (6),
project status (including any schedule
delay and cost overruns), financial
expenditure data related to the
project, and the extent to which the
project is using commercial products
and services, including if applicable,
a justification of why commercial
products and services were not used
(including documented market research
into commercial products and services)
and the associated development and
integration costs of custom
development.
(ii) * * *
(B) Comptroller general reports.--Not later
than 2 years after the date of enactment of
this Act, and every 2 years thereafter, the
Comptroller General of the United States shall
submit to Congress and make publicly available
a report assessing--
(i) the costs associated with
[establishing] the Fund and maintaining
the oversight structure associated with
the Fund compared with [the cost
savings associated with the projects
funded both annually and over the life
of the acquired products and services
by the Fund;] the amount repaid to the
Fund in accordance with the terms
established in the written agreements
described in paragraph (6);
(ii) the [reliability of the cost
savings] total cost savings estimated
by agencies associated with projects
funded by the Fund[;] ; and
(iii) whether agencies receiving
transfers of funds from the Fund used
full and open competition to acquire
the custom development of information
technology products or services[; and].
[(iv) the number of IT procurement,
development, and modernization
programs, offices, and entities in the
Federal Government, including 18F and
the United States Digital Services, the
roles, responsibilities, and goals of
those programs and entities, and the
extent to which they duplicate work.]
(c) Technology modernization board.--
(1) * * *
(2) * * *
(A) * * *
(i) the ability for the head of the
agency to ensure repayment of funds
transferred from the Fund to the head
of the agency, in accordance with
subsection (b);
[(i)] (ii) * * *
[(ii)] (iii) having [the greatest
Governmentwide impact; and] the
greatest impact on modernizing,
retiring, or replacing Federal legacy
information technology systems; and
[(iii)] (iv) * * *
(B) * * *
(C) * * *
(D) to identify, with the assistance of the
Administrator, opportunities [to improve or
replace multiple information technology
systems] to modernize, retire, or replace
legacy information technology systems under
subsection (b)(3)(A)(i) with a smaller number
of information technology services common to
multiple agencies;
(E) * * *
(F) to monitor, in consultation with the
Administrator, progress and performance in
executing approved projects and, if necessary,
recommend the suspension or termination of
funding for projects based on factors including
the failure to meet the terms of a written
agreement described in subsection (b)(6) or the
identification of fraudulent or misleading
statements about the project (including
fraudulent statements about technical design,
the business case, or program management with
respect to the project) in the application or
proposal for amounts from the Fund for the
project; and
(G) to monitor the operating costs of the
Fund to ensure total amounts in the Fund are no
less than the amounts needed to keep the Fund
operational until the Fund sunsets pursuant to
subsection (g)(1).
(3) * * *
(4) * * *
(5) * * *
(A) * * *
(B) a senior official from the General
Services Administration having technical
expertise in information technology
development, appointed by the Administrator,
with the approval of the Director[.]; and
(C) a senior official from the Cybersecurity
and Infrastructure Security Agency of the
Department of Homeland Security, appointed by
the Director of the Cybersecurity and
Infrastructure Security Agency, with the
approval of the Director of the Office of
Management and Budget.
(6) Additional members of the board.--
(A) Appointment.--The other members of the
Board [shall be--] shall be 4 employees of the
Federal Government primarily having technical
expertise in information technology
development, financial management,
cybersecurity and privacy, and acquisition,
appointed by the Director.
(i) 1 employee of the National
Protection and Programs Directorate of
the Department of Homeland Security,
appointed by the Secretary of Homeland
Security; and
(ii) 4 employees of the Federal
Government primarily having technical
expertise in information technology
development, financial management,
cybersecurity and privacy, and
acquisition, appointed by the Director.
(7) * * *
(8) * * *
(d) Responsibilities of Administrator.--
(1) * * *
(2) Responsibilities.--The responsibilities of the
Administrator are--
(A) to provide direct technical support in
the form of personnel services or otherwise to
agencies transferred amounts under [subsection
(b)(3)(A) and for products, services, and
acquisition vehicles funded under subsection
(b)(3)(B)] subsection(b)(3);
(B) * * *
(C) to perform regular project oversight and
monitoring of approved agency modernization
projects, in consultation with the Board and
the Director, to increase the likelihood of
successful implementation and reduce waste and
ensure total amounts in the Fund are no less
than the amounts needed to keep the Fund
operational until the Fund sunsets pursuant to
subsection (g)(1); and
(D) * * *
(e) Responsibilities of the Federal Chief Information
Officer; Agency Chief Information Officers.--
(1) Agency inventory.--An agency Chief Information
Officer, in coordination with stakeholders and other
agency officials, shall provide to the Federal Chief
Information Officer--
(A) on or before the first September 30 that
occurs after the date of the enactment of the
Modernizing Government Technology Reform Act of
2023, a list of high-risk legacy information
technology systems used, operated, or
maintained by the agency, in accordance with
the guidance issued under paragraph (4); and
(B) on or before September 30 of each year
after the first year in which the list is
provided under subparagraph (A), any updates to
such list.
(2) Legacy federal it inventory.--The Federal Chief
Information Officer shall--
(A) on or before the first December 30 that
occurs after the date of enactment of the
Modernizing Government Technology Reform Act of
2023, compile a Legacy Federal IT Inventory on
the basis of the each list provided by an
agency Chief Information Officers under
paragraph (1)(A) that includes information
about each high-risk legacy information
technology system used, operated, or maintained
by an agency; and
(B) on or before December 30 each year after
the year in which the Legacy Federal IT
Inventory is compiled, update such Inventory on
the basis of each update to the list provided
by an agency Chief Information Officer under
paragraph (1)(B).
(3) Prioritization list.--
(A) Requirement.--The Federal Chief
Information Officer shall--
(i) not later than 90 days after the
date on which the Federal Chief
Information Officer receives the list
required by paragraph (1)(A) from each
agency Chief Information Officer,
compile, on the basis of each such
list, a list of 10 legacy information
technology systems that present the
greatest security, privacy, and
operational risks to the Federal
Government; and
(ii) not later than 90 days after the
date on which the Federal Chief
Information Officer receives updates
under paragraph (1)(B) from each agency
Chief Information Officer, update the
list required by subparagraph (A) on
the basis of each updates to the list
provided by agency Chief information
Officers under paragraph (1)(B).
(B) Report to congress.--Not later than 14
days after the date on which the Federal Chief
Information Officer compiles the list required
by subparagraph (A), or updates such list, the
Director shall submit to the Committee on
Oversight and Accountability of the House of
Representatives, the Committee on Homeland
Security and Governmental Affairs of the
Senate, and the Comptroller General of the
United States, a report (which may include a
classified annex) containing--
(i) such list (including any updates
made to such list under subparagraph
(A)(ii)); and
(ii) each list provided by an agency
Chief Information Officer under
paragraph (1)(A) (including any update
made to any such list under paragraph
(1)(B)).
(4) Guidance.--
(A) In general.--Not later than 180 days
after enactment of this Act, the Director shall
issue guidance on implementing the requirements
of this subsection that shall, at a minimum--
(i) prescribe an appropriate format
for the list to be provided under
paragraph (1)(A);
(ii) prescribe the information to be
included in the Legacy Federal IT
Inventory required by paragraph (2);
(iii) provide guidance on how the
agency Chief Information Officer should
identify high-risk legacy information
technology systems that, at least,
requires agency Chief Information
Officers, in coordination with other
agency stakeholders, to identify as a
high risk legacy information technology
system any outdated or obsolete system
of information technology that is
critical to the agency such that the
loss or degradation of the system would
create a security, operational, or
privacy risk to the agency or would
otherwise impact the ability of the
agency to perform the mission of the
agency, effectively deliver programs,
or conduct business; and
(iv) provide guidance on how existing
reporting structures can be used to
submit the Legacy Federal IT inventory
required by paragraph (2).
(B) Updates.--The Director may update the
guidance issued under subparagraph (A) as the
Director determines necessary.
(5) Definitions.--In this subsection:
(A) Agency chief information officer.--The
term ``agency Chief Information Officer'' means
a Chief Information Officer designated under
section 3506(a)(2) of title 44, United States
Code.
(B) Federal chief information officer.--The
term ``Federal Chief Information Officer''
means the Administrator of the Office of
Electronic Government.
[(e)] (f) * * *
[(f)] (g) Sunset.--
(1) In general.--[On and after the date that is 2
years after the date on which the Comptroller General
of the United States issues the third report required
under subsection (b)(7)(B),] After December 31, 2031,
the Administrator may not award or transfer funds from
the Fund for any project that is not already in
progress as of such date.
(2) * * *
(3) * * *
* * * * * * *
[all]