[Senate Report 118-73]
[From the U.S. Government Publishing Office]


                                                  Calendar No. 156

118th Congress}                                           { Report
                                 SENATE
 1st Session  }                                           { 118-73

======================================================================
 
                    STRENGTHENING AGENCY MANAGEMENT

                  AND OVERSIGHT OF SOFTWARE ASSETS ACT

                               __________

                              R E P O R T

                                 OF THE

                   COMMITTEE ON HOMELAND SECURITY AND

                          GOVERNMENTAL AFFAIRS

                          UNITED STATES SENATE

                             TO ACCOMPANY

                                 S. 931

               TO IMPROVE THE VISIBILITY, ACCOUNTABILITY,
                 AND OVERSIGHT OF AGENCY SOFTWARE ASSET
              MANAGEMENT PRACTICES, AND FOR OTHER PURPOSES

[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]


                 July 25, 2023.--Ordered to be printed
                 
                            __________
					    
                               
                    U.S. GOVERNMENT PUBLISHING OFFICE                    
                           WASHINGTON : 2023                    
          
-----------------------------------------------------------------------------------                 
                
        COMMITTEE ON HOMELAND SECURITY AND GOVERNMENTAL AFFAIRS

                   GARY C. PETERS, Michigan, Chairman
THOMAS R. CARPER, Delaware           RAND PAUL, Kentucky
MAGGIE HASSAN, New Hampshire         RON JOHNSON, Wisconsin
KYRSTEN SINEMA, Arizona              JAMES LANKFORD, Oklahoma
JACKY ROSEN, Nevada                  MITT ROMNEY, Utah
ALEX PADILLA, California             RICK SCOTT, Florida
JON OSSOFF, Georgia                  JOSH HAWLEY, Missouri
RICHARD BLUMENTHAL, Connecticut      ROGER MARSHALL, Kansas

                   David M. Weinberg, Staff Director
                  Michelle M. Benecke, Senior Counsel
           William E. Henderson III, Minority Staff Director
              Christina N. Salazar, Minority Chief Counsel
                  Andrew J. Hopkins, Minority Counsel
                     Laura W. Kilbride, Chief Clerk


                                                  Calendar No. 156

118th Congress}                                           { Report
                                 SENATE
 1st Session  }                                           { 118-73

======================================================================
  STRENGTHENING AGENCY MANAGEMENT AND OVERSIGHT OF SOFTWARE ASSETS ACT

                                _______
                                

                 July 25, 2023.--Ordered to be printed

                                _______
                                

 Mr. Peters, from the Committee on Homeland Security and Governmental 
                    Affairs, submitted the following

                              R E P O R T

                         [To accompany S. 931]

      [Including cost estimate of the Congressional Budget Office]

    The Committee on Homeland Security and Governmental 
Affairs, to which was referred the bill (S. 931) to improve the 
visibility, accountability, and oversight of agency software 
asset management practices, and for other purposes, having 
considered the same, reports favorably thereon with an 
amendment, in the nature of a substitute, and recommends that 
the bill, as amended, do pass.

                                CONTENTS

                                                                   Page
  I. Purpose and Summary..............................................1
 II. Background and Need for the Legislation..........................2
III. Legislative History..............................................2
 IV. Section-by-Section Analysis of the Bill, as Reported.............3
  V. Evaluation of Regulatory Impact..................................5
 VI. Congressional Budget Office Cost Estimate........................5
VII. Changes in Existing Law Made by the Bill, as Reported............6

                         I. PURPOSE AND SUMMARY

    S. 931, Strengthening Agency Management and Oversight of 
Software Assets Act, seeks to reduce costs to taxpayers and 
improve agency cybersecurity. The bill requires agencies to 
conduct a comprehensive assessment of their software licensing, 
deployment, acquisition, and true use capabilities. The bill 
also requires agencies, after submitting the findings of the 
comprehensive assessment to the agency head, Congress, and the 
Comptroller General, to establish a plan to streamline and 
consolidate agency licenses. Further, the bill requires the 
Director of the Office of Management and Budget (OMB) to 
publish a government-wide strategy for software modernization, 
using information provided to the Director through agency plans 
and comprehensive assessments.

              II. BACKGROUND AND NEED FOR THE LEGISLATION

    Billions of dollars are spent on software purchases, 
contract re-ups, and license modifications every year, and the 
current way vendors sell (and agencies often purchase) software 
leaves agencies with incomplete information regarding what 
software assets have been purchased or are deployed on their 
networks.\1\ This bill requires comprehensive assessments of 
all agency software management contracts, including those 
through resellers or integrators, to provide Chief Information 
Officers (CIOs), Chief Financial Officers (CFOs), and Chief 
Acquisition Officers (CAOs) with a comprehensive, performance-
based assessment of their software assets.
---------------------------------------------------------------------------
    \1\See, Bill to overhaul agencies' software purchasing progresses 
in Senate, FEDSCOOP (May 17, 2023) (www.fedscoop.com/bill-to-overhaul-
agencies-software-purchasing-progresses-in-senate/); 2022 in review: 
FedRAMP reform enacted, SAMOSA Act progresses, FEDSCOOP (Dec. 31, 2022) 
(www.fedscoop.com/2022-in-review-fedramp-reform-enacted-samosa-act-
progresses/); Senate bill looks to software licensing for cost savings, 
Nextgov (Sept. 12, 2022) (www.nextgov.com/policy/2022/09/senate-bill-
looks-software-licensing-cost-savings/377050/); U.S. Government IT 
Spending Trends in 2022, ExecutiveBiz (Jun. 13, 2022) 
(www.executivebiz.com/articles/u-s-government-it-spending-trends-in-
2022/).
---------------------------------------------------------------------------
    This bill builds on previous efforts by Congress to ensure 
agencies have adequate visibility into their software license 
inventories. During the 114th Congress, Congress passed the 
Making Electronic Government Accountable By Yielding Tangible 
Efficiencies Act of 2016 (MEGABYTE Act).\2\ The MEGABYTE Act 
required the OMB Director to issue a directive to agencies that 
would require each executive agency CIO to develop a 
comprehensive software licensing policy.\3\
---------------------------------------------------------------------------
    \2\Pub. L. No. 114-210 (2016).
    \3\House Committee on Oversight and Government Reform, MEGABYTE Act 
of 2016 (May 2016) (H. Rept. 114-587) at 2.
---------------------------------------------------------------------------
    Beyond the requirements in the MEGABYTE Act, the intent of 
this bill is to enable greater visibility into the actual use, 
deployment, costs, and performance of all software assets in 
their environment. Therefore, this bill presses agencies to 
conduct comprehensive assessments of software purchased, 
deployed, or in use throughout the agency. Agencies are then 
required to consider enterprise-licensing agreements or 
otherwise streamline disparate agency procurements to improve 
visibility across all agency software assets. The goal of this 
bill is to empower agency CIOs to make smarter decisions and 
drive greater value in their software contracts, reduce costs, 
stop unnecessary software waste, and improve performance of 
agencies' critical software assets.
    Finally, this bill consolidates software purchasing 
government-wide, with the goal of reducing unnecessary spending 
and enhancing interoperability of the government's most robust 
and widely used software. The bill requires OMB to develop a 
strategy, based on the findings of the comprehensive 
assessments and agency-developed plans, to drive greater 
efficiencies on critical software asset management goals across 
all agencies.

                        III. LEGISLATIVE HISTORY

    Senator Gary Peters (D-MI) introduced S. 931, the 
Strengthening Agency Management and Oversight of Software 
Assets Act, on March 22, 2023, with original cosponsors Senator 
Bill Cassidy (R-LA), Senator Bill Hagerty (R-TN), Senator 
Thomas Tillis (R-NC), Senator Joni Ernst (R-IA), Senator Ron 
Wyden (D-OR), and Senator John Hickenlooper (D-CO). The bill 
was referred to the Committee on Homeland Security and 
Governmental Affairs.
    The Committee considered S. 931 at a business meeting on 
May 17, 2023. At the business meeting, Senator Peters offered a 
substitute amendment to the bill as well as modification to the 
substitute amendment that made technical changes to the bill 
and required that agencies' plans consider the prevalence of 
software used across multiple agencies and how that information 
might help streamline software purchases. The Committee adopted 
the modification to the Peters substitute amendment and the 
Peters substitute amendment, as modified, both by voice vote, 
with Senators Peters, Hassan, Sinema, Rosen, Padilla, Ossoff, 
Blumenthal, Paul, Lankford, Romney, and Scott present.
    The bill, as amended by the Peters substitute amendment as 
modified, was ordered reported favorably by roll call vote of 
11 yeas to 0 nays, with Senators Peters, Hassan, Sinema, Rosen, 
Padilla, Ossoff, Blumenthal, Paul, Lankford, Romney, and Scott 
voting in the affirmative, and with Senators Carper, Johnson, 
Hawley, and Marshall voting yea by proxy, for the record only.

        IV. SECTION BY SECTION ANALYSIS OF THE BILL, AS REPORTED

Section 1. Short title

    This section establishes the short title of the bill as the 
``Strengthening Agency Management and Oversight of Software 
Assets Act.''

Section 2. Definitions

    This section defines the terms ``administrator,'' 
``agency,'' ``cloud computing,'' ``cloud service provider,'' 
``comprehensive assessment,'' ``director,'' ``plan,'' 
``software entitlement,'' and ``software inventory.''

Section 3. Software entitlement and inventory integrity

    Subsection (a) requires each agency, not later than 18 
months after enactment, to conduct a comprehensive assessment 
of all software entitlements and software inventories of the 
agency (including specific requirements within the entitlements 
and inventories). Agency CIOs, CFOs, CAOs, and General Counsels 
are to work together to complete the comprehensive assessment. 
Requirements of the assessment include: the current software 
inventory, entitlements, contract, and other agreements; a 
detailed accounting of software used or deployed within an 
agency; information and data on software entitlements; a 
categorization of software entitlements by cost, volume, and 
type; a list of restrictions on the software; and an analysis 
addressing the accuracy of the assessment, the management of 
contracts, and the extent to which the agency captures the 
total cost of the entitlements.
    Subsection (b) allows for the agency to utilize contracts 
to support the work of the comprehensive assessment, provided 
there is no conflict of interest for the firm supporting the 
assessment and the contractor remains operationally independent 
from the agency.
    Subsection (c) stipulates that the agency CIO shall provide 
the findings of the comprehensive assessments to the agency 
head.
    Subsection (d) requires the agency head to submit the 
comprehensive assessment to the Director of OMB, Administrator 
of GSA, the Comptroller General, and the Senate Committee on 
Homeland Security and Governmental Affairs, and the House 
Committee on Oversight and Accountability within 30 days of 
receipt.
    Subsection (e) allows for OMB and GSA to consult with 
agencies as they develop their comprehensive assessments and 
provide additional support, if requested by the agency.

Section 4. Enterprise licensing positioning at agencies

    Subsection (a) requires the CIO, CFO, CAO, and Chief Data 
Officer of each agency to use the findings of the comprehensive 
assessment to develop a plan to consolidate agency software 
entitlement, including developing criteria and procedures for 
how the agency will adopt cost-effective acquisition 
strategies, which can include enterprise licensing. It also 
restricts operational entities from acquiring, using, 
developing, or operating any software entitlement or portion of 
a software entitlement without approval from the agency CIO, in 
consultation with the CAO.
    Subsection (b) establishes the requirements of information 
that shall be included in the plan, including: the remediation 
of any software asset management deficiency; ongoing 
maintenance of software asset management; automation of 
software license management processes; ensuring adequate 
training for officers and employees on software acquisitions; 
maximizing the effectiveness of deployed software through 
measuring usage, tracking segmentation of the user base, 
supporting effective governance, and supporting 
interoperability; identifying software categories for 
conversion to more cost-effective options; cost estimates to 
move toward enterprise, open-source, or similar software 
options; identifying mitigations to minimize restrictions; 
ensuring purchases are made on publicly available criteria; 
estimating what additional resources, services, or support the 
agency may need to implement the plan; and any other 
information deemed necessary by the agency CIO.
    Subsection (c) allows for the CIO of the agency to request 
the support of OMB or GSA to support the development of the 
plan.
    Subsection (d) requires the agency CIO to submit the plan 
to the OMB Director and to the appropriate Congressional 
Committees not later than one year after the completion of the 
comprehensive assessment in required Section 3.
    Subsection (e) requires the Director, in coordination with 
the GSA Administrator, the CIO Council, the CAO Council and 
other government and industry representatives identified by the 
Director, to establish processes to harmonize definitions and 
other information to support agency heads in developing their 
plans. OMB is required, in coordination with GSA, to submit to 
the Senate Committee on Homeland Security and Governmental 
Affairs and the House Committee on Oversight and Accountability 
a report detailing recommendations to leverage procurement 
policies and practices within two years, which must include 
ways that one or more agency can: increase interoperability of 
software licenses; consolidate licenses; reduce costs; improve 
performance; and modernize the management and oversight of 
software entitlements.

Section 5. GAO report

    This section requires the Comptroller General, within three 
years of enactment, to provide a report to Congress on agency 
cross comparisons and other government-wide analyses on agency 
software management practices, policies, and procedures 
regarding software licensing modernization.

Section 6. No additional funds

    This section prohibits additional funds from being 
authorized to be appropriated for the purpose of carrying out 
this bill.

                   V. EVALUATION OF REGULATORY IMPACT

    Pursuant to the requirements of paragraph 11(b) of rule 
XXVI of the Standing Rules of the Senate, the Committee has 
considered the regulatory impact of this bill and determined 
that the bill will have no regulatory impact within the meaning 
of the rules. The Committee agrees with the Congressional 
Budget Office's statement that the bill contains no 
intergovernmental or private-sector mandates as defined in the 
Unfunded Mandates Reform Act (UMRA) and would impose no costs 
on state, local, or tribal governments.

             VI. CONGRESSIONAL BUDGET OFFICE COST ESTIMATE
[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]


    S. 931 would direct federal agencies to inventory the 
software operating on their information networks. Under the 
bill, the Office of Management and Budget (OMB) would assess 
federal practices for purchasing software and develop methods 
for acquiring governmentwide licenses for software products 
that are used by multiple agencies. The bill also would require 
agencies to report to the Congress and the Government 
Accountability Office on the effectiveness of their efforts.
    OMB Memorandum M-22-18, Enhancing the Security of the 
Software Supply Chain through Secure Software Development 
Practices, issued on September 14, 2022, requires federal 
agencies to create software inventories. Thus, because most of 
the software management activities required under S. 931 will 
be completed under current law, CBO expects that satisfying 
those requirements would not have significant costs. On the 
basis of similar reports to the Congress, CBO estimates that 
satisfying the reporting requirements would cost $2 million 
over the 2023-2028 period. Such spending would be subject to 
the availability of appropriated funds.
    Enacting S. 931 could affect direct spending by some 
agencies that use fees, receipts from the sale of goods, and 
other collections to cover operating costs. CBO estimates that 
any net changes in direct spending would be negligible because 
most of those agencies can adjust amounts collected to 
accommodate changes in operating costs.
    The costs of the legislation, detailed in Table 1, fall 
within budget function 800 (general government).

                 TABLE 1.--ESTIMATED INCREASES IN SPENDING SUBJECT TO APPROPRIATION UNDER S. 931
----------------------------------------------------------------------------------------------------------------
                                                                 By fiscal year, millions of dollars--
                                                      ----------------------------------------------------------
                                                        2023    2024    2025    2026    2027    2028   2023-2028
----------------------------------------------------------------------------------------------------------------
Estimated Authorization..............................       0       2       *       *       0       0         2
Estimated Outlays....................................       0       2       *       *       0       0         2
----------------------------------------------------------------------------------------------------------------
* = between zero and $500,000.

    The CBO staff contact for this estimate is Aldo Prosperi. 
The estimate was reviewed by Chad Chirico, Deputy Director of 
Budget Analysis.

                                         Phillip L. Swagel,
                             Director, Congressional Budget Office.

       VII. CHANGES IN EXISTING LAW MADE BY THE BILL, AS REPORTED

    This legislation would make no change in existing law, 
within the meaning of clauses (a) and (b) of subparagraph 12 of 
rule XXVI of the Standing Rules of the Senate, because this 
legislation would not repeal or amend any provision of current 
law.

                                  [all]