[United States Statutes at Large, Volume 128, 113th Congress, 2nd Session]
[From the U.S. Government Publishing Office, www.gpo.gov]


Public Law 113-245
113th Congress

An Act


 
To require the Transportation Security Administration to implement best
practices and improve transparency with regard to technology acquisition
programs, and for other purposes. <>

Be it enacted by the Senate and House of Representatives of the
United States of America in Congress assembled, <>
SECTION 1. <>  SHORT TITLE.

This Act may be cited as the ``Transportation Security Acquisition
Reform Act''.
SEC. 2. <>  FINDINGS.

Congress finds the following:
(1) The Transportation Security Administration has not
consistently implemented Department of Homeland Security
policies and Government best practices for acquisition and
procurement.
(2) The Transportation Security Administration has only
recently developed a multiyear technology investment plan, and
has underutilized innovation opportunities within the private
sector, including from small businesses.
(3) The Transportation Security Administration has faced
challenges in meeting key performance requirements for several
major acquisitions and procurements, resulting in reduced
security effectiveness and wasted expenditures.
SEC. 3. TRANSPORTATION SECURITY ADMINISTRATION ACQUISITION REFORM.

(a) In General.--Title XVI of the Homeland Security Act of 2002
(Public Law 107-296; 116 Stat. 2312) <>  is
amended to read as follows:

``TITLE XVI--TRANSPORTATION SECURITY

``Subtitle A--General Provisions

``SEC. 1601. <>  DEFINITIONS.

``In this title:
``(1) Administration.--The term `Administration' means the
Transportation Security Administration.
``(2) Administrator.--The term `Administrator' means the
Administrator of the Transportation Security Administration.

[[Page 2872]]

``(3) Plan.--The term `Plan' means the strategic 5-year
technology investment plan developed by the Administrator under
section 1611.
``(4) Security-related technology.--The term `security-
related technology' means any technology that assists the
Administration in the prevention of, or defense against, threats
to United States transportation systems, including threats to
people, property, and information.

``Subtitle B--Transportation Security Administration Acquisition
Improvements

``SEC. 1611. <>  5-YEAR TECHNOLOGY INVESTMENT
PLAN.

``(a) In General. <> --The Administrator shall--
``(1) not later than 180 days after the date of the
enactment of the Transportation Security Acquisition Reform Act,
develop and submit to Congress a strategic 5-year technology
investment plan, that may include a classified addendum to
report sensitive transportation security risks, technology
vulnerabilities, or other sensitive security information; and
``(2) <>  to the
extent possible, publish the Plan in an unclassified format in
the public domain.

``(b) Consultation.--The Administrator shall develop the Plan in
consultation with--
``(1) the Under Secretary for Management;
``(2) the Under Secretary for Science and Technology;
``(3) the Chief Information Officer; and
``(4) the aviation industry stakeholder advisory committee
established by the Administrator.

``(c) Approval.--The Administrator may not publish the Plan under
subsection (a)(2) until it has been approved by the Secretary.
``(d) Contents of Plan.--The Plan shall include--
``(1) an analysis of transportation security risks and the
associated capability gaps that would be best addressed by
security-related technology, including consideration of the most
recent quadrennial homeland security review under section 707;
``(2) a set of security-related technology acquisition needs
that--
``(A) is prioritized based on risk and associated
capability gaps identified under paragraph (1); and
``(B) includes planned technology programs and
projects with defined objectives, goals, timelines, and
measures;
``(3) an analysis of current and forecast trends in domestic
and international passenger travel;
``(4) an identification of currently deployed security-
related technologies that are at or near the end of their
lifecycles;
``(5) an identification of test, evaluation, modeling, and
simulation capabilities, including target methodologies,
rationales, and timelines necessary to support the acquisition
of the security-related technologies expected to meet the needs
under paragraph (2);
``(6) an identification of opportunities for public-private
partnerships, small and disadvantaged company participation,
intragovernment collaboration, university centers of excellence,
and national laboratory technology transfer;

[[Page 2873]]

``(7) an identification of the Administration's acquisition
workforce needs for the management of planned security-related
technology acquisitions, including consideration of leveraging
acquisition expertise of other Federal agencies;
``(8) an identification of the security resources, including
information security resources, that will be required to protect
security-related technology from physical or cyber theft,
diversion, sabotage, or attack;
``(9) an identification of initiatives to streamline the
Administration's acquisition process and provide greater
predictability and clarity to small, medium, and large
businesses, including the timeline for testing and evaluation;
``(10) an assessment of the impact to commercial aviation
passengers;
``(11) a strategy for consulting airport management, air
carrier representatives, and Federal security directors whenever
an acquisition will lead to the removal of equipment at
airports, and how the strategy for consulting with such
officials of the relevant airports will address potential
negative impacts on commercial passengers or airport operations;
and
``(12) <>  in consultation with the
National Institutes of Standards and Technology, an
identification of security-related technology interface
standards, in existence or if implemented, that could promote
more interoperable passenger, baggage, and cargo screening
systems.

``(e) Leveraging the Private Sector.--To the extent possible, and in
a manner that is consistent with fair and equitable practices, the Plan
shall--
``(1) leverage emerging technology trends and research and
development investment trends within the public and private
sectors;
``(2) incorporate private sector input, including from the
aviation industry stakeholder advisory committee established by
the Administrator, through requests for information, industry
days, and other innovative means consistent with the Federal
Acquisition Regulation; and
``(3) <>  in consultation with the
Under Secretary for Science and Technology, identify
technologies in existence or in development that, with or
without adaptation, are expected to be suitable to meeting
mission needs.

``(f) Disclosure. <> --The Administrator shall include
with the Plan a list of nongovernment persons that contributed to the
writing of the Plan.

``(g) Update and Report.--Beginning 2 years after the date the Plan
is submitted to Congress under subsection (a), and biennially
thereafter, the Administrator shall submit to Congress--
``(1) an update of the Plan; and
``(2) a report on the extent to which each security-related
technology acquired by the Administration since the last
issuance or update of the Plan is consistent with the planned
technology programs and projects identified under subsection
(d)(2) for that security-related technology.
``SEC. 1612. <>  ACQUISITION JUSTIFICATION AND
REPORTS.

``(a) Acquisition Justification.-- <> Before
the Administration implements any security-related technology
acquisition, the Administrator, in accordance with the Department's
policies and

[[Page 2874]]

directives, shall determine whether the acquisition is justified by
conducting an analysis that includes--
``(1) an identification of the scenarios and level of risk
to transportation security from those scenarios that would be
addressed by the security-related technology acquisition;
``(2) an assessment of how the proposed acquisition aligns
to the Plan;
``(3) a comparison of the total expected lifecycle cost
against the total expected quantitative and qualitative benefits
to transportation security;
``(4) an analysis of alternative security solutions,
including policy or procedure solutions, to determine if the
proposed security-related technology acquisition is the most
effective and cost-efficient solution based on cost-benefit
considerations;
``(5) an assessment of the potential privacy and civil
liberties implications of the proposed acquisition that
includes, to the extent practicable, consultation with
organizations that advocate for the protection of privacy and
civil liberties;
``(6) a determination that the proposed acquisition is
consistent with fair information practice principles issued by
the Privacy Officer of the Department;
``(7) confirmation that there are no significant risks to
human health or safety posed by the proposed acquisition; and
``(8) an estimate of the benefits to commercial aviation
passengers.

``(b) <>  Reports and Certification to
Congress.--
``(1) In general. <> --Not later than the
end of the 30-day period preceding the award by the
Administration of a contract for any security-related technology
acquisition exceeding $30,000,000, the Administrator shall
submit to the Committee on Commerce, Science, and Transportation
of the Senate and the Committee on Homeland Security of the
House of Representatives--
``(A) the results of the comprehensive acquisition
justification under subsection (a); and
``(B) a certification by the Administrator that the
benefits to transportation security justify the contract
cost.
``(2) Extension due to imminent terrorist threat.--If there
is a known or suspected imminent threat to transportation
security, the Administrator--
``(A) may reduce the 30-day period under paragraph
(1) to 5 days to rapidly respond to the threat; and
``(B) <>  shall immediately
notify the Committee on Commerce, Science, and
Transportation of the Senate and the Committee on
Homeland Security of the House of Representatives of the
known or suspected imminent threat.
``SEC. 1613. <>  ACQUISITION BASELINE
ESTABLISHMENT AND REPORTS.

``(a) Baseline Requirements.--
``(1) In general.--Before the Administration implements any
security-related technology acquisition, the appropriate
acquisition official of the Department shall establish and
document a set of formal baseline requirements.
``(2) Contents.--The baseline requirements under paragraph
(1) shall--

[[Page 2875]]

``(A) include the estimated costs (including
lifecycle costs), schedule, and performance milestones
for the planned duration of the acquisition;
``(B) identify the acquisition risks and a plan for
mitigating those risks; and
``(C) assess the personnel necessary to manage the
acquisition process, manage the ongoing program, and
support training and other operations as necessary.
``(3) <>  Feasibility.--In establishing
the performance milestones under paragraph (2)(A), the
appropriate acquisition official of the Department, to the
extent possible and in consultation with the Under Secretary for
Science and Technology, shall ensure that achieving those
milestones is technologically feasible.
``(4) <>  Test and evaluation plan.--
The Administrator, in consultation with the Under Secretary for
Science and Technology, shall develop a test and evaluation plan
that describes--
``(A) the activities that are expected to be
required to assess acquired technologies against the
performance milestones established under paragraph
(2)(A);
``(B) the necessary and cost-effective combination
of laboratory testing, field testing, modeling,
simulation, and supporting analysis to ensure that such
technologies meet the Administration's mission needs;
``(C) an efficient planning schedule to ensure that
test and evaluation activities are completed without
undue delay; and
``(D) if commercial aviation passengers are expected
to interact with the security-related technology,
methods that could be used to measure passenger
acceptance of and familiarization with the security-
related technology.
``(5) Verification and validation.--The appropriate
acquisition official of the Department--
``(A) subject to subparagraph (B), shall utilize
independent reviewers to verify and validate the
performance milestones and cost estimates developed
under paragraph (2) for a security-related technology
that pursuant to section 1611(d)(2) has been identified
as a high priority need in the most recent Plan; and
``(B) shall ensure that the use of independent
reviewers does not unduly delay the schedule of any
acquisition.
``(6) Streamlining access for interested vendors.--The
Administrator shall establish a streamlined process for an
interested vendor of a security-related technology to request
and receive appropriate access to the baseline requirements and
test and evaluation plans that are necessary for the vendor to
participate in the acquisitions process for that technology.

``(b) Review of Baseline Requirements and Deviation; Report to
Congress.--
``(1) Review.--
``(A) In general.--The appropriate acquisition
official of the Department shall review and assess each
implemented acquisition to determine if the acquisition
is meeting the baseline requirements established under
subsection (a).
``(B) Test and evaluation assessment.--The review
shall include an assessment of whether--

[[Page 2876]]

``(i) the planned testing and evaluation
activities have been completed; and
``(ii) the results of that testing and
evaluation demonstrate that the performance
milestones are technologically feasible.
``(2) Report.--Not later than 30 days after making a finding
described in clause (i), (ii), or (iii) of subparagraph (A), the
Administrator shall submit a report to the Committee on
Commerce, Science, and Transportation of the Senate and the
Committee on Homeland Security of the House of Representatives
that includes--
``(A) the results of any assessment that finds
that--
``(i) the actual or planned costs exceed the
baseline costs by more than 10 percent;
``(ii) the actual or planned schedule for
delivery has been delayed by more than 180 days;
or
``(iii) there is a failure to meet any
performance milestone that directly impacts
security effectiveness;
``(B) the cause for such excessive costs, delay, or
failure; and
``(C) <>  a plan for corrective
action.
``SEC. 1614. <>  INVENTORY
UTILIZATION.

``(a) In General.--Before the procurement of additional quantities
of equipment to fulfill a mission need, the Administrator, to the extent
practicable, shall utilize any existing units in the Administration's
inventory to meet that need.
``(b) Tracking of Inventory.--
``(1) In general.--The Administrator shall establish a
process for tracking--
``(A) the location of security-related equipment in
the inventory under subsection (a);
``(B) the utilization status of security-related
technology in the inventory under subsection (a); and
``(C) the quantity of security-related equipment in
the inventory under subsection (a).
``(2) Internal controls.--The Administrator shall implement
internal controls to ensure up-to-date accurate data on
security-related technology owned, deployed, and in use.

``(c) Logistics Management.--
``(1) In general.--The Administrator shall establish
logistics principles for managing inventory in an effective and
efficient manner.
``(2) Limitation on just-in-time logistics.--The
Administrator may not use just-in-time logistics if doing so--
``(A) would inhibit necessary planning for large-
scale delivery of equipment to airports or other
facilities; or
``(B) would unduly diminish surge capacity for
response to a terrorist threat.
``SEC. 1615. <>  SMALL BUSINESS CONTRACTING
GOALS.

<> ``Not later than 90 days after the
date of enactment of the Transportation Security Acquisition Reform Act,
and annually thereafter, the Administrator shall submit a report to the
Committee on Commerce, Science, and Transportation of the Senate and the
Committee on Homeland Security of the House of Representatives that
includes--

[[Page 2877]]

``(1) the Administration's performance record with respect
to meeting its published small-business contracting goals during
the preceding fiscal year;
``(2) if the goals described in paragraph (1) were not met
or the Administration's performance was below the published
small-business contracting goals of the Department--
``(A) a list of challenges, including deviations
from the Administration's subcontracting plans, and
factors that contributed to the level of performance
during the preceding fiscal year;
``(B) <>  an action plan, with
benchmarks, for addressing each of the challenges
identified in subparagraph (A) that--
``(i) <>  is prepared
after consultation with the Secretary of Defense
and the heads of Federal departments and agencies
that achieved their published goals for prime
contracting with small and minority-owned
businesses, including small and disadvantaged
businesses, in prior fiscal years; and
``(ii) identifies policies and procedures that
could be incorporated by the Administration in
furtherance of achieving the Administration's
published goal for such contracting; and
``(3) a status report on the implementation of the action
plan that was developed in the preceding fiscal year in
accordance with paragraph (2)(B), if such a plan was required.
``SEC. 1616. <>  CONSISTENCY WITH THE FEDERAL
ACQUISITION REGULATION AND DEPARTMENTAL
POLICIES AND DIRECTIVES.

``The Administrator shall execute the responsibilities set forth in
this subtitle in a manner consistent with, and not duplicative of, the
Federal Acquisition Regulation and the Department's policies and
directives.''.
(b) Conforming Amendment.--The table of contents in section 1(b) of
the Homeland Security Act of 2002 is amended by striking the items
relating to title XVI and inserting the following:

``TITLE XVI--TRANSPORTATION SECURITY

``Subtitle A--General Provisions

``Sec. 1601. Definitions.

``Subtitle B--Transportation Security Administration Acquisition
Improvements

``Sec. 1611. 5-year technology investment plan.
``Sec. 1612. Acquisition justification and reports.
``Sec. 1613. Acquisition baseline establishment and reports.
``Sec. 1614. Inventory utilization.
``Sec. 1615. Small business contracting goals.
``Sec. 1616. Consistency with the Federal acquisition regulation and
departmental policies and directives.''.

(c) Prior Amendments Not Affected. <> --
Nothing in this section may be construed to affect any amendment made by
title XVI of the Homeland Security Act of 2002 as in effect before the
date of enactment of this Act.
SEC. 4. GOVERNMENT ACCOUNTABILITY OFFICE REPORTS.

(a) <>  Implementation of Previous
Recommendations.--Not later than 1 year after the date of enactment of
this Act, the Comptroller General of the United States shall submit a
report to Congress that contains an assessment of the Transportation
Security Administration's implementation of recommendations

[[Page 2878]]

regarding the acquisition of security-related technology that were made
by the Government Accountability Office before the date of the enactment
of this Act.

(b) <>  Implementation of Subtitle B of Title
XVI.--Not later than 1 year after the date of enactment of this Act and
3 years thereafter, the Comptroller General of the United States shall
submit a report to Congress that contains an evaluation of the
Transportation Security Administration's progress in implementing
subtitle B of title XVI of the Homeland Security Act of 2002, as amended
by section 3, including any efficiencies, cost savings, or delays that
have resulted from such implementation.
SEC. 5. REPORT ON FEASIBILITY OF INVENTORY TRACKING.

Not later than 90 days after the date of enactment of this Act, the
Administrator of the Transportation Security Administration shall submit
a report to Congress on the feasibility of tracking security-related
technology, including software solutions, of the Administration through
automated information and data capture technologies.
SEC. 6. GOVERNMENT ACCOUNTABILITY OFFICE REVIEW OF TSA'S TEST AND
EVALUATION PROCESS.

<> Not later than 1 year after the date
of enactment of this Act, the Comptroller General of the United States
shall submit a report to Congress that includes--
(1) an evaluation of the Transportation Security
Administration's testing and evaluation activities related to
security-related technology;
(2) information on the extent to which--
(A) the execution of such testing and evaluation
activities is aligned, temporally and otherwise, with
the Administration's annual budget request, acquisition
needs, planned procurements, and acquisitions for
technology programs and projects; and
(B) security-related technology that has been
tested, evaluated, and certified for use by the
Administration but was not procured by the
Administration, including the reasons the procurement
did not occur; and
(3) recommendations--
(A) to improve the efficiency and efficacy of such
testing and evaluation activities; and
(B) to better align such testing and evaluation with
the acquisitions process.

[[Page 2879]]

SEC. 7. NO ADDITIONAL AUTHORIZATION OF APPROPRIATIONS.

No additional funds are authorized to be appropriated to carry out
this Act or the amendments made by this Act.

Approved December 18, 2014.

LEGISLATIVE HISTORY--H.R. 2719 (S. 1893):
---------------------------------------------------------------------------

HOUSE REPORTS: No. 113-275 (Comm. on Homeland Security).
SENATE REPORTS: No. 113-274 (Comm. on Commerce, Science, and Transpor-
tation) accompanying S. 1893.
CONGRESSIONAL RECORD:
Vol. 159 (2013):
Dec. 3, considered and passed House.
Vol. 160 (2014):
Dec. 9, considered and passed
Senate, amended.
Dec. 10, House concurred in Senate
amendment.