[113th Congress Public Law 245]
[From the U.S. Government Publishing Office]



[[Page 128 STAT. 2871]]

Public Law 113-245
113th Congress

                                 An Act


 
To require the Transportation Security Administration to implement best 
practices and improve transparency with regard to technology acquisition 
    programs, and for other purposes. <<NOTE: Dec. 18, 2014 -  [H.R. 
                                2719]>> 

    Be it enacted by the Senate and House of Representatives of the 
United States of America in Congress assembled, <<NOTE: Transportation 
Security Acquisition Reform Act.>> 
SECTION 1. <<NOTE: 6 USC 101 note.>>  SHORT TITLE.

    This Act may be cited as the ``Transportation Security Acquisition 
Reform Act''.
SEC. 2. <<NOTE: 6 USC 561 note.>>  FINDINGS.

    Congress finds the following:
            (1) The Transportation Security Administration has not 
        consistently implemented Department of Homeland Security 
        policies and Government best practices for acquisition and 
        procurement.
            (2) The Transportation Security Administration has only 
        recently developed a multiyear technology investment plan, and 
        has underutilized innovation opportunities within the private 
        sector, including from small businesses.
            (3) The Transportation Security Administration has faced 
        challenges in meeting key performance requirements for several 
        major acquisitions and procurements, resulting in reduced 
        security effectiveness and wasted expenditures.
SEC. 3. TRANSPORTATION SECURITY ADMINISTRATION ACQUISITION REFORM.

    (a) In General.--Title XVI of the Homeland Security Act of 2002 
(Public Law 107-296; 116 Stat. 2312) <<NOTE: 6 USC prec. 561.>>  is 
amended to read as follows:

                  ``TITLE XVI--TRANSPORTATION SECURITY

                    ``Subtitle A--General Provisions

``SEC. 1601. <<NOTE: 6 USC 561.>>  DEFINITIONS.

    ``In this title:
            ``(1) Administration.--The term `Administration' means the 
        Transportation Security Administration.
            ``(2) Administrator.--The term `Administrator' means the 
        Administrator of the Transportation Security Administration.

[[Page 128 STAT. 2872]]

            ``(3) Plan.--The term `Plan' means the strategic 5-year 
        technology investment plan developed by the Administrator under 
        section 1611.
            ``(4) Security-related technology.--The term `security-
        related technology' means any technology that assists the 
        Administration in the prevention of, or defense against, threats 
        to United States transportation systems, including threats to 
        people, property, and information.

    ``Subtitle B--Transportation Security Administration Acquisition 
                              Improvements

``SEC. 1611. <<NOTE: 6 USC 563.>>  5-YEAR TECHNOLOGY INVESTMENT 
                          PLAN.

    ``(a) In General. <<NOTE: Deadline.>> --The Administrator shall--
            ``(1) not later than 180 days after the date of the 
        enactment of the Transportation Security Acquisition Reform Act, 
        develop and submit to Congress a strategic 5-year technology 
        investment plan, that may include a classified addendum to 
        report sensitive transportation security risks, technology 
        vulnerabilities, or other sensitive security information; and
            ``(2) <<NOTE: Publication. Public information.>>  to the 
        extent possible, publish the Plan in an unclassified format in 
        the public domain.

    ``(b) Consultation.--The Administrator shall develop the Plan in 
consultation with--
            ``(1) the Under Secretary for Management;
            ``(2) the Under Secretary for Science and Technology;
            ``(3) the Chief Information Officer; and
            ``(4) the aviation industry stakeholder advisory committee 
        established by the Administrator.

    ``(c) Approval.--The Administrator may not publish the Plan under 
subsection (a)(2) until it has been approved by the Secretary.
    ``(d) Contents of Plan.--The Plan shall include--
            ``(1) an analysis of transportation security risks and the 
        associated capability gaps that would be best addressed by 
        security-related technology, including consideration of the most 
        recent quadrennial homeland security review under section 707;
            ``(2) a set of security-related technology acquisition needs 
        that--
                    ``(A) is prioritized based on risk and associated 
                capability gaps identified under paragraph (1); and
                    ``(B) includes planned technology programs and 
                projects with defined objectives, goals, timelines, and 
                measures;
            ``(3) an analysis of current and forecast trends in domestic 
        and international passenger travel;
            ``(4) an identification of currently deployed security-
        related technologies that are at or near the end of their 
        lifecycles;
            ``(5) an identification of test, evaluation, modeling, and 
        simulation capabilities, including target methodologies, 
        rationales, and timelines necessary to support the acquisition 
        of the security-related technologies expected to meet the needs 
        under paragraph (2);
            ``(6) an identification of opportunities for public-private 
        partnerships, small and disadvantaged company participation, 
        intragovernment collaboration, university centers of excellence, 
        and national laboratory technology transfer;

[[Page 128 STAT. 2873]]

            ``(7) an identification of the Administration's acquisition 
        workforce needs for the management of planned security-related 
        technology acquisitions, including consideration of leveraging 
        acquisition expertise of other Federal agencies;
            ``(8) an identification of the security resources, including 
        information security resources, that will be required to protect 
        security-related technology from physical or cyber theft, 
        diversion, sabotage, or attack;
            ``(9) an identification of initiatives to streamline the 
        Administration's acquisition process and provide greater 
        predictability and clarity to small, medium, and large 
        businesses, including the timeline for testing and evaluation;
            ``(10) an assessment of the impact to commercial aviation 
        passengers;
            ``(11) a strategy for consulting airport management, air 
        carrier representatives, and Federal security directors whenever 
        an acquisition will lead to the removal of equipment at 
        airports, and how the strategy for consulting with such 
        officials of the relevant airports will address potential 
        negative impacts on commercial passengers or airport operations; 
        and
            ``(12) <<NOTE: Consultation.>>  in consultation with the 
        National Institutes of Standards and Technology, an 
        identification of security-related technology interface 
        standards, in existence or if implemented, that could promote 
        more interoperable passenger, baggage, and cargo screening 
        systems.

    ``(e) Leveraging the Private Sector.--To the extent possible, and in 
a manner that is consistent with fair and equitable practices, the Plan 
shall--
            ``(1) leverage emerging technology trends and research and 
        development investment trends within the public and private 
        sectors;
            ``(2) incorporate private sector input, including from the 
        aviation industry stakeholder advisory committee established by 
        the Administrator, through requests for information, industry 
        days, and other innovative means consistent with the Federal 
        Acquisition Regulation; and
            ``(3) <<NOTE: Consultation.>>  in consultation with the 
        Under Secretary for Science and Technology, identify 
        technologies in existence or in development that, with or 
        without adaptation, are expected to be suitable to meeting 
        mission needs.

    ``(f) Disclosure. <<NOTE: Lists.>> --The Administrator shall include 
with the Plan a list of nongovernment persons that contributed to the 
writing of the Plan.

    ``(g) Update and Report.--Beginning 2 years after the date the Plan 
is submitted to Congress under subsection (a), and biennially 
thereafter, the Administrator shall submit to Congress--
            ``(1) an update of the Plan; and
            ``(2) a report on the extent to which each security-related 
        technology acquired by the Administration since the last 
        issuance or update of the Plan is consistent with the planned 
        technology programs and projects identified under subsection 
        (d)(2) for that security-related technology.
``SEC. 1612. <<NOTE: 6 USC 563a.>>  ACQUISITION JUSTIFICATION AND 
                          REPORTS.

    ``(a) Acquisition Justification.-- <<NOTE: Determination.>> Before 
the Administration implements any security-related technology 
acquisition, the Administrator, in accordance with the Department's 
policies and

[[Page 128 STAT. 2874]]

directives, shall determine whether the acquisition is justified by 
conducting an analysis that includes--
            ``(1) an identification of the scenarios and level of risk 
        to transportation security from those scenarios that would be 
        addressed by the security-related technology acquisition;
            ``(2) an assessment of how the proposed acquisition aligns 
        to the Plan;
            ``(3) a comparison of the total expected lifecycle cost 
        against the total expected quantitative and qualitative benefits 
        to transportation security;
            ``(4) an analysis of alternative security solutions, 
        including policy or procedure solutions, to determine if the 
        proposed security-related technology acquisition is the most 
        effective and cost-efficient solution based on cost-benefit 
        considerations;
            ``(5) an assessment of the potential privacy and civil 
        liberties implications of the proposed acquisition that 
        includes, to the extent practicable, consultation with 
        organizations that advocate for the protection of privacy and 
        civil liberties;
            ``(6) a determination that the proposed acquisition is 
        consistent with fair information practice principles issued by 
        the Privacy Officer of the Department;
            ``(7) confirmation that there are no significant risks to 
        human health or safety posed by the proposed acquisition; and
            ``(8) an estimate of the benefits to commercial aviation 
        passengers.

    ``(b) <<NOTE: Time periods.>>  Reports and Certification to 
Congress.--
            ``(1) In general. <<NOTE: Contracts.>> --Not later than the 
        end of the 30-day period preceding the award by the 
        Administration of a contract for any security-related technology 
        acquisition exceeding $30,000,000, the Administrator shall 
        submit to the Committee on Commerce, Science, and Transportation 
        of the Senate and the Committee on Homeland Security of the 
        House of Representatives--
                    ``(A) the results of the comprehensive acquisition 
                justification under subsection (a); and
                    ``(B) a certification by the Administrator that the 
                benefits to transportation security justify the contract 
                cost.
            ``(2) Extension due to imminent terrorist threat.--If there 
        is a known or suspected imminent threat to transportation 
        security, the Administrator--
                    ``(A) may reduce the 30-day period under paragraph 
                (1) to 5 days to rapidly respond to the threat; and
                    ``(B) <<NOTE: Notification.>>  shall immediately 
                notify the Committee on Commerce, Science, and 
                Transportation of the Senate and the Committee on 
                Homeland Security of the House of Representatives of the 
                known or suspected imminent threat.
``SEC. 1613. <<NOTE: 6 USC 563b.>>  ACQUISITION BASELINE 
                          ESTABLISHMENT AND REPORTS.

    ``(a) Baseline Requirements.--
            ``(1) In general.--Before the Administration implements any 
        security-related technology acquisition, the appropriate 
        acquisition official of the Department shall establish and 
        document a set of formal baseline requirements.
            ``(2) Contents.--The baseline requirements under paragraph 
        (1) shall--

[[Page 128 STAT. 2875]]

                    ``(A) include the estimated costs (including 
                lifecycle costs), schedule, and performance milestones 
                for the planned duration of the acquisition;
                    ``(B) identify the acquisition risks and a plan for 
                mitigating those risks; and
                    ``(C) assess the personnel necessary to manage the 
                acquisition process, manage the ongoing program, and 
                support training and other operations as necessary.
            ``(3) <<NOTE: Consultation.>>  Feasibility.--In establishing 
        the performance milestones under paragraph (2)(A), the 
        appropriate acquisition official of the Department, to the 
        extent possible and in consultation with the Under Secretary for 
        Science and Technology, shall ensure that achieving those 
        milestones is technologically feasible.
            ``(4) <<NOTE: Consultation.>>  Test and evaluation plan.--
        The Administrator, in consultation with the Under Secretary for 
        Science and Technology, shall develop a test and evaluation plan 
        that describes--
                    ``(A) the activities that are expected to be 
                required to assess acquired technologies against the 
                performance milestones established under paragraph 
                (2)(A);
                    ``(B) the necessary and cost-effective combination 
                of laboratory testing, field testing, modeling, 
                simulation, and supporting analysis to ensure that such 
                technologies meet the Administration's mission needs;
                    ``(C) an efficient planning schedule to ensure that 
                test and evaluation activities are completed without 
                undue delay; and
                    ``(D) if commercial aviation passengers are expected 
                to interact with the security-related technology, 
                methods that could be used to measure passenger 
                acceptance of and familiarization with the security-
                related technology.
            ``(5) Verification and validation.--The appropriate 
        acquisition official of the Department--
                    ``(A) subject to subparagraph (B), shall utilize 
                independent reviewers to verify and validate the 
                performance milestones and cost estimates developed 
                under paragraph (2) for a security-related technology 
                that pursuant to section 1611(d)(2) has been identified 
                as a high priority need in the most recent Plan; and
                    ``(B) shall ensure that the use of independent 
                reviewers does not unduly delay the schedule of any 
                acquisition.
            ``(6) Streamlining access for interested vendors.--The 
        Administrator shall establish a streamlined process for an 
        interested vendor of a security-related technology to request 
        and receive appropriate access to the baseline requirements and 
        test and evaluation plans that are necessary for the vendor to 
        participate in the acquisitions process for that technology.

    ``(b) Review of Baseline Requirements and Deviation; Report to 
Congress.--
            ``(1) Review.--
                    ``(A) In general.--The appropriate acquisition 
                official of the Department shall review and assess each 
                implemented acquisition to determine if the acquisition 
                is meeting the baseline requirements established under 
                subsection (a).
                    ``(B) Test and evaluation assessment.--The review 
                shall include an assessment of whether--

[[Page 128 STAT. 2876]]

                          ``(i) the planned testing and evaluation 
                      activities have been completed; and
                          ``(ii) the results of that testing and 
                      evaluation demonstrate that the performance 
                      milestones are technologically feasible.
            ``(2) Report.--Not later than 30 days after making a finding 
        described in clause (i), (ii), or (iii) of subparagraph (A), the 
        Administrator shall submit a report to the Committee on 
        Commerce, Science, and Transportation of the Senate and the 
        Committee on Homeland Security of the House of Representatives 
        that includes--
                    ``(A) the results of any assessment that finds 
                that--
                          ``(i) the actual or planned costs exceed the 
                      baseline costs by more than 10 percent;
                          ``(ii) the actual or planned schedule for 
                      delivery has been delayed by more than 180 days; 
                      or
                          ``(iii) there is a failure to meet any 
                      performance milestone that directly impacts 
                      security effectiveness;
                    ``(B) the cause for such excessive costs, delay, or 
                failure; and
                    ``(C) <<NOTE: Plans.>>  a plan for corrective 
                action.
``SEC. 1614. <<NOTE: Contracts. 6 USC 563c.>>  INVENTORY 
                          UTILIZATION.

    ``(a) In General.--Before the procurement of additional quantities 
of equipment to fulfill a mission need, the Administrator, to the extent 
practicable, shall utilize any existing units in the Administration's 
inventory to meet that need.
    ``(b) Tracking of Inventory.--
            ``(1) In general.--The Administrator shall establish a 
        process for tracking--
                    ``(A) the location of security-related equipment in 
                the inventory under subsection (a);
                    ``(B) the utilization status of security-related 
                technology in the inventory under subsection (a); and
                    ``(C) the quantity of security-related equipment in 
                the inventory under subsection (a).
            ``(2) Internal controls.--The Administrator shall implement 
        internal controls to ensure up-to-date accurate data on 
        security-related technology owned, deployed, and in use.

    ``(c) Logistics Management.--
            ``(1) In general.--The Administrator shall establish 
        logistics principles for managing inventory in an effective and 
        efficient manner.
            ``(2) Limitation on just-in-time logistics.--The 
        Administrator may not use just-in-time logistics if doing so--
                    ``(A) would inhibit necessary planning for large-
                scale delivery of equipment to airports or other 
                facilities; or
                    ``(B) would unduly diminish surge capacity for 
                response to a terrorist threat.
``SEC. 1615. <<NOTE: 6 USC 563d.>>  SMALL BUSINESS CONTRACTING 
                          GOALS.

     <<NOTE: Deadlines. Reports.>> ``Not later than 90 days after the 
date of enactment of the Transportation Security Acquisition Reform Act, 
and annually thereafter, the Administrator shall submit a report to the 
Committee on Commerce, Science, and Transportation of the Senate and the 
Committee on Homeland Security of the House of Representatives that 
includes--

[[Page 128 STAT. 2877]]

            ``(1) the Administration's performance record with respect 
        to meeting its published small-business contracting goals during 
        the preceding fiscal year;
            ``(2) if the goals described in paragraph (1) were not met 
        or the Administration's performance was below the published 
        small-business contracting goals of the Department--
                    ``(A) a list of challenges, including deviations 
                from the Administration's subcontracting plans, and 
                factors that contributed to the level of performance 
                during the preceding fiscal year;
                    ``(B) <<NOTE: Action plan.>>  an action plan, with 
                benchmarks, for addressing each of the challenges 
                identified in subparagraph (A) that--
                          ``(i) <<NOTE: Consultation.>>  is prepared 
                      after consultation with the Secretary of Defense 
                      and the heads of Federal departments and agencies 
                      that achieved their published goals for prime 
                      contracting with small and minority-owned 
                      businesses, including small and disadvantaged 
                      businesses, in prior fiscal years; and
                          ``(ii) identifies policies and procedures that 
                      could be incorporated by the Administration in 
                      furtherance of achieving the Administration's 
                      published goal for such contracting; and
            ``(3) a status report on the implementation of the action 
        plan that was developed in the preceding fiscal year in 
        accordance with paragraph (2)(B), if such a plan was required.
``SEC. 1616. <<NOTE: 6 USC 563e.>>  CONSISTENCY WITH THE FEDERAL 
                          ACQUISITION REGULATION AND DEPARTMENTAL 
                          POLICIES AND DIRECTIVES.

    ``The Administrator shall execute the responsibilities set forth in 
this subtitle in a manner consistent with, and not duplicative of, the 
Federal Acquisition Regulation and the Department's policies and 
directives.''.
    (b) Conforming Amendment.--The table of contents in section 1(b) of 
the Homeland Security Act of 2002 is amended by striking the items 
relating to title XVI and inserting the following:

                  ``TITLE XVI--TRANSPORTATION SECURITY

                    ``Subtitle A--General Provisions

``Sec. 1601. Definitions.

    ``Subtitle B--Transportation Security Administration Acquisition 
                              Improvements

``Sec. 1611. 5-year technology investment plan.
``Sec. 1612. Acquisition justification and reports.
``Sec. 1613. Acquisition baseline establishment and reports.
``Sec. 1614. Inventory utilization.
``Sec. 1615. Small business contracting goals.
``Sec. 1616. Consistency with the Federal acquisition regulation and 
           departmental policies and directives.''.

    (c) Prior Amendments Not Affected. <<NOTE: 6 USC 561 note.>> --
Nothing in this section may be construed to affect any amendment made by 
title XVI of the Homeland Security Act of 2002 as in effect before the 
date of enactment of this Act.
SEC. 4. GOVERNMENT ACCOUNTABILITY OFFICE REPORTS.

    (a) <<NOTE: Assessment.>>  Implementation of Previous 
Recommendations.--Not later than 1 year after the date of enactment of 
this Act, the Comptroller General of the United States shall submit a 
report to Congress that contains an assessment of the Transportation 
Security Administration's implementation of recommendations

[[Page 128 STAT. 2878]]

regarding the acquisition of security-related technology that were made 
by the Government Accountability Office before the date of the enactment 
of this Act.

    (b) <<NOTE: Evaluation.>>  Implementation of Subtitle B of Title 
XVI.--Not later than 1 year after the date of enactment of this Act and 
3 years thereafter, the Comptroller General of the United States shall 
submit a report to Congress that contains an evaluation of the 
Transportation Security Administration's progress in implementing 
subtitle B of title XVI of the Homeland Security Act of 2002, as amended 
by section 3, including any efficiencies, cost savings, or delays that 
have resulted from such implementation.
SEC. 5. REPORT ON FEASIBILITY OF INVENTORY TRACKING.

    Not later than 90 days after the date of enactment of this Act, the 
Administrator of the Transportation Security Administration shall submit 
a report to Congress on the feasibility of tracking security-related 
technology, including software solutions, of the Administration through 
automated information and data capture technologies.
SEC. 6. GOVERNMENT ACCOUNTABILITY OFFICE REVIEW OF TSA'S TEST AND 
                    EVALUATION PROCESS.

     <<NOTE: Deadline. Reports.>> Not later than 1 year after the date 
of enactment of this Act, the Comptroller General of the United States 
shall submit a report to Congress that includes--
            (1) an evaluation of the Transportation Security 
        Administration's testing and evaluation activities related to 
        security-related technology;
            (2) information on the extent to which--
                    (A) the execution of such testing and evaluation 
                activities is aligned, temporally and otherwise, with 
                the Administration's annual budget request, acquisition 
                needs, planned procurements, and acquisitions for 
                technology programs and projects; and
                    (B) security-related technology that has been 
                tested, evaluated, and certified for use by the 
                Administration but was not procured by the 
                Administration, including the reasons the procurement 
                did not occur; and
            (3) recommendations--
                    (A) to improve the efficiency and efficacy of such 
                testing and evaluation activities; and
                    (B) to better align such testing and evaluation with 
                the acquisitions process.

[[Page 128 STAT. 2879]]

SEC. 7. NO ADDITIONAL AUTHORIZATION OF APPROPRIATIONS.

    No additional funds are authorized to be appropriated to carry out 
this Act or the amendments made by this Act.

    Approved December 18, 2014.

LEGISLATIVE HISTORY--H.R. 2719 (S. 1893):
---------------------------------------------------------------------------

HOUSE REPORTS: No. 113-275 (Comm. on Homeland Security).
SENATE REPORTS: No. 113-274 (Comm. on Commerce, Science, and Transpor-
                    tation) accompanying S. 1893.
CONGRESSIONAL RECORD:
                                                        Vol. 159 (2013):
                                    Dec. 3, considered and passed House.
                                                        Vol. 160 (2014):
                                    Dec. 9, considered and passed 
                                        Senate, amended.
                                    Dec. 10, House concurred in Senate 
                                        amendment.

                                  <all>