HR 2458 EH
3601'.
--3701'.
11501'.
Passed the House of Representatives November 15 (legislative day, November
14), 2002.
Attest:
Clerk.
To enhance the management and promotion of electronic Government services and
processes by establishing a Federal Chief Information Officer within the Office
of Management and Budget, and by establishing a broad framework of measures that
require using Internet-based information technology to enhance citizen access to
Government information and services, and for other purposes.
END
`(4) Promote innovative uses of information technology by agencies,
particularly initiatives involving multiagency collaboration, through
support of pilot projects, research, experimentation, and the use of
innovative technologies.
`(5) Oversee the distribution of funds from, and ensure appropriate
administration and coordination of, the E-Government Fund established under
section 3604.
`(6) Coordinate with the Administrator of General Services regarding
programs undertaken by the General Services Administration to promote
electronic government and the efficient use of information technologies by
agencies.
`(7) Lead the activities of the Chief Information Officers Council
established under section 3603 on behalf of the Deputy Director for
Management, who shall chair the council.
`(8) Assist the Director in establishing policies which shall set the
framework for information technology standards for the Federal Government
developed by the National Institute of Standards and Technology and
promulgated by the Secretary of Commerce under section 11331 of title 40,
taking into account, if appropriate, recommendations of the Chief
Information Officers Council, experts, and interested parties from the
private and nonprofit sectors and State, local, and tribal governments, and
maximizing the use of commercial standards as appropriate, including the
following:
`(A) Standards and guidelines for interconnectivity and
interoperability as described under section 3504.
`(B) Consistent with the process under section 207(d) of the
E-Government Act of 2002, standards and guidelines for categorizing
Federal Government electronic information to enable efficient use of
technologies, such as through the use of extensible markup
language.
`(C) Standards and guidelines for Federal Government computer system
efficiency and security.
`(9) Sponsor ongoing dialogue that--
`(A) shall be conducted among Federal, State, local, and tribal
government leaders on electronic Government in the executive, legislative,
and judicial branches, as well as leaders in the private and nonprofit
sectors, to encourage collaboration and enhance understanding of best
practices and innovative approaches in acquiring, using, and managing
information resources;
`(B) is intended to improve the performance of governments in
collaborating on the use of information technology to improve the delivery
of Government information and services; and
`(C) may include--
`(i) development of innovative models--
`(I) for electronic Government management and Government
information technology contracts; and
`(II) that may be developed through focused discussions or using
separately sponsored research;
`(ii) identification of opportunities for public-private
collaboration in using Internet-based technology to increase the
efficiency of Government-to-business transactions;
`(iii) identification of mechanisms for providing incentives to
program managers and other Government employees to develop and implement
innovative uses of information technologies; and
`(iv) identification of opportunities for public, private, and
intergovernmental collaboration in addressing the disparities in access
to the Internet and information technology.
`(10) Sponsor activities to engage the general public in the development
and implementation of policies and programs, particularly activities aimed
at fulfilling the goal of using the most effective citizen-centered
strategies and those activities which engage multiple agencies providing
similar or related information and services.
`(11) Oversee the work of the General Services Administration and other
agencies in developing the integrated Internet-based system under section
204 of the E-Government Act of 2002.
`(12) Coordinate with the Administrator for Federal Procurement Policy
to ensure effective implementation of electronic procurement
initiatives.
`(13) Assist Federal agencies, including the General Services
Administration, the Department of Justice, and the United States Access
Board in--
`(A) implementing accessibility standards under section 508 of the
Rehabilitation Act of 1973 (29 U.S.C. 794d); and
`(B) ensuring compliance with those standards through the budget
review process and other means.
`(14) Oversee the development of enterprise architectures within and
across agencies.
`(15) Assist the Director and the Deputy Director for Management in
overseeing agency efforts to ensure that electronic Government activities
incorporate adequate, risk-based, and cost-effective security compatible
with business processes.
`(16) Administer the Office of Electronic Government established under
this section.
`(17) Assist the Director in preparing the E-Government report
established under section 3606.
`(g) The Director shall ensure that the Office of Management and Budget,
including the Office of Electronic Government, the Office of Information and
Regulatory Affairs, and other relevant offices, have adequate staff and
resources to properly fulfill all functions under the E-Government Act of
2002.
`Sec. 3603. Chief Information Officers Council
`(a) There is established in the executive branch a Chief Information
Officers Council.
`(b) The members of the Council shall be as follows:
`(1) The Deputy Director for Management of the Office of Management and
Budget, who shall act as chairperson of the Council.
`(2) The Administrator of the Office of Electronic Government.
`(3) The Administrator of the Office of Information and Regulatory
Affairs.
`(4) The chief information officer of each agency described under
section 901(b) of title 31.
`(5) The chief information officer of the Central Intelligence
Agency.
`(6) The chief information officer of the Department of the Army, the
Department of the Navy, and the Department of the Air Force, if chief
information officers have been designated for such departments under section
3506(a)(2)(B).
`(7) Any other officer or employee of the United States designated by
the chairperson.
`(c)(1) The Administrator of the Office of Electronic Government shall
lead the activities of the Council on behalf of the Deputy Director for
Management.
`(2)(A) The Vice Chairman of the Council shall be selected by the Council
from among its members.
`(B) The Vice Chairman shall serve a 1-year term, and may serve multiple
terms.
`(3) The Administrator of General Services shall provide administrative
and other support for the Council.
`(d) The Council is designated the principal interagency forum for
improving agency practices related to the design, acquisition, development,
modernization, use, operation, sharing, and performance of Federal Government
information resources.
`(e) In performing its duties, the Council shall consult regularly with
representatives of State, local, and tribal governments.
`(f) The Council shall perform functions that include the following:
`(1) Develop recommendations for the Director on Government information
resources management policies and requirements.
`(2) Share experiences, ideas, best practices, and innovative approaches
related to information resources management.
`(3) Assist the Administrator in the identification, development, and
coordination of multiagency projects and other innovative initiatives to
improve Government performance through the use of information
technology.
`(4) Promote the development and use of common performance measures for
agency information resources management under this chapter and title II of
the E-Government Act of 2002.
`(5) Work as appropriate with the National Institute of Standards and
Technology and the Administrator to develop recommendations on information
technology standards developed under section 20 of the National Institute of
Standards and Technology Act (15 U.S.C. 278g-3) and promulgated under
section 11331 of title 40, and maximize the use of commercial standards as
appropriate, including the following:
`(A) Standards and guidelines for interconnectivity and
interoperability as described under section 3504.
`(B) Consistent with the process under section 207(d) of the
E-Government Act of 2002, standards and guidelines for categorizing
Federal Government electronic information to enable efficient use of
technologies, such as through the use of extensible markup
language.
`(C) Standards and guidelines for Federal Government computer system
efficiency and security.
`(6) Work with the Office of Personnel Management to assess and address
the hiring, training, classification, and professional development needs of
the Government related to information resources management.
`(7) Work with the Archivist of the United States to assess how the
Federal Records Act can be addressed effectively by Federal information
resources management activities.
`Sec. 3604. E-Government Fund
`(a)(1) There is established in the Treasury of the United States the
E-Government Fund.
`(2) The Fund shall be administered by the Administrator of the General
Services Administration to support projects approved by the Director, assisted
by the Administrator of the Office of Electronic Government, that enable the
Federal Government to expand its ability, through the development and
implementation of innovative uses of the Internet or other electronic methods,
to conduct activities electronically.
`(3) Projects under this subsection may include efforts to--
`(A) make Federal Government information and services more readily
available to members of the public (including individuals, businesses,
grantees, and State and local governments);
`(B) make it easier for the public to apply for benefits, receive
services, pursue business opportunities, submit information, and otherwise
conduct transactions with the Federal Government; and
`(C) enable Federal agencies to take advantage of information technology
in sharing information and conducting transactions with each other and with
State and local governments.
`(b)(1) The Administrator shall--
`(A) establish procedures for accepting and reviewing proposals for
funding;
`(B) consult with interagency councils, including the Chief Information
Officers Council, the Chief Financial Officers Council, and other
interagency management councils, in establishing procedures and reviewing
proposals; and
`(C) assist the Director in coordinating resources that agencies receive
from the Fund with other resources available to agencies for similar
purposes.
`(2) When reviewing proposals and managing the Fund, the Administrator
shall observe and incorporate the following procedures:
`(A) A project requiring substantial involvement or funding from an
agency shall be approved by a senior official with agencywide authority on
behalf of the head of the agency, who shall report directly to the head of
the agency.
`(B) Projects shall adhere to fundamental capital planning and
investment control processes.
`(C) Agencies shall identify in their proposals resource commitments
from the agencies involved and how these resources would be coordinated with
support from the Fund, and include plans for potential continuation of
projects after all funds made available from the Fund are expended.
`(D) After considering the recommendations of the interagency councils,
the Director, assisted by the Administrator, shall have final authority to
determine which of the candidate projects shall be funded from the
Fund.
`(E) Agencies shall assess the results of funded projects.
`(c) In determining which proposals to recommend for funding, the
Administrator--
`(1) shall consider criteria that include whether a proposal--
`(A) identifies the group to be served, including citizens,
businesses, the Federal Government, or other governments;
`(B) indicates what service or information the project will provide
that meets needs of groups identified under subparagraph (A);
`(C) ensures proper security and protects privacy;
`(D) is interagency in scope, including projects implemented by a
primary or single agency that--
`(i) could confer benefits on multiple agencies; and
`(ii) have the support of other agencies; and
`(E) has performance objectives that tie to agency missions and
strategic goals, and interim results that relate to the objectives;
and
`(2) may also rank proposals based on criteria that include whether a
proposal--
`(A) has Governmentwide application or implications;
`(B) has demonstrated support by the public to be served;
`(C) integrates Federal with State, local, or tribal approaches to
service delivery;
`(D) identifies resource commitments from nongovernmental
sectors;
`(E) identifies resource commitments from the agencies
involved;
`(F) uses web-based technologies to achieve objectives;
`(G) identifies records management and records access
strategies;
`(H) supports more effective citizen participation in and interaction
with agency activities that further progress toward a more
citizen-centered Government;
`(I) directly delivers Government information and services to the
public or provides the infrastructure for delivery;
`(J) supports integrated service delivery;
`(K) describes how business processes across agencies will reflect
appropriate transformation simultaneous to technology implementation;
and
`(L) is new or innovative and does not supplant existing funding
streams within agencies.
`(d) The Fund may be used to fund the integrated Internet-based system
under section 204 of the E-Government Act of 2002.
`(e) None of the funds provided from the Fund may be transferred to any
agency until 15 days after the Administrator of the General Services
Administration has submitted to the Committees on Appropriations of the Senate
and the House of Representatives, the Committee on Governmental Affairs of the
Senate, the Committee on Government Reform of the House of Representatives,
and the appropriate authorizing committees of the Senate and the House of
Representatives, a notification and description of how the funds are to be
allocated and how the expenditure will further the purposes of this
chapter.
`(f)(1) The Director shall report annually to Congress on the operation of
the Fund, through the report established under section 3606.
`(2) The report under paragraph (1) shall describe--
`(A) all projects which the Director has approved for funding from the
Fund; and
`(B) the results that have been achieved to date for these funded
projects.
`(g)(1) There are authorized to be appropriated to the Fund--
`(A) $45,000,000 for fiscal year 2003;
`(B) $50,000,000 for fiscal year 2004;
`(C) $100,000,000 for fiscal year 2005;
`(D) $150,000,000 for fiscal year 2006; and
`(E) such sums as are necessary for fiscal year 2007.
`(2) Funds appropriated under this subsection shall remain available until
expended.
`Sec. 3605. Program to encourage innovative solutions to enhance electronic
Government services and processes
`(a) ESTABLISHMENT OF PROGRAM- The Administrator shall establish and
promote a Governmentwide program to encourage contractor innovation and
excellence in facilitating the development and enhancement of electronic
Government services and processes.
`(b) ISSUANCE OF ANNOUNCEMENTS SEEKING INNOVATIVE SOLUTIONS- Under the
program, the Administrator, in consultation with the Council and the
Administrator for Federal Procurement Policy, shall issue announcements
seeking unique and innovative solutions to facilitate the development and
enhancement of electronic Government services and processes.
`(c) MULTIAGENCY TECHNICAL ASSISTANCE TEAM- (1) The Administrator, in
consultation with the Council and the Administrator for Federal Procurement
Policy, shall convene a multiagency technical assistance team to assist in
screening proposals submitted to the Administrator to provide unique and
innovative solutions to facilitate the development and enhancement of
electronic Government services and processes. The team shall be composed of
employees of the agencies represented on the Council who have expertise in
scientific and technical disciplines that would facilitate the assessment of
the feasibility of the proposals.
`(2) The technical assistance team shall--
`(A) assess the feasibility, scientific and technical merits, and
estimated cost of each proposal; and
`(B) submit each proposal, and the assessment of the proposal, to the
Administrator.
`(3) The technical assistance team shall not consider or evaluate
proposals submitted in response to a solicitation for offers for a pending
procurement or for a specific agency requirement.
`(4) After receiving proposals and assessments from the technical
assistance team, the Administrator shall consider recommending appropriate
proposals for funding under the E-Government Fund established under section
3604 or, if appropriate, forward the proposal and the assessment of it to the
executive agency whose mission most coincides with the subject matter of the
proposal.
`Sec. 3606. E-Government report
`(a) Not later than March 1 of each year, the Director shall submit an
E-Government status report to the Committee on Governmental Affairs of the
Senate and the Committee on Government Reform of the House of
Representatives.
`(b) The report under subsection (a) shall contain--
`(1) a summary of the information reported by agencies under section
202(f) of the E-Government Act of 2002;
`(2) the information required to be reported by section 3604(f);
and
`(3) a description of compliance by the Federal Government with other
goals and provisions of the E-Government Act of 2002.'.
(b) TECHNICAL AND CONFORMING AMENDMENT- The table of chapters for title
44, United States Code, is amended by inserting after the item relating to
chapter 35 the following:
SEC. 102. CONFORMING AMENDMENTS.
(a) ELECTRONIC GOVERNMENT AND INFORMATION TECHNOLOGIES-
(1) IN GENERAL- Chapter 3 of title 40, United States Code, is amended by
inserting after section 304 the following new section:
`Sec. 305. Electronic Government and information technologies
`The Administrator of General Services shall consult with the
Administrator of the Office of Electronic Government on programs undertaken by
the General Services Administration to promote electronic Government and the
efficient use of information technologies by Federal agencies.'.
(2) TECHNICAL AND CONFORMING AMENDMENT- The table of sections for
chapter 3 of such title is amended by inserting after the item relating to
section 304 the following:
`305. Electronic Government and information technologies.'.
(b) MODIFICATION OF DEPUTY DIRECTOR FOR MANAGEMENT FUNCTIONS- Section
503(b) of title 31, United States Code, is amended--
(1) by redesignating paragraphs (5), (6), (7), (8), and (9), as
paragraphs (6), (7), (8), (9), and (10), respectively; and
(2) by inserting after paragraph (4) the following:
`(5) Chair the Chief Information Officers Council established under
section 3603 of title 44.'.
(c) OFFICE OF ELECTRONIC GOVERNMENT-
(1) IN GENERAL- Chapter 5 of title 31, United States Code, is amended by
inserting after section 506 the following:
`Sec. 507. Office of Electronic Government
`The Office of Electronic Government, established under section 3602 of
title 44, is an office in the Office of Management and Budget.'.
(2) TECHNICAL AND CONFORMING AMENDMENT- The table of sections for
chapter 5 of title 31, United States Code, is amended by inserting after the
item relating to section 506 the following:
`507. Office of Electronic Government.'.
SEC. 201. DEFINITIONS.
Except as otherwise provided, in this title the definitions under sections
3502 and 3601 of title 44, United States Code, shall apply.
SEC. 202. FEDERAL AGENCY RESPONSIBILITIES.
(a) IN GENERAL- The head of each agency shall be responsible for--
(1) complying with the requirements of this Act (including the
amendments made by this Act), the related information resource management
policies and guidance established by the Director of the Office of
Management and Budget, and the related information technology standards
promulgated by the Secretary of Commerce;
(2) ensuring that the information resource management policies and
guidance established under this Act by the Director, and the related
information technology standards promulgated by the Secretary of Commerce
are communicated promptly and effectively to all relevant officials within
their agency; and
(3) supporting the efforts of the Director and the Administrator of the
General Services Administration to develop, maintain, and promote an
integrated Internet-based system of delivering Federal Government
information and services to the public under section 204.
(b) PERFORMANCE INTEGRATION-
(1) Agencies shall develop performance measures that demonstrate how
electronic government enables progress toward agency objectives, strategic
goals, and statutory mandates.
(2) In measuring performance under this section, agencies shall rely on
existing data collections to the extent practicable.
(3) Areas of performance measurement that agencies should consider
include--
(A) customer service;
(B) agency productivity; and
(C) adoption of innovative information technology, including the
appropriate use of commercial best practices.
(4) Agencies shall link their performance goals, as appropriate, to key
groups, including citizens, businesses, and other governments, and to
internal Federal Government operations.
(5) As appropriate, agencies shall work collectively in linking their
performance goals to groups identified under paragraph (4) and shall use
information technology in delivering Government information and services to
those groups.
(c) AVOIDING DIMINISHED ACCESS- When promulgating policies and
implementing programs regarding the provision of Government information and
services over the Internet, agency heads shall consider the impact on persons
without access to the Internet, and shall, to the extent practicable--
(1) ensure that the availability of Government information and services
has not been diminished for individuals who lack access to the Internet;
and
(2) pursue alternate modes of delivery that make Government information
and services more accessible to individuals who do not own computers or lack
access to the Internet.
(d) ACCESSIBILITY TO PEOPLE WITH DISABILITIES- All actions taken by
Federal departments and agencies under this Act shall be in compliance with
section 508 of the Rehabilitation Act of 1973 (29 U.S.C. 794d).
(e) SPONSORED ACTIVITIES- Agencies shall sponsor activities that use
information technology to engage the public in the development and
implementation of policies and programs.
(f) CHIEF INFORMATION OFFICERS- The Chief Information Officer of each of
the agencies designated under chapter 36 of title 44, United States Code (as
added by this Act) shall be responsible for--
(1) participating in the functions of the Chief Information Officers
Council; and
(2) monitoring the implementation, within their respective agencies, of
information technology standards promulgated by the Secretary of Commerce,
including common standards for interconnectivity and interoperability,
categorization of Federal Government electronic information, and computer
system efficiency and security.
(g) E-GOVERNMENT STATUS REPORT-
(1) IN GENERAL- Each agency shall compile and submit to the Director an
annual E-Government Status Report on--
(A) the status of the implementation by the agency of electronic
government initiatives;
(B) compliance by the agency with this Act; and
(C) how electronic Government initiatives of the agency improve
performance in delivering programs to constituencies.
(2) SUBMISSION- Each agency shall submit an annual report under this
subsection--
(A) to the Director at such time and in such manner as the Director
requires;
(B) consistent with related reporting requirements; and
(C) which addresses any section in this title relevant to that
agency.
(h) USE OF TECHNOLOGY- Nothing in this Act supersedes the responsibility
of an agency to use or manage information technology to deliver Government
information and services that fulfill the statutory mission and programs of
the agency.
(i) NATIONAL SECURITY SYSTEMS-
(1) INAPPLICABILITY- Except as provided under paragraph (2), this title
does not apply to national security systems as defined in section 11103 of
title 40, United States Code.
(2) APPLICABILITY- This section, section 203, and section 214 do apply
to national security systems to the extent practicable and consistent with
law.
SEC. 203. COMPATIBILITY OF EXECUTIVE AGENCY METHODS FOR USE AND ACCEPTANCE
OF ELECTRONIC SIGNATURES.
(a) PURPOSE- The purpose of this section is to achieve interoperable
implementation of electronic signatures for appropriately secure electronic
transactions with Government.
(b) ELECTRONIC SIGNATURES- In order to fulfill the objectives of the
Government Paperwork Elimination Act (Public Law 105-277; 112 Stat. 2681-749
through 2681-751), each Executive agency (as defined under section 105 of
title 5, United States Code) shall ensure that its methods for use and
acceptance of electronic signatures are compatible with the relevant policies
and procedures issued by the Director.
(c) AUTHORITY FOR ELECTRONIC SIGNATURES- The Administrator of General
Services shall support the Director by establishing a framework to allow
efficient interoperability among Executive agencies when using electronic
signatures, including processing of digital signatures.
(d) AUTHORIZATION OF APPROPRIATIONS- There are authorized to be
appropriated to the General Services Administration, to ensure the development
and operation of a Federal bridge certification authority for digital
signature compatibility, and for other activities consistent with this
section, $8,000,000 or such sums as are necessary in fiscal year 2003, and
such sums as are necessary for each fiscal year thereafter.
SEC. 204. FEDERAL INTERNET PORTAL.
(a) IN GENERAL-
(1) PUBLIC ACCESS- The Director shall work with the Administrator of the
General Services Administration and other agencies to maintain and promote
an integrated Internet-based system of providing the public with access to
Government information and services.
(2) CRITERIA- To the extent practicable, the integrated system shall be
designed and operated according to the following criteria:
(A) The provision of Internet-based Government information and
services directed to key groups, including citizens, business, and other
governments, and integrated according to function or topic rather than
separated according to the boundaries of agency jurisdiction.
(B) An ongoing effort to ensure that Internet-based Government
services relevant to a given citizen activity are available from a single
point.
(C) Access to Federal Government information and services
consolidated, as appropriate, with Internet-based information and services
provided by State, local, and tribal governments.
(D) Access to Federal Government information held by 1 or more
agencies shall be made available in a manner that protects privacy,
consistent with law.
(b) AUTHORIZATION OF APPROPRIATIONS- There are authorized to be
appropriated to the General Services Administration $15,000,000 for the
maintenance, improvement, and promotion of the integrated Internet-based
system for fiscal year 2003, and such sums as are necessary for fiscal years
2004 through 2007.
SEC. 205. FEDERAL COURTS.
(a) INDIVIDUAL COURT WEBSITES- The Chief Justice of the United States, the
chief judge of each circuit and district and of the Court of Federal Claims,
and the chief bankruptcy judge of each district shall cause to be established
and maintained, for the court of which the judge is chief justice or judge, a
website that contains the following information or links to websites with the
following information:
(1) Location and contact information for the courthouse, including the
telephone numbers and contact names for the clerk's office and justices' or
judges' chambers.
(2) Local rules and standing or general orders of the court.
(3) Individual rules, if in existence, of each justice or judge in that
court.
(4) Access to docket information for each case.
(5) Access to the substance of all written opinions issued by the court,
regardless of whether such opinions are to be published in the official
court reporter, in a text searchable format.
(6) Access to documents filed with the courthouse in electronic form, to
the extent provided under subsection (c).
(7) Any other information (including forms in a format that can be
downloaded) that the court determines useful to the public.
(b) MAINTENANCE OF DATA ONLINE-
(1) UPDATE OF INFORMATION- The information and rules on each website
shall be updated regularly and kept reasonably current.
(2) CLOSED CASES- Electronic files and docket information for cases
closed for more than 1 year are not required to be made available online,
except all written opinions with a date of issuance after the effective date
of this section shall remain available online.
(c) ELECTRONIC FILINGS-
(1) IN GENERAL- Except as provided under paragraph (2) or in the rules
prescribed under paragraph (3), each court shall make any document that is
filed electronically publicly available online. A court may convert any
document that is filed in paper form to electronic form. To the extent such
conversions are made, all such electronic versions of the document shall be
made available online.
(2) EXCEPTIONS- Documents that are filed that are not otherwise
available to the public, such as documents filed under seal, shall not be
made available online.
(3) PRIVACY AND SECURITY CONCERNS- (A)(i) The Supreme Court shall
prescribe rules, in accordance with sections 2072 and 2075 of title 28,
United States Code, to protect privacy and security concerns relating to
electronic filing of documents and the public availability under this
subsection of documents filed electronically.
(ii) Such rules shall provide to the extent practicable for uniform
treatment of privacy and security issues throughout the Federal
courts.
(iii) Such rules shall take into consideration best practices in Federal
and State courts to protect private information or otherwise maintain
necessary information security.
(iv) To the extent that such rules provide for the redaction of certain
categories of information in order to protect privacy and security concerns,
such rules shall provide that a party that wishes to file an otherwise
proper document containing such information may file an unredacted document
under seal, which shall be retained by the court as part of the record, and
which, at the discretion of the court and subject to any applicable rules
issued in accordance with chapter 131 of title 28, United States Code, shall
be either in lieu of, or in addition, to, a redacted copy in the public
file.
(B)(i) Subject to clause (ii), the Judicial Conference of the United
States may issue interim rules, and interpretive statements relating to the
application of such rules, which conform to the requirements of this
paragraph and which shall cease to have effect upon the effective date of
the rules required under subparagraph (A).
(ii) Pending issuance of the rules required under subparagraph (A), any
rule or order of any court, or of the Judicial Conference, providing for the
redaction of certain categories of information in order to protect privacy
and security concerns arising from electronic filing shall comply with, and
be construed in conformity with, subparagraph (A)(iv).
(C) Not later than 1 year after the rules prescribed under subparagraph
(A) take effect, and every 2 years thereafter, the Judicial Conference shall
submit to Congress a report on the adequacy of those rules to protect
privacy and security.
(d) DOCKETS WITH LINKS TO DOCUMENTS- The Judicial Conference of the United
States shall explore the feasibility of technology to post online dockets with
links allowing all filings, decisions, and rulings in each case to be obtained
from the docket sheet of that case.
(e) COST OF PROVIDING ELECTRONIC DOCKETING INFORMATION- Section 303(a) of
the Judiciary Appropriations Act, 1992 (28 U.S.C. 1913 note) is amended in the
first sentence by striking `shall hereafter' and inserting `may, only to the
extent necessary,'.
(f) TIME REQUIREMENTS- Not later than 2 years after the effective date of
this title, the websites under subsection (a) shall be established, except
that access to documents filed in electronic form shall be established not
later than 4 years after that effective date.
(g) DEFERRAL-
(1) IN GENERAL-
(A) ELECTION-
(i) NOTIFICATION- The Chief Justice of the United States, a chief
judge, or chief bankruptcy judge may submit a notification to the
Administrative Office of the United States Courts to defer compliance
with any requirement of this section with respect to the Supreme Court,
a court of appeals, district, or the bankruptcy court of a
district.
(ii) CONTENTS- A notification submitted under this subparagraph
shall state--
(I) the reasons for the deferral; and
(II) the online methods, if any, or any alternative methods, such
court or district is using to provide greater public access to
information.
(B) EXCEPTION- To the extent that the Supreme Court, a court of
appeals, district, or bankruptcy court of a district maintains a website
under subsection (a), the Supreme Court or that court of appeals or
district shall comply with subsection (b)(1).
(2) REPORT- Not later than 1 year after the effective date of this
title, and every year thereafter, the Judicial Conference of the United
States shall submit a report to the Committees on Governmental Affairs and
the Judiciary of the Senate and the Committees on Government Reform and the
Judiciary of the House of Representatives that--
(A) contains all notifications submitted to the Administrative Office
of the United States Courts under this subsection; and
(B) summarizes and evaluates all notifications.
SEC. 206. REGULATORY AGENCIES.
(a) PURPOSES- The purposes of this section are to--
(1) improve performance in the development and issuance of agency
regulations by using information technology to increase access,
accountability, and transparency; and
(2) enhance public participation in Government by electronic means,
consistent with requirements under subchapter II of chapter 5 of title 5,
United States Code, (commonly referred to as the `Administrative Procedures
Act').
(b) INFORMATION PROVIDED BY AGENCIES ONLINE- To the extent practicable as
determined by the agency in consultation with the Director, each agency (as
defined under section 551 of title 5, United States Code) shall ensure that a
publicly accessible Federal Government website includes all information about
that agency required to be published in the Federal Register under paragraphs
(1) and (2) of section 552(a) of title 5, United States Code.
(c) SUBMISSIONS BY ELECTRONIC MEANS- To the extent practicable, agencies
shall accept submissions under section 553(c) of title 5, United States Code,
by electronic means.
(d) ELECTRONIC DOCKETING-
(1) IN GENERAL- To the extent practicable, as determined by the agency
in consultation with the Director, agencies shall ensure that a publicly
accessible Federal Government website contains electronic dockets for
rulemakings under section 553 of title 5, United States Code.
(2) INFORMATION AVAILABLE- Agency electronic dockets shall make publicly
available online to the extent practicable, as determined by the agency in
consultation with the Director--
(A) all submissions under section 553(c) of title 5, United States
Code; and
(B) other materials that by agency rule or practice are included in
the rulemaking docket under section 553(c) of title 5, United States Code,
whether or not submitted electronically.
(e) TIME LIMITATION- Agencies shall implement the requirements of this
section consistent with a timetable established by the Director and reported
to Congress in the first annual report under section 3606 of title 44 (as
added by this Act).
SEC. 207. ACCESSIBILITY, USABILITY, AND PRESERVATION OF GOVERNMENT
INFORMATION.
(a) PURPOSE- The purpose of this section is to improve the methods by
which Government information, including information on the Internet, is
organized, preserved, and made accessible to the public.
(b) DEFINITIONS- In this section, the term--
(1) `Committee' means the Interagency Committee on Government
Information established under subsection (c); and
(2) `directory' means a taxonomy of subjects linked to websites
that--
(A) organizes Government information on the Internet according to
subject matter; and
(B) may be created with the participation of human editors.
(c) INTERAGENCY COMMITTEE-
(1) ESTABLISHMENT- Not later than 180 days after the date of enactment
of this title, the Director shall establish the Interagency Committee on
Government Information.
(2) MEMBERSHIP- The Committee shall be chaired by the Director or the
designee of the Director and--
(A) shall include representatives from--
(i) the National Archives and Records Administration;
(ii) the offices of the Chief Information Officers from Federal
agencies; and
(iii) other relevant officers from the executive branch;
and
(B) may include representatives from the Federal legislative and
judicial branches.
(3) FUNCTIONS- The Committee shall--
(A) engage in public consultation to the maximum extent feasible,
including consultation with interested communities such as public advocacy
organizations;
(B) conduct studies and submit recommendations, as provided under this
section, to the Director and Congress; and
(C) share effective practices for access to, dissemination of, and
retention of Federal information.
(4) TERMINATION- The Committee may be terminated on a date determined by
the Director, except the Committee may not terminate before the Committee
submits all recommendations required under this section.
(d) CATEGORIZING OF INFORMATION-
(1) COMMITTEE FUNCTIONS- Not later than 2 years after the date of
enactment of this Act, the Committee shall submit recommendations to the
Director on--
(A) the adoption of standards, which are open to the maximum extent
feasible, to enable the organization and categorization of Government
information--
(i) in a way that is searchable electronically, including by
searchable identifiers; and
(iii) in ways that are interoperable across agencies;
(B) the definition of categories of Government information which
should be classified under the standards; and
(C) determining priorities and developing schedules for the initial
implementation of the standards by agencies.
(2) FUNCTIONS OF THE DIRECTOR- Not later than 1 year after the
submission of recommendations under paragraph (1), the Director shall issue
policies--
(A) requiring that agencies use standards, which are open to the
maximum extent feasible, to enable the organization and categorization of
Government information--
(i) in a way that is searchable electronically, including by
searchable identifiers;
(ii) in ways that are interoperable across agencies; and
(iii) that are, as appropriate, consistent with the provisions under
section 3602(f)(8) of title 44, United States Code;
(B) defining categories of Government information which shall be
required to be classified under the standards; and
(C) determining priorities and developing schedules for the initial
implementation of the standards by agencies.
(3) MODIFICATION OF POLICIES- After the submission of agency reports
under paragraph (4), the Director shall modify the policies, as needed, in
consultation with the Committee and interested parties.
(4) AGENCY FUNCTIONS- Each agency shall report annually to the Director,
in the report established under section 202(g), on compliance of that agency
with the policies issued under paragraph (2)(A).
(e) PUBLIC ACCESS TO ELECTRONIC INFORMATION-
(1) COMMITTEE FUNCTIONS- Not later than 2 years after the date of
enactment of this Act, the Committee shall submit recommendations to the
Director and the Archivist of the United States on--
(A) the adoption by agencies of policies and procedures to ensure that
chapters 21, 25, 27, 29, and 31 of title 44, United States Code, are
applied effectively and comprehensively to Government information on the
Internet and to other electronic records; and
(B) the imposition of timetables for the implementation of the
policies and procedures by agencies.
(2) FUNCTIONS OF THE ARCHIVIST- Not later than 1 year after the
submission of recommendations by the Committee under paragraph (1), the
Archivist of the United States shall issue policies--
(A) requiring the adoption by agencies of policies and procedures to
ensure that chapters 21, 25, 27, 29, and 31 of title 44, United States
Code, are applied effectively and comprehensively to Government
information on the Internet and to other electronic records; and
(B) imposing timetables for the implementation of the policies,
procedures, and technologies by agencies.
(3) MODIFICATION OF POLICIES- After the submission of agency reports
under paragraph (4), the Archivist of the United States shall modify the
policies, as needed, in consultation with the Committee and interested
parties.
(4) AGENCY FUNCTIONS- Each agency shall report annually to the Director,
in the report established under section 202(g), on compliance of that agency
with the policies issued under paragraph (2)(A).
(f) AGENCY WEBSITES-
(1) STANDARDS FOR AGENCY WEBSITES- Not later than 2 years after the
effective date of this title, the Director shall promulgate guidance for
agency websites that includes--
(A) requirements that websites include direct links to--
(i) descriptions of the mission and statutory authority of the
agency;
(ii) information made available to the public under subsections
(a)(1) and (b) of section 552 of title 5, United States Code (commonly
referred to as the `Freedom of Information Act');
(iii) information about the organizational structure of the agency;
and
(iv) the strategic plan of the agency developed under section 306 of
title 5, United States Code; and
(B) minimum agency goals to assist public users to navigate agency
websites, including--
(i) speed of retrieval of search results;
(ii) the relevance of the results;
(iii) tools to aggregate and disaggregate data; and
(iv) security protocols to protect information.
(2) AGENCY REQUIREMENTS- (A) Not later than 2 years after the date of
enactment of this Act, each agency shall--
(i) consult with the Committee and solicit public comment;
(ii) establish a process for determining which Government information
the agency intends to make available and accessible to the public on the
Internet and by other means;
(iii) develop priorities and schedules for making Government
information available and accessible;
(iv) make such final determinations, priorities, and schedules
available for public comment;
(v) post such final determinations, priorities, and schedules on the
Internet; and
(vi) submit such final determinations, priorities, and schedules to
the Director, in the report established under section 202(g).
(B) Each agency shall update determinations, priorities, and schedules
of the agency, as needed, after consulting with the Committee and soliciting
public comment, if appropriate.
(3) PUBLIC DOMAIN DIRECTORY OF PUBLIC FEDERAL GOVERNMENT WEBSITES-
(A) ESTABLISHMENT- Not later than 2 years after the effective date of
this title, the Director and each agency shall--
(i) develop and establish a public domain directory of public
Federal Government websites; and
(ii) post the directory on the Internet with a link to the
integrated Internet-based system established under section
204.
(B) DEVELOPMENT- With the assistance of each agency, the Director
shall--
(i) direct the development of the directory through a collaborative
effort, including input from--
(I) agency librarians;
(II) information technology managers;
(III) program managers;
(IV) records managers;
(V) Federal depository librarians; and
(VI) other interested parties; and
(ii) develop a public domain taxonomy of subjects used to review and
categorize public Federal Government websites.
(C) UPDATE- With the assistance of each agency, the Administrator of
the Office of Electronic Government shall--
(i) update the directory as necessary, but not less than every 6
months; and
(ii) solicit interested persons for improvements to the
directory.
(g) ACCESS TO FEDERALLY FUNDED RESEARCH AND DEVELOPMENT-
(1) DEVELOPMENT AND MAINTENANCE OF GOVERNMENTWIDE REPOSITORY AND
WEBSITE-
(A) REPOSITORY AND WEBSITE- The Director of the Office of Management
and Budget (or the Director's delegate), in consultation with the Director
of the Office of Science and Technology Policy and other relevant
agencies, shall ensure the development and maintenance of--
(i) a repository that fully integrates, to the maximum extent
feasible, information about research and development funded by the
Federal Government, and the repository shall--
(I) include information about research and development funded by
the Federal Government, consistent with any relevant protections for
the information under section 552 of title 5, United States Code, and
performed by--
(II) integrate information about each separate research and
development task or award, including--
(ii) 1 or more websites upon which all or part of the repository of
Federal research and development shall be made available to and
searchable by Federal agencies and non-Federal entities, including the
general public, to facilitate--
(I) the coordination of Federal research and development
activities;
(II) collaboration among those conducting Federal research and
development;
(III) the transfer of technology among Federal agencies and
between Federal agencies and non-Federal entities; and
(IV) access by policymakers and the public to information
concerning Federal research and development activities.
(B) OVERSIGHT- The Director of the Office of Management and Budget
shall issue any guidance determined necessary to ensure that agencies
provide all information requested under this subsection.
(2) AGENCY FUNCTIONS- Any agency that funds Federal research and
development under this subsection shall provide the information required to
populate the repository in the manner prescribed by the Director of the
Office of Management and Budget.
(3) COMMITTEE FUNCTIONS- Not later than 18 months after the date of
enactment of this Act, working with the Director of the Office of Science
and Technology Policy, and after consultation with interested parties, the
Committee shall submit recommendations to the Director on--
(A) policies to improve agency reporting of information for the
repository established under this subsection; and
(B) policies to improve dissemination of the results of research
performed by Federal agencies and federally funded research and
development centers.
(4) FUNCTIONS OF THE DIRECTOR- After submission of recommendations by
the Committee under paragraph (3), the Director shall report on the
recommendations of the Committee and Director to Congress, in the
E-Government report under section 3606 of title 44 (as added by this
Act).
(5) AUTHORIZATION OF APPROPRIATIONS- There are authorized to be
appropriated for the development, maintenance, and operation of the
Governmentwide repository and website under this subsection--
(A) $2,000,000 in each of the fiscal years 2003 through 2005;
and
(B) such sums as are necessary in each of the fiscal years 2006 and
2007.
SEC. 208. PRIVACY PROVISIONS.
(a) PURPOSE- The purpose of this section is to ensure sufficient
protections for the privacy of personal information as agencies implement
citizen-centered electronic Government.
(b) PRIVACY IMPACT ASSESSMENTS-
(1) RESPONSIBILITIES OF AGENCIES-
(A) IN GENERAL- An agency shall take actions described under
subparagraph (B) before--
(i) developing or procuring information technology that collects,
maintains, or disseminates information that is in an identifiable form;
or
(ii) initiating a new collection of information that--
(I) will be collected, maintained, or disseminated using
information technology; and
(II) includes any information in an identifiable form permitting
the physical or online contacting of a specific individual, if
identical questions have been posed to, or identical reporting
requirements imposed on, 10 or more persons, other than agencies,
instrumentalities, or employees of the Federal
Government.
(B) AGENCY ACTIVITIES- To the extent required under subparagraph (A),
each agency shall--
(i) conduct a privacy impact assessment;
(ii) ensure the review of the privacy impact assessment by the Chief
Information Officer, or equivalent official, as determined by the head
of the agency; and
(iii) if practicable, after completion of the review under clause
(ii), make the privacy impact assessment publicly available through the
website of the agency, publication in the Federal Register, or other
means.
(C) SENSITIVE INFORMATION- Subparagraph (B)(iii) may be modified or
waived for security reasons, or to protect classified, sensitive, or
private information contained in an assessment.
(D) COPY TO DIRECTOR- Agencies shall provide the Director with a copy
of the privacy impact assessment for each system for which funding is
requested.
(2) CONTENTS OF A PRIVACY IMPACT ASSESSMENT-
(A) IN GENERAL- The Director shall issue guidance to agencies
specifying the required contents of a privacy impact assessment.
(B) GUIDANCE- The guidance shall--
(i) ensure that a privacy impact assessment is commensurate with the
size of the information system being assessed, the sensitivity of
information that is in an identifiable form in that system, and the risk
of harm from unauthorized release of that information; and
(ii) require that a privacy impact assessment address--
(I) what information is to be collected;
(II) why the information is being collected;
(III) the intended use of the agency of the
information;
(IV) with whom the information will be shared;
(V) what notice or opportunities for consent would be provided to
individuals regarding what information is collected and how that
information is shared;
(VI) how the information will be secured; and
(VII) whether a system of records is being created under section
552a of title 5, United States Code, (commonly referred to as the
`Privacy Act').
(3) RESPONSIBILITIES OF THE DIRECTOR- The Director shall--
(A) develop policies and guidelines for agencies on the conduct of
privacy impact assessments;
(B) oversee the implementation of the privacy impact assessment
process throughout the Government; and
(C) require agencies to conduct privacy impact assessments of existing
information systems or ongoing collections of information that is in an
identifiable form as the Director determines appropriate.
(c) PRIVACY PROTECTIONS ON AGENCY WEBSITES-
(1) PRIVACY POLICIES ON WEBSITES-
(A) GUIDELINES FOR NOTICES- The Director shall develop guidance for
privacy notices on agency websites used by the public.
(B) CONTENTS- The guidance shall require that a privacy notice
address, consistent with section 552a of title 5, United States
Code--
(i) what information is to be collected;
(ii) why the information is being collected;
(iii) the intended use of the agency of the information;
(iv) with whom the information will be shared;
(v) what notice or opportunities for consent would be provided to
individuals regarding what information is collected and how that
information is shared;
(vi) how the information will be secured; and
(vii) the rights of the individual under section 552a of title 5,
United States Code (commonly referred to as the `Privacy Act'), and
other laws relevant to the protection of the privacy of an
individual.
(2) PRIVACY POLICIES IN MACHINE-READABLE FORMATS- The Director shall
issue guidance requiring agencies to translate privacy policies into a
standardized machine-readable format.
(d) DEFINITION- In this section, the term `identifiable form' means any
representation of information that permits the identity of an individual to
whom the information applies to be reasonably inferred by either direct or
indirect means.
SEC. 209. FEDERAL INFORMATION TECHNOLOGY WORKFORCE DEVELOPMENT.
(a) PURPOSE- The purpose of this section is to improve the skills of the
Federal workforce in using information technology to deliver Government
information and services.
(b) WORKFORCE DEVELOPMENT-
(1) IN GENERAL- In consultation with the Director of the Office of
Management and Budget, the Chief Information Officers Council, and the
Administrator of General Services, the Director of the Office of Personnel
Management shall--
(A) analyze, on an ongoing basis, the personnel needs of the Federal
Government related to information technology and information resource
management;
(B) identify where current information technology and information
resource management training do not satisfy the personnel needs described
in subparagraph (A);
(C) oversee the development of curricula, training methods, and
training priorities that correspond to the projected personnel needs of
the Federal Government related to information technology and information
resource management; and
(D) assess the training of Federal employees in information technology
disciplines in order to ensure that the information resource management
needs of the Federal Government are addressed.
(2) INFORMATION TECHNOLOGY TRAINING PROGRAMS- The head of each Executive
agency, after consultation with the Director of the Office of Personnel
Management, the Chief Information Officers Council, and the Administrator of
General Services, shall establish and operate information technology
training programs consistent with the requirements of this subsection. Such
programs shall--
(A) have curricula covering a broad range of information technology
disciplines corresponding to the specific information technology and
information resource management needs of the agency involved;
(B) be developed and applied according to rigorous standards;
and
(C) be designed to maximize efficiency, through the use of self-paced
courses, online courses, on-the-job training, and the use of remote
instructors, wherever such features can be applied without reducing the
effectiveness of the training or negatively impacting academic
standards.
(3) GOVERNMENTWIDE POLICIES AND EVALUATION- The Director of the Office
of Personnel Management, in coordination with the Director of the Office of
Management and Budget, shall issue policies to promote the development of
performance standards for training and uniform implementation of this
subsection by Executive agencies, with due regard for differences in program
requirements among agencies that may be appropriate and warranted in view of
the agency mission. The Director of the Office of Personnel Management shall
evaluate the implementation of the provisions of this subsection by
Executive agencies.
(4) CHIEF INFORMATION OFFICER AUTHORITIES AND RESPONSIBILITIES- Subject
to the authority, direction, and control of the head of an Executive agency,
the chief information officer of such agency shall carry out all powers,
functions, and duties of the head of the agency with respect to
implementation of this subsection. The chief information officer shall
ensure that the policies of the agency head established in accordance with
this subsection are implemented throughout the agency.
(5) INFORMATION TECHNOLOGY TRAINING REPORTING- The Director of the
Office of Management and Budget shall ensure that the heads of Executive
agencies collect and maintain standardized information on the information
technology and information resources management workforce related to the
implementation of this subsection.
(6) AUTHORITY TO DETAIL EMPLOYEES TO NON-FEDERAL EMPLOYERS- In carrying
out the preceding provisions of this subsection, the Director of the Office
of Personnel Management may provide for a program under which a Federal
employee may be detailed to a non-Federal employer. The Director of the
Office of Personnel Management shall prescribe regulations for such program,
including the conditions for service and duties as the Director considers
necessary.
(7) COORDINATION PROVISION- An assignment described in section 3703 of
title 5, United States Code, may not be made unless a program under
paragraph (6) is established, and the assignment is made in accordance with
the requirements of such program.
(8) EMPLOYEE PARTICIPATION- Subject to information resource management
needs and the limitations imposed by resource needs in other occupational
areas, and consistent with their overall workforce development strategies,
agencies shall encourage employees to participate in occupational
information technology training.
(9) AUTHORIZATION OF APPROPRIATIONS- There are authorized to be
appropriated to the Office of Personnel Management for the implementation of
this subsection, $15,000,000 in fiscal year 2003, and such sums as are
necessary for each fiscal year thereafter.
(10) EXECUTIVE AGENCY DEFINED- For purposes of this subsection, the term
`Executive agency' has the meaning given the term `agency' under section
3701 of title 5, United States Code (as added by subsection (c)).
(c) INFORMATION TECHNOLOGY EXCHANGE PROGRAM-
(1) IN GENERAL- Subpart B of part III of title 5, United States Code, is
amended by adding at the end the following:
`CHAPTER 37--INFORMATION TECHNOLOGY EXCHANGE PROGRAM
`Sec.
`3701. Definitions.
`3702. General provisions.
`3703. Assignment of employees to private sector organizations.
`3704. Assignment of employees from private sector organizations.
`3705. Application to Office of the Chief Technology Officer of the
District of Columbia.
`3706. Reporting requirement.
`3707. Regulations.
`Sec. 3701. Definitions
`For purposes of this chapter--
`(1) the term `agency' means an Executive agency, but does not include
the General Accounting Office; and
`(2) the term `detail' means--
`(A) the assignment or loan of an employee of an agency to a private
sector organization without a change of position from the agency that
employs the individual, or
`(B) the assignment or loan of an employee of a private sector
organization to an agency without a change of position from the private
sector organization that employs the individual,
whichever is appropriate in the context in which such term is
used.
`Sec. 3702. General provisions
`(a) ASSIGNMENT AUTHORITY- On request from or with the agreement of a
private sector organization, and with the consent of the employee concerned,
the head of an agency may arrange for the assignment of an employee of the
agency to a private sector organization or an employee of a private sector
organization to the agency. An eligible employee is an individual who--
`(1) works in the field of information technology management;
`(2) is considered an exceptional performer by the individual's current
employer; and
`(3) is expected to assume increased information technology management
responsibilities in the future.
An employee of an agency shall be eligible to participate in this program
only if the employee is employed at the GS-11 level or above (or equivalent)
and is serving under a career or career-conditional appointment or an
appointment of equivalent tenure in the excepted service, and applicable
requirements of section 209(b) of the E-Government Act of 2002 are met with
respect to the proposed assignment of such employee.
`(b) AGREEMENTS- Each agency that exercises its authority under this
chapter shall provide for a written agreement between the agency and the
employee concerned regarding the terms and conditions of the employee's
assignment. In the case of an employee of the agency, the agreement shall--
`(1) require the employee to serve in the civil service, upon completion
of the assignment, for a period equal to the length of the assignment;
and
`(2) provide that, in the event the employee fails to carry out the
agreement (except for good and sufficient reason, as determined by the head
of the agency from which assigned) the employee shall be liable to the
United States for payment of all expenses of the assignment.
An amount under paragraph (2) shall be treated as a debt due the United
States.
`(c) TERMINATION- Assignments may be terminated by the agency or private
sector organization concerned for any reason at any time.
`(d) DURATION- Assignments under this chapter shall be for a period of
between 3 months and 1 year, and may be extended in 3-month increments for a
total of not more than 1 additional year, except that no assignment under this
chapter may commence after the end of the 5-year period beginning on the date
of the enactment of this chapter.
`(e) ASSISTANCE- The Chief Information Officers Council, by agreement with
the Office of Personnel Management, may assist in the administration of this
chapter, including by maintaining lists of potential candidates for assignment
under this chapter, establishing mentoring relationships for the benefit of
individuals who are given assignments under this chapter, and publicizing the
program.
`(f) CONSIDERATIONS- In exercising any authority under this chapter, an
agency shall take into consideration--
`(1) the need to ensure that small business concerns are appropriately
represented with respect to the assignments described in sections 3703 and
3704, respectively; and
`(2) how assignments described in section 3703 might best be used to
help meet the needs of the agency for the training of employees in
information technology management.
`Sec. 3703. Assignment of employees to private sector organizations
`(a) IN GENERAL- An employee of an agency assigned to a private sector
organization under this chapter is deemed, during the period of the
assignment, to be on detail to a regular work assignment in his agency.
`(b) COORDINATION WITH CHAPTER 81- Notwithstanding any other provision of
law, an employee of an agency assigned to a private sector organization under
this chapter is entitled to retain coverage, rights, and benefits under
subchapter I of chapter 81, and employment during the assignment is deemed
employment by the United States, except that, if the employee or the
employee's dependents receive from the private sector organization any payment
under an insurance policy for which the premium is wholly paid by the private
sector organization, or other benefit of any kind on account of the same
injury or death, then, the amount of such payment or benefit shall be credited
against any compensation otherwise payable under subchapter I of chapter
81.
`(c) REIMBURSEMENTS- The assignment of an employee to a private sector
organization under this chapter may be made with or without reimbursement by
the private sector organization for the travel and transportation expenses to
or from the place of assignment, subject to the same terms and conditions as
apply with respect to an employee of a Federal agency or a State or local
government under section 3375, and for the pay, or a part thereof, of the
employee during assignment. Any reimbursements shall be credited to the
appropriation of the agency used for paying the travel and transportation
expenses or pay.
`(d) TORT LIABILITY; SUPERVISION- The Federal Tort Claims Act and any
other Federal tort liability statute apply to an employee of an agency
assigned to a private sector organization under this chapter. The supervision
of the duties of an employee of an agency so assigned to a private sector
organization may be governed by an agreement between the agency and the
organization.
`(e) SMALL BUSINESS CONCERNS-
`(1) IN GENERAL- The head of each agency shall take such actions as may
be necessary to ensure that, of the assignments made under this chapter from
such agency to private sector organizations in each year, at least 20
percent are to small business concerns.
`(2) DEFINITIONS- For purposes of this subsection--
`(A) the term `small business concern' means a business concern that
satisfies the definitions and standards specified by the Administrator of
the Small Business Administration under section 3(a)(2) of the Small
Business Act (as from time to time amended by the Administrator);
`(B) the term `year' refers to the 12-month period beginning on the
date of the enactment of this chapter, and each succeeding 12-month period
in which any assignments under this chapter may be made; and
`(C) the assignments `made' in a year are those commencing in such
year.
`(3) REPORTING REQUIREMENT- An agency which fails to comply with
paragraph (1) in a year shall, within 90 days after the end of such year,
submit a report to the Committees on Government Reform and Small Business of
the House of Representatives and the Committees on Governmental Affairs and
Small Business of the Senate. The report shall include--
`(A) the total number of assignments made under this chapter from such
agency to private sector organizations in the year;
`(B) of that total number, the number (and percentage) made to small
business concerns; and
`(C) the reasons for the agency's noncompliance with paragraph
(1).
`(4) EXCLUSION- This subsection shall not apply to an agency in any year
in which it makes fewer than 5 assignments under this chapter to private
sector organizations.
`Sec. 3704. Assignment of employees from private sector organizations
`(a) IN GENERAL- An employee of a private sector organization assigned to
an agency under this chapter is deemed, during the period of the assignment,
to be on detail to such agency.
`(b) TERMS AND CONDITIONS- An employee of a private sector organization
assigned to an agency under this chapter--
`(1) may continue to receive pay and benefits from the private sector
organization from which he is assigned;
`(2) is deemed, notwithstanding subsection (a), to be an employee of the
agency for the purposes of--
`(A) chapter 73;
`(B) sections 201, 203, 205, 207, 208, 209, 603, 606, 607, 643, 654,
1905, and 1913 of title 18;
`(C) sections 1343, 1344, and 1349(b) of title 31;
`(D) the Federal Tort Claims Act and any other Federal tort liability
statute;
`(E) the Ethics in Government Act of 1978;
`(F) section 1043 of the Internal Revenue Code of 1986; and
`(G) section 27 of the Office of Federal Procurement Policy
Act;
`(3) may not have access to any trade secrets or to any other nonpublic
information which is of commercial value to the private sector organization
from which he is assigned; and
`(4) is subject to such regulations as the President may
prescribe.
The supervision of an employee of a private sector organization assigned
to an agency under this chapter may be governed by agreement between the
agency and the private sector organization concerned. Such an assignment may
be made with or without reimbursement by the agency for the pay, or a part
thereof, of the employee during the period of assignment, or for any
contribution of the private sector organization to employee benefit
systems.
`(c) COORDINATION WITH CHAPTER 81- An employee of a private sector
organization assigned to an agency under this chapter who suffers disability
or dies as a result of personal injury sustained while performing duties
during the assignment shall be treated, for the purpose of subchapter I of
chapter 81, as an employee as defined by section 8101 who had sustained the
injury in the performance of duty, except that, if the employee or the
employee's dependents receive from the private sector organization any payment
under an insurance policy for which the premium is wholly paid by the private
sector organization, or other benefit of any kind on account of the same
injury or death, then, the amount of such payment or benefit shall be credited
against any compensation otherwise payable under subchapter I of chapter
81.
`(d) PROHIBITION AGAINST CHARGING CERTAIN COSTS TO THE FEDERAL GOVERNMENT-
A private sector organization may not charge the Federal Government, as direct
or indirect costs under a Federal contract, the costs of pay or benefits paid
by the organization to an employee assigned to an agency under this chapter
for the period of the assignment.
`Sec. 3705. Application to Office of the Chief Technology Officer of the
District of Columbia
`(a) IN GENERAL- The Chief Technology Officer of the District of Columbia
may arrange for the assignment of an employee of the Office of the Chief
Technology Officer to a private sector organization, or an employee of a
private sector organization to such Office, in the same manner as the head of
an agency under this chapter.
`(b) TERMS AND CONDITIONS- An assignment made pursuant to subsection (a)
shall be subject to the same terms and conditions as an assignment made by the
head of an agency under this chapter, except that in applying such terms and
conditions to an assignment made pursuant to subsection (a), any reference in
this chapter to a provision of law or regulation of the United States shall be
deemed to be a reference to the applicable provision of law or regulation of
the District of Columbia, including the applicable provisions of the District
of Columbia Government Comprehensive Merit Personnel Act of 1978 (sec.
1-601.01 et seq., D.C. Official Code) and section 601 of the District of
Columbia Campaign Finance Reform and Conflict of Interest Act (sec. 1-1106.01,
D.C. Official Code).
`(c) DEFINITION- For purposes of this section, the term `Office of the
Chief Technology Officer' means the office established in the executive branch
of the government of the District of Columbia under the Office of the Chief
Technology Officer Establishment Act of 1998 (sec. 1-1401 et seq., D.C.
Official Code).
`Sec. 3706. Reporting requirement
`(a) IN GENERAL- The Office of Personnel Management shall, not later than
April 30 and October 31 of each year, prepare and submit to the Committee on
Government Reform of the House of Representatives and the Committee on
Governmental Affairs of the Senate a semiannual report summarizing the
operation of this chapter during the immediately preceding 6-month period
ending on March 31 and September 30, respectively.
`(b) CONTENT- Each report shall include, with respect to the 6-month
period to which such report relates--
`(1) the total number of individuals assigned to, and the total number
of individuals assigned from, each agency during such period;
`(2) a brief description of each assignment included under paragraph
(1), including--
`(A) the name of the assigned individual, as well as the private
sector organization and the agency (including the specific bureau or other
agency component) to or from which such individual was assigned;
`(B) the respective positions to and from which the individual was
assigned, including the duties and responsibilities and the pay grade or
level associated with each; and
`(C) the duration and objectives of the individual's assignment;
and
`(3) such other information as the Office considers appropriate.
`(c) PUBLICATION- A copy of each report submitted under subsection
(a)--
`(1) shall be published in the Federal Register; and
`(2) shall be made publicly available on the Internet.
`(d) AGENCY COOPERATION- On request of the Office, agencies shall furnish
such information and reports as the Office may require in order to carry out
this section.
`Sec. 3707. Regulations
`The Director of the Office of Personnel Management shall prescribe
regulations for the administration of this chapter.'.
(2) REPORT- Not later than 4 years after the date of the enactment of
this Act, the General Accounting Office shall prepare and submit to the
Committee on Government Reform of the House of Representatives and the
Committee on Governmental Affairs of the Senate a report on the operation of
chapter 37 of title 5, United States Code (as added by this subsection).
Such report shall include--
(A) an evaluation of the effectiveness of the program established by
such chapter; and
(B) a recommendation as to whether such program should be continued
(with or without modification) or allowed to lapse.
(3) CLERICAL AMENDMENT- The analysis for part III of title 5, United
States Code, is amended by inserting after the item relating to chapter 35
the following:
(d) ETHICS PROVISIONS-
(1) ONE-YEAR RESTRICTION ON CERTAIN COMMUNICATIONS- Section 207(c)(2)(A)
of title 18, United States Code, is amended--
(A) by striking `or' at the end of clause (iii);
(B) by striking the period at the end of clause (iv) and inserting `;
or'; and
(C) by adding at the end the following:
`(v) assigned from a private sector organization to an agency under
chapter 37 of title 5.'.
(2) DISCLOSURE OF CONFIDENTIAL INFORMATION- Section 1905 of title 18,
United States Code, is amended by inserting `or being an employee of a
private sector organization who is or was assigned to an agency under
chapter 37 of title 5,' after `(15 U.S.C. 1311-1314),'.
(3) CONTRACT ADVICE- Section 207 of title 18, United States Code, is
amended by adding at the end the following:
`(l) CONTRACT ADVICE BY FORMER DETAILS- Whoever, being an employee of a
private sector organization assigned to an agency under chapter 37 of title 5,
within one year after the end of that assignment, knowingly represents or
aids, counsels, or assists in representing any other person (except the United
States) in connection with any contract with that agency shall be punished as
provided in section 216 of this title.'.
(4) RESTRICTION ON DISCLOSURE OF PROCUREMENT INFORMATION- Section 27 of
the Office of Federal Procurement Policy Act (41 U.S.C. 423) is amended in
subsection (a)(1) by adding at the end the following new sentence: `In the
case of an employee of a private sector organization assigned to an agency
under chapter 37 of title 5, United States Code, in addition to the
restriction in the preceding sentence, such employee shall not, other than
as provided by law, knowingly disclose contractor bid or proposal
information or source selection information during the three-year period
after the end of the assignment of such employee.'.
(e) REPORT ON EXISTING EXCHANGE PROGRAMS-
(1) EXCHANGE PROGRAM DEFINED- For purposes of this subsection, the term
`exchange program' means an executive exchange program, the program under
subchapter VI of chapter 33 of title 5, United States Code, and any other
program which allows for--
(A) the assignment of employees of the Federal Government to
non-Federal employers;
(B) the assignment of employees of non-Federal employers to the
Federal Government; or
(C) both.
(2) REPORTING REQUIREMENT- Not later than 1 year after the date of the
enactment of this Act, the Office of Personnel Management shall prepare and
submit to the Committee on Government Reform of the House of Representatives
and the Committee on Governmental Affairs of the Senate a report identifying
all existing exchange programs.
(3) SPECIFIC INFORMATION- The report shall, for each such program,
include--
(A) a brief description of the program, including its size,
eligibility requirements, and terms or conditions for
participation;
(B) specific citation to the law or other authority under which the
program is established;
(C) the names of persons to contact for more information, and how they
may be reached; and
(D) any other information which the Office considers
appropriate.
(f) REPORT ON THE ESTABLISHMENT OF A GOVERNMENTWIDE INFORMATION TECHNOLOGY
TRAINING PROGRAM-
(1) IN GENERAL- Not later January 1, 2003, the Office of Personnel
Management, in consultation with the Chief Information Officers Council and
the Administrator of General Services, shall review and submit to the
Committee on Government Reform of the House of Representatives and the
Committee on Governmental Affairs of the Senate a written report on the
following:
(A) The adequacy of any existing information technology training
programs available to Federal employees on a Governmentwide
basis.
(B)(i) If one or more such programs already exist, recommendations as
to how they might be improved.
(ii) If no such program yet exists, recommendations as to how such a
program might be designed and established.
(C) With respect to any recommendations under subparagraph (B), how
the program under chapter 37 of title 5, United States Code, might be used
to help carry them out.
(2) COST ESTIMATE- The report shall, for any recommended program (or
improvements) under paragraph (1)(B), include the estimated costs associated
with the implementation and operation of such program as so established (or
estimated difference in costs of any such program as so improved).
(g) TECHNICAL AND CONFORMING AMENDMENTS-
(1) AMENDMENTS TO TITLE 5, UNITED STATES CODE- Title 5, United States
Code, is amended--
(A) in section 3111, by adding at the end the following:
`(d) Notwithstanding section 1342 of title 31, the head of an agency may
accept voluntary service for the United States under chapter 37 of this title
and regulations of the Office of Personnel Management.';
(B) in section 4108, by striking subsection (d); and
(C) in section 7353(b), by adding at the end the following:
`(4) Nothing in this section precludes an employee of a private sector
organization, while assigned to an agency under chapter 37, from continuing to
receive pay and benefits from such organization in accordance with such
chapter.'.
(2) AMENDMENT TO TITLE 18, UNITED STATES CODE- Section 209 of title 18,
United States Code, is amended by adding at the end the following:
`(g)(1) This section does not prohibit an employee of a private sector
organization, while assigned to an agency under chapter 37 of title 5, from
continuing to receive pay and benefits from such organization in accordance
with such chapter.
`(2) For purposes of this subsection, the term `agency' means an agency
(as defined by section 3701 of title 5) and the Office of the Chief Technology
Officer of the District of Columbia.'.
(3) OTHER AMENDMENTS- Section 125(c)(1) of Public Law 100-238 (5 U.S.C.
8432 note) is amended--
(A) in subparagraph (B), by striking `or' at the end;
(B) in subparagraph (C), by striking `and' at the end and inserting
`or'; and
(C) by adding at the end the following:
`(D) an individual assigned from a Federal agency to a private sector
organization under chapter 37 of title 5, United States Code;
and'.
SEC. 210. SHARE-IN-SAVINGS INITIATIVES.
(a) DEFENSE CONTRACTS- (1) Chapter 137 of title 10, United States Code, is
amended by adding at the end the following new section:
`Sec. 2332. Share-in-savings contracts
`(a) AUTHORITY TO ENTER INTO SHARE-IN-SAVINGS CONTRACTS- (1) The head of
an agency may enter into a share-in-savings contract for information
technology (as defined in section 11101(6) of title 40) in which the
Government awards a contract to improve mission-related or administrative
processes or to accelerate the achievement of its mission and share with the
contractor in savings achieved through contract performance.
`(2)(A) Except as provided in subparagraph (B), a share-in-savings
contract shall be awarded for a period of not more than five years.
`(B) A share-in-savings contract may be awarded for a period greater than
five years, but not more than 10 years, if the head of the agency determines
in writing prior to award of the contract that--
`(i) the level of risk to be assumed and the investment to be undertaken
by the contractor is likely to inhibit the government from obtaining the
needed information technology competitively at a fair and reasonable price
if the contract is limited in duration to a period of five years or less;
and
`(ii) usage of the information technology to be acquired is likely to
continue for a period of time sufficient to generate reasonable benefit for
the government.
`(3) Contracts awarded pursuant to the authority of this section shall, to
the maximum extent practicable, be performance-based contracts that identify
objective outcomes and contain performance standards that will be used to
measure achievement and milestones that must be met before payment is made.
`(4) Contracts awarded pursuant to the authority of this section shall
include a provision containing a quantifiable baseline that is to be the basis
upon which a savings share ratio is established that governs the amount of
payment a contractor is to receive under the contract. Before commencement of
performance of such a contract, the senior procurement executive of the agency
shall determine in writing that the terms of the provision are quantifiable
and will likely yield value to the Government.
`(5)(A) The head of the agency may retain savings realized through the use
of a share-in-savings contract under this section that are in excess of the
total amount of savings paid to the contractor under the contract, but may not
retain any portion of such savings that is attributable to a decrease in the
number of civilian employees of the Federal Government performing the
function. Except as provided in subparagraph (B), savings shall be credited to
the appropriation or fund against which charges were made to carry out the
contract and shall be used for information technology.
`(B) Amounts retained by the agency under this subsection shall--
`(i) without further appropriation, remain available until expended;
and
`(ii) be applied first to fund any contingent liabilities associated
with share-in-savings procurements that are not fully funded.
`(b) CANCELLATION AND TERMINATION- (1) If funds are not made available for
the continuation of a share-in-savings contract entered into under this
section in a subsequent fiscal year, the contract shall be canceled or
terminated. The costs of cancellation or termination may be paid out of--
`(A) appropriations available for the performance of the contract;
`(B) appropriations available for acquisition of the information
technology procured under the contract, and not otherwise obligated;
or
`(C) funds subsequently appropriated for payments of costs of
cancellation or termination, subject to the limitations in paragraph
(3).
`(2) The amount payable in the event of cancellation or termination of a
share-in-savings contract shall be negotiated with the contractor at the time
the contract is entered into.
`(3)(A) Subject to subparagraph (B), the head of an agency may enter into
share-in-savings contracts under this section in any given fiscal year even if
funds are not made specifically available for the full costs of cancellation
or termination of the contract if funds are available and sufficient to make
payments with respect to the first fiscal year of the contract and the
following conditions are met regarding the funding of cancellation and
termination liability:
`(i) The amount of unfunded contingent liability for the contract does
not exceed the lesser of--
`(I) 25 percent of the estimated costs of a cancellation or
termination; or
`(II) $5,000,000.
`(ii) Unfunded contingent liability in excess of $1,000,000 has been
approved by the Director of the Office of Management and Budget or the
Director's designee.
`(B) The aggregate number of share-in-savings contracts that may be
entered into under subparagraph (A) by all agencies to which this chapter
applies in a fiscal year may not exceed 5 in each of fiscal years 2003, 2004,
and 2005.
`(c) DEFINITIONS- In this section:
`(1) The term `contractor' means a private entity that enters into a
contract with an agency.
`(2) The term `savings' means--
`(A) monetary savings to an agency; or
`(B) savings in time or other benefits realized by the agency,
including enhanced revenues (other than enhanced revenues from the
collection of fees, taxes, debts, claims, or other amounts owed the
Federal Government).
`(3) The term `share-in-savings contract' means a contract under
which--
`(A) a contractor provides solutions for--
`(i) improving the agency's mission-related or administrative
processes; or
`(ii) accelerating the achievement of agency missions;
and
`(B) the head of the agency pays the contractor an amount equal to a
portion of the savings derived by the agency from--
`(i) any improvements in mission-related or administrative processes
that result from implementation of the solution; or
`(ii) acceleration of achievement of agency missions.
`(d) TERMINATION- No share-in-savings contracts may be entered into under
this section after September 30, 2005.'.
(2) The table of sections at the beginning of such chapter is amended by
adding at the end of the following new item:
`2332. Share-in-savings contracts.'.
(b) OTHER CONTRACTS- Title III of the Federal Property and Administrative
Services Act of 1949 is amended by adding at the end the following:
`SEC. 317. SHARE-IN-SAVINGS CONTRACTS.
`(a) AUTHORITY TO ENTER INTO SHARE-IN-SAVINGS CONTRACTS- (1) The head of
an executive agency may enter into a share-in-savings contract for information
technology (as defined in section 11101(6) of title 40, United States Code) in
which the Government awards a contract to improve mission-related or
administrative processes or to accelerate the achievement of its mission and
share with the contractor in savings achieved through contract performance.
`(2)(A) Except as provided in subparagraph (B), a share-in-savings
contract shall be awarded for a period of not more than five years.
`(B) A share-in-savings contract may be awarded for a period greater than
five years, but not more than 10 years, if the head of the agency determines
in writing prior to award of the contract that--
`(i) the level of risk to be assumed and the investment to be undertaken
by the contractor is likely to inhibit the government from obtaining the
needed information technology competitively at a fair and reasonable price
if the contract is limited in duration to a period of five years or less;
and
`(ii) usage of the information technology to be acquired is likely to
continue for a period of time sufficient to generate reasonable benefit for
the government.
`(3) Contracts awarded pursuant to the authority of this section shall, to
the maximum extent practicable, be performance-based contracts that identify
objective outcomes and contain performance standards that will be used to
measure achievement and milestones that must be met before payment is made.
`(4) Contracts awarded pursuant to the authority of this section shall
include a provision containing a quantifiable baseline that is to be the basis
upon which a savings share ratio is established that governs the amount of
payment a contractor is to receive under the contract. Before commencement of
performance of such a contract, the senior procurement executive of the agency
shall determine in writing that the terms of the provision are quantifiable
and will likely yield value to the Government.
`(5)(A) The head of the agency may retain savings realized through the use
of a share-in-savings contract under this section that are in excess of the
total amount of savings paid to the contractor under the contract, but may not
retain any portion of such savings that is attributable to a decrease in the
number of civilian employees of the Federal Government performing the
function. Except as provided in subparagraph (B), savings shall be credited to
the appropriation or fund against which charges were made to carry out the
contract and shall be used for information technology.
`(B) Amounts retained by the agency under this subsection shall--
`(i) without further appropriation, remain available until expended;
and
`(ii) be applied first to fund any contingent liabilities associated
with share-in-savings procurements that are not fully funded.
`(b) CANCELLATION AND TERMINATION- (1) If funds are not made available for
the continuation of a share-in-savings contract entered into under this
section in a subsequent fiscal year, the contract shall be canceled or
terminated. The costs of cancellation or termination may be paid out of--
`(A) appropriations available for the performance of the contract;
`(B) appropriations available for acquisition of the information
technology procured under the contract, and not otherwise obligated;
or
`(C) funds subsequently appropriated for payments of costs of
cancellation or termination, subject to the limitations in paragraph
(3).
`(2) The amount payable in the event of cancellation or termination of a
share-in-savings contract shall be negotiated with the contractor at the time
the contract is entered into.
`(3)(A) Subject to subparagraph (B), the head of an executive agency may
enter into share-in-savings contracts under this section in any given fiscal
year even if funds are not made specifically available for the full costs of
cancellation or termination of the contract if funds are available and
sufficient to make payments with respect to the first fiscal year of the
contract and the following conditions are met regarding the funding of
cancellation and termination liability:
`(i) The amount of unfunded contingent liability for the contract does
not exceed the lesser of--
`(I) 25 percent of the estimated costs of a cancellation or
termination; or
`(II) $5,000,000.
`(ii) Unfunded contingent liability in excess of $1,000,000 has been
approved by the Director of the Office of Management and Budget or the
Director's designee.
`(B) The aggregate number of share-in-savings contracts that may be
entered into under subparagraph (A) by all executive agencies to which this
chapter applies in a fiscal year may not exceed 5 in each of fiscal years
2003, 2004, and 2005.
`(c) DEFINITIONS- In this section:
`(1) The term `contractor' means a private entity that enters into a
contract with an agency.
`(2) The term `savings' means--
`(A) monetary savings to an agency; or
`(B) savings in time or other benefits realized by the agency,
including enhanced revenues (other than enhanced revenues from the
collection of fees, taxes, debts, claims, or other amounts owed the
Federal Government).
`(3) The term `share-in-savings contract' means a contract under
which--
`(A) a contractor provides solutions for--
`(i) improving the agency's mission-related or administrative
processes; or
`(ii) accelerating the achievement of agency missions;
and
`(B) the head of the agency pays the contractor an amount equal to a
portion of the savings derived by the agency from--
`(i) any improvements in mission-related or administrative processes
that result from implementation of the solution; or
`(ii) acceleration of achievement of agency missions.
`(d) TERMINATION- No share-in-savings contracts may be entered into under
this section after September 30, 2005.'.
(c) DEVELOPMENT OF INCENTIVES- The Director of the Office of Management
and Budget shall, in consultation with the Committee on Governmental Affairs
of the Senate, the Committee on Government Reform of the House of
Representatives, and executive agencies, develop techniques to permit an
executive agency to retain a portion of the savings (after payment of the
contractor's share of the savings) derived from share-in-savings contracts as
funds are appropriated to the agency in future fiscal years.
(d) REGULATIONS- Not later than 270 days after the date of the enactment
of this Act, the Federal Acquisition Regulation shall be revised to implement
the provisions enacted by this section. Such revisions shall--
(1) provide for the use of competitive procedures in the selection and
award of share-in-savings contracts to--
(A) ensure the contractor's share of savings reflects the risk
involved and market conditions; and
(B) otherwise yield greatest value to the government; and
(2) allow appropriate regulatory flexibility to facilitate the use of
share-in-savings contracts by executive agencies, including the use of
innovative provisions for technology refreshment and nonstandard Federal
Acquisition Regulation contract clauses.
(e) ADDITIONAL GUIDANCE- The Administrator of General Services shall--
(1) identify potential opportunities for the use of share-in-savings
contracts; and
(2) in consultation with the Director of the Office of Management and
Budget, provide guidance to executive agencies for determining mutually
beneficial savings share ratios and baselines from which savings may be
measured.
(f) OMB REPORT TO CONGRESS- In consultation with executive agencies, the
Director of the Office of Management and Budget shall, not later than 2 years
after the date of the enactment of this Act, submit to Congress a report
containing--
(1) a description of the number of share-in-savings contracts entered
into by each executive agency under by this section and the amendments made
by this section, and, for each contract identified--
(A) the information technology acquired;
(B) the total amount of payments made to the contractor; and
(C) the total amount of savings or other measurable benefits
realized;
(2) a description of the ability of agencies to determine the baseline
costs of a project against which savings can be measured; and
(3) any recommendations, as the Director deems appropriate, regarding
additional changes in law that may be necessary to ensure effective use of
share-in-savings contracts by executive agencies.
(g) GAO REPORT TO CONGRESS- The Comptroller General shall, not later than
6 months after the report required under subsection (f) is submitted to
Congress, conduct a review of that report and submit to Congress a report
containing--
(1) the results of the review;
(2) an independent assessment by the Comptroller General of the
effectiveness of the use of share-in-savings contracts in improving the
mission-related and administrative processes of the executive agencies and
the achievement of agency missions; and
(3) a recommendation on whether the authority to enter into
share-in-savings contracts should be continued.
(h) REPEAL OF SHARE-IN-SAVINGS PILOT PROGRAM-
(1) REPEAL- Section 11521 of title 40, United States Code, is
repealed.
(2) CONFORMING AMENDMENTS TO PILOT PROGRAM AUTHORITY-
(A) Section 11501 of title 40, United States Code, is
amended--
(i) in the section heading, by striking `programs' and inserting
`program';
(ii) in subsection (a)(1), by striking `conduct pilot programs' and
inserting `conduct a pilot program pursuant to the requirements of
section 11521 of this title';
(iii) in subsection (a)(2), by striking `each pilot program' and
inserting `the pilot program';
(iv) in subsection (b), by striking `LIMITATIONS- ' and all that
follows through `$750,000,000.' and inserting the following: `LIMITATION
ON AMOUNT- The total amount obligated for contracts entered into under
the pilot program conducted under this chapter may not exceed
$375,000,000.'; and
(v) in subsection (c)(1), by striking `a pilot' and inserting `the
pilot'.
(B) The following provisions of chapter 115 of such title are each
amended by striking `a pilot' each place it appears and inserting `the
pilot':
(i) Section 11502(a).
(ii) Section 11502(b).
(iii) Section 11503(a).
(iv) Section 11504.
(C) Section 11505 of such chapter is amended by striking `programs'
and inserting `program'.
(3) ADDITIONAL CONFORMING AMENDMENTS-
(A) Section 11522 of title 40, United States Code, is redesignated as
section 11521.
(B) The chapter heading for chapter 115 of such title is amended by
striking `PROGRAMS' and inserting `PROGRAM'.
(C) The subchapter heading for subchapter I and for subchapter II of
such chapter are each amended by striking `PROGRAMS' and inserting
`PROGRAM'.
(D) The item relating to subchapter I in the table of sections at the
beginning of such chapter is amended to read as follows:
`SUBCHAPTER I--CONDUCT OF PILOT PROGRAM'.
(E) The item relating to subchapter II in the table of sections at the
beginning of such chapter is amended to read as follows:
`SUBCHAPTER II--SPECIFIC PILOT PROGRAM'.
(F) The item relating to section 11501 in the table of sections at the
beginning of such is amended by striking `programs' and inserting
`program'.
(G) The table of sections at the beginning of such chapter is amended
by striking the item relating to section 11521 and redesignating the item
relating to section 11522 as section 11521.
(H) The item relating to chapter 115 in the table of chapters for
subtitle III of title 40, United States Code, is amended to read as
follows:
(i) DEFINITIONS- In this section, the terms `contractor', `savings', and
`share-in-savings contract' have the meanings given those terms in section 317
of the Federal Property and Administrative Services Act of 1949 (as added by
subsection (b)).
SEC. 211. AUTHORIZATION FOR ACQUISITION OF INFORMATION TECHNOLOGY BY STATE
AND LOCAL GOVERNMENTS THROUGH FEDERAL SUPPLY SCHEDULES.
(a) AUTHORITY TO USE CERTAIN SUPPLY SCHEDULES- Section 502 of title 40,
United States Code, is amended by adding at the end the following new
subsection:
`(c) USE OF CERTAIN SUPPLY SCHEDULES-
`(1) IN GENERAL- The Administrator may provide for the use by State or
local governments of Federal supply schedules of the General Services
Administration for automated data processing equipment (including firmware),
software, supplies, support equipment, and services (as contained in Federal
supply classification code group 70).
`(2) VOLUNTARY USE- In any case of the use by a State or local
government of a Federal supply schedule pursuant to paragraph (1),
participation by a firm that sells to the Federal Government through the
supply schedule shall be voluntary with respect to a sale to the State or
local government through such supply schedule.
`(3) DEFINITIONS- In this subsection:
`(A) The term `State or local government' includes any State, local,
regional, or tribal government, or any instrumentality thereof (including
any local educational agency or institution of higher education).
`(B) The term `tribal government' means--
`(i) the governing body of any Indian tribe, band, nation, or other
organized group or community located in the continental United States
(excluding the State of Alaska) that is recognized as eligible for the
special programs and services provided by the United States to Indians
because of their status as Indians, and
`(ii) any Alaska Native regional or village corporation established
pursuant to the Alaska Native Claims Settlement Act (43 U.S.C. 1601 et
seq.).
`(C) The term `local educational agency' has the meaning given that
term in section 8013 of the Elementary and Secondary Education Act of 1965
(20 U.S.C. 7713).
`(D) The term `institution of higher education' has the meaning given
that term in section 101(a) of the Higher Education Act of 1965 (20 U.S.C.
1001(a)).'.
(b) PROCEDURES- Not later than 30 days after the date of the enactment of
this Act, the Administrator of General Services shall establish procedures to
implement section 501(c) of title 40, United States Code (as added by
subsection (a)).
(c) REPORT- Not later than December 31, 2004, the Administrator shall
submit to the Committee on Government Reform of the House of Representatives
and the Committee on Governmental Affairs of the Senate a report on the
implementation and effects of the amendment made by subsection (a).
SEC. 212. INTEGRATED REPORTING STUDY AND PILOT PROJECTS.
(a) PURPOSES- The purposes of this section are to--
(1) enhance the interoperability of Federal information systems;
(2) assist the public, including the regulated community, in
electronically submitting information to agencies under Federal
requirements, by reducing the burden of duplicate collection and ensuring
the accuracy of submitted information; and
(3) enable any person to integrate and obtain similar information held
by 1 or more agencies under 1 or more Federal requirements without violating
the privacy rights of an individual.
(b) DEFINITIONS- In this section, the term--
(1) `agency' means an Executive agency as defined under section 105 of
title 5, United States Code; and
(2) `person' means any individual, trust, firm, joint stock company,
corporation (including a government corporation), partnership, association,
State, municipality, commission, political subdivision of a State,
interstate body, or agency or component of the Federal Government.
(c) REPORT-
(1) IN GENERAL- Not later than 3 years after the date of enactment of
this Act, the Director shall oversee a study, in consultation with agencies,
the regulated community, public interest organizations, and the public, and
submit a report to the Committee on Governmental Affairs of the Senate and
the Committee on Government Reform of the House of Representatives on
progress toward integrating Federal information systems across
agencies.
(2) CONTENTS- The report under this section shall--
(A) address the integration of data elements used in the electronic
collection of information within databases established under Federal
statute without reducing the quality, accessibility, scope, or utility of
the information contained in each database;
(B) address the feasibility of developing, or enabling the development
of, software, including Internet-based tools, for use by reporting persons
in assembling, documenting, and validating the accuracy of information
electronically submitted to agencies under nonvoluntary, statutory, and
regulatory requirements;
(C) address the feasibility of developing a distributed information
system involving, on a voluntary basis, at least 2 agencies,
that--
(i) provides consistent, dependable, and timely public access to the
information holdings of 1 or more agencies, or some portion of such
holdings, without requiring public users to know which agency holds the
information; and
(ii) allows the integration of public information held by the
participating agencies;
(D) address the feasibility of incorporating other elements related to
the purposes of this section at the discretion of the Director;
and
(E) make any recommendations that the Director deems appropriate on
the use of integrated reporting and information systems, to reduce the
burden on reporting and strengthen public access to databases within and
across agencies.
(d) PILOT PROJECTS TO ENCOURAGE INTEGRATED COLLECTION AND MANAGEMENT OF
DATA AND INTEROPERABILITY OF FEDERAL INFORMATION SYSTEMS-
(1) IN GENERAL- In order to provide input to the study under subsection
(c), the Director shall designate, in consultation with agencies, a series
of no more than 5 pilot projects that integrate data elements. The Director
shall consult with agencies, the regulated community, public interest
organizations, and the public on the implementation of the pilot
projects.
(2) GOALS OF PILOT PROJECTS-
(A) IN GENERAL- Each goal described under subparagraph (B) shall be
addressed by at least 1 pilot project each.
(B) GOALS- The goals under this paragraph are to--
(i) reduce information collection burdens by eliminating duplicative
data elements within 2 or more reporting requirements;
(ii) create interoperability between or among public databases
managed by 2 or more agencies using technologies and techniques that
facilitate public access; and
(iii) develop, or enable the development of, software to reduce
errors in electronically submitted information.
(3) INPUT- Each pilot project shall seek input from users on the utility
of the pilot project and areas for improvement. To the extent practicable,
the Director shall consult with relevant agencies and State, tribal, and
local governments in carrying out the report and pilot projects under this
section.
(e) PROTECTIONS- The activities authorized under this section shall afford
protections for--
(1) confidential business information consistent with section 552(b)(4)
of title 5, United States Code, and other relevant law;
(2) personal privacy information under sections 552(b) (6) and (7)(C)
and 552a of title 5, United States Code, and other relevant law;
(3) other information consistent with section 552(b)(3) of title 5,
United States Code, and other relevant law; and
(4) confidential statistical information collected under a
confidentiality pledge, solely for statistical purposes, consistent with the
Office of Management and Budget's Federal Statistical Confidentiality Order,
and other relevant law.
SEC. 213. COMMUNITY TECHNOLOGY CENTERS.
(a) PURPOSES- The purposes of this section are to--
(1) study and enhance the effectiveness of community technology centers,
public libraries, and other institutions that provide computer and Internet
access to the public; and
(2) promote awareness of the availability of on-line government
information and services, to users of community technology centers, public
libraries, and other public facilities that provide access to computer
technology and Internet access to the public.
(b) STUDY AND REPORT- Not later than 2 years after the effective date of
this title, the Administrator shall--
(1) ensure that a study is conducted to evaluate the best practices of
community technology centers that have received Federal funds; and
(2) submit a report on the study to--
(A) the Committee on Governmental Affairs of the Senate;
(B) the Committee on Health, Education, Labor, and Pensions of the
Senate;
(C) the Committee on Government Reform of the House of
Representatives; and
(D) the Committee on Education and the Workforce of the House of
Representatives.
(c) CONTENTS- The report under subsection (b) may consider--
(1) an evaluation of the best practices being used by successful
community technology centers;
(2) a strategy for--
(A) continuing the evaluation of best practices used by community
technology centers; and
(B) establishing a network to share information and resources as
community technology centers evolve;
(3) the identification of methods to expand the use of best practices to
assist community technology centers, public libraries, and other
institutions that provide computer and Internet access to the public;
(4) a database of all community technology centers that have received
Federal funds, including--
(A) each center's name, location, services provided, director, other
points of contact, number of individuals served; and
(B) other relevant information;
(5) an analysis of whether community technology centers have been
deployed effectively in urban and rural areas throughout the Nation;
and
(6) recommendations of how to--
(A) enhance the development of community technology centers;
and
(B) establish a network to share information and resources.
(d) COOPERATION- All agencies that fund community technology centers shall
provide to the Administrator any information and assistance necessary for the
completion of the study and the report under this section.
(e) ASSISTANCE-
(1) IN GENERAL- The Administrator, in consultation with the Secretary of
Education, shall work with other relevant Federal agencies, and other
interested persons in the private and nonprofit sectors to--
(A) assist in the implementation of recommendations; and
(B) identify other ways to assist community technology centers, public
libraries, and other institutions that provide computer and Internet
access to the public.
(2) TYPES OF ASSISTANCE- Assistance under this subsection may
include--
(A) contribution of funds;
(B) donations of equipment, and training in the use and maintenance of
the equipment; and
(C) the provision of basic instruction or training material in
computer skills and Internet usage.
(f) ONLINE TUTORIAL-
(1) IN GENERAL- The Administrator, in consultation with the Secretary of
Education, the Director of the Institute of Museum and Library Services,
other relevant agencies, and the public, shall develop an online tutorial
that--
(A) explains how to access Government information and services on the
Internet; and
(B) provides a guide to available online resources.
(2) DISTRIBUTION- The Administrator, with assistance from the Secretary
of Education, shall distribute information on the tutorial to community
technology centers, public libraries, and other institutions that afford
Internet access to the public.
(g) PROMOTION OF COMMUNITY TECHNOLOGY CENTERS- The Administrator, with
assistance from the Department of Education and in consultation with other
agencies and organizations, shall promote the availability of community
technology centers to raise awareness within each community where such a
center is located.
(h) AUTHORIZATION OF APPROPRIATIONS- There are authorized to be
appropriated for the study of best practices at community technology centers,
for the development and dissemination of the online tutorial, and for the
promotion of community technology centers under this section--
(1) $2,000,000 in fiscal year 2003;
(2) $2,000,000 in fiscal year 2004; and
(3) such sums as are necessary in fiscal years 2005 through 2007.
SEC. 214. ENHANCING CRISIS MANAGEMENT THROUGH ADVANCED INFORMATION
TECHNOLOGY.
(a) PURPOSE- The purpose of this section is to improve how information
technology is used in coordinating and facilitating information on disaster
preparedness, response, and recovery, while ensuring the availability of such
information across multiple access channels.
(b) IN GENERAL-
(1) STUDY ON ENHANCEMENT OF CRISIS RESPONSE- Not later than 90 days
after the date of enactment of this Act, the Administrator, in consultation
with the Federal Emergency Management Agency, shall ensure that a study is
conducted on using information technology to enhance crisis preparedness,
response, and consequence management of natural and manmade disasters.
(2) CONTENTS- The study under this subsection shall address--
(A) a research and implementation strategy for effective use of
information technology in crisis response and consequence management,
including the more effective use of technologies, management of
information technology research initiatives, and incorporation of research
advances into the information and communications systems of--
(i) the Federal Emergency Management Agency; and
(ii) other Federal, State, and local agencies responsible for crisis
preparedness, response, and consequence management; and
(B) opportunities for research and development on enhanced
technologies into areas of potential improvement as determined during the
course of the study.
(3) REPORT- Not later than 2 years after the date on which a contract is
entered into under paragraph (1), the Administrator shall submit a report on
the study, including findings and recommendations to--
(A) the Committee on Governmental Affairs of the Senate; and
(B) the Committee on Government Reform of the House of
Representatives.
(4) INTERAGENCY COOPERATION- Other Federal departments and agencies with
responsibility for disaster relief and emergency assistance shall fully
cooperate with the Administrator in carrying out this section.
(5) AUTHORIZATION OF APPROPRIATIONS- There are authorized to be
appropriated for research under this subsection, such sums as are necessary
for fiscal year 2003.
(c) PILOT PROJECTS- Based on the results of the research conducted under
subsection (b), the Administrator, in consultation with the Federal Emergency
Management Agency, shall initiate pilot projects or report to Congress on
other activities that further the goal of maximizing the utility of
information technology in disaster management. The Administrator shall
cooperate with other relevant agencies, and, if appropriate, State, local, and
tribal governments, in initiating such pilot projects.
SEC. 215. DISPARITIES IN ACCESS TO THE INTERNET.
(a) STUDY AND REPORT-
(1) STUDY- Not later than 90 days after the date of enactment of this
Act, the Administrator of General Services shall request that the National
Academy of Sciences, acting through the National Research Council, enter
into a contract to conduct a study on disparities in Internet access for
online Government services.
(2) REPORT- Not later than 2 years after the date of enactment of this
Act, the Administrator of General Services shall submit to the Committee on
Governmental Affairs of the Senate and the Committee on Government Reform of
the House of Representatives a final report of the study under this section,
which shall set forth the findings, conclusions, and recommendations of the
National Research Council.
(b) CONTENTS- The report under subsection (a) shall include a study
of--
(1) how disparities in Internet access influence the effectiveness of
online Government services, including a review of--
(A) the nature of disparities in Internet access;
(B) the affordability of Internet service;
(C) the incidence of disparities among different groups within the
population; and
(D) changes in the nature of personal and public Internet access that
may alleviate or aggravate effective access to online Government
services;
(2) how the increase in online Government services is influencing the
disparities in Internet access and how technology development or diffusion
trends may offset such adverse influences; and
(3) related societal effects arising from the interplay of disparities
in Internet access and the increase in online Government services.
(c) RECOMMENDATIONS- The report shall include recommendations on actions
to ensure that online Government initiatives shall not have the unintended
result of increasing any deficiency in public access to Government
services.
(d) AUTHORIZATION OF APPROPRIATIONS- There are authorized to be
appropriated $950,000 in fiscal year 2003 to carry out this section.
SEC. 216. COMMON PROTOCOLS FOR GEOGRAPHIC INFORMATION SYSTEMS.
(a) PURPOSES- The purposes of this section are to--
(1) reduce redundant data collection and information; and
(2) promote collaboration and use of standards for government geographic
information.
(b) DEFINITION- In this section, the term `geographic information' means
information systems that involve locational data, such as maps or other
geospatial information resources.
(c) IN GENERAL-
(1) COMMON PROTOCOLS- The Administrator, in consultation with the
Secretary of the Interior, working with the Director and through an
interagency group, and working with private sector experts, State, local,
and tribal governments, commercial and international standards groups, and
other interested parties, shall facilitate the development of common
protocols for the development, acquisition, maintenance, distribution, and
application of geographic information. If practicable, the Administrator
shall incorporate intergovernmental and public private geographic
information partnerships into efforts under this subsection.
(2) INTERAGENCY GROUP- The interagency group referred to under paragraph
(1) shall include representatives of the National Institute of Standards and
Technology and other agencies.
(d) DIRECTOR- The Director shall oversee--
(1) the interagency initiative to develop common protocols;
(2) the coordination with State, local, and tribal governments, public
private partnerships, and other interested persons on effective and
efficient ways to align geographic information and develop common protocols;
and
(3) the adoption of common standards relating to the protocols.
(e) COMMON PROTOCOLS- The common protocols shall be designed to--
(1) maximize the degree to which unclassified geographic information
from various sources can be made electronically compatible and accessible;
and
(2) promote the development of interoperable geographic information
systems technologies that shall--
(A) allow widespread, low-cost use and sharing of geographic data by
Federal agencies, State, local, and tribal governments, and the public;
and
(B) enable the enhancement of services using geographic data.
(f) AUTHORIZATION OF APPROPRIATIONS- There are authorized to be
appropriated such sums as are necessary to carry out this section, for each of
the fiscal years 2003 through 2007.
SEC. 301. INFORMATION SECURITY.
(a) SHORT TITLE- This title may be cited as the `Federal Information
Security Management Act of 2002'.
(b) INFORMATION SECURITY-
(1) IN GENERAL- Chapter 35 of title 44, United States Code, is amended
by adding at the end the following new subchapter:
`SUBCHAPTER III--INFORMATION SECURITY
`Sec. 3541. Purposes
`The purposes of this subchapter are to--
`(1) provide a comprehensive framework for ensuring the effectiveness of
information security controls over information resources that support
Federal operations and assets;
`(2) recognize the highly networked nature of the current Federal
computing environment and provide effective governmentwide management and
oversight of the related information security risks, including coordination
of information security efforts throughout the civilian, national security,
and law enforcement communities;
`(3) provide for development and maintenance of minimum controls
required to protect Federal information and information systems;
`(4) provide a mechanism for improved oversight of Federal agency
information security programs;
`(5) acknowledge that commercially developed information security
products offer advanced, dynamic, robust, and effective information security
solutions, reflecting market solutions for the protection of critical
information infrastructures important to the national defense and economic
security of the nation that are designed, built, and operated by the private
sector; and
`(6) recognize that the selection of specific technical hardware and
software information security solutions should be left to individual
agencies from among commercially developed products.
`Sec. 3542. Definitions
`(a) IN GENERAL- Except as provided under subsection (b), the definitions
under section 3502 shall apply to this subchapter.
`(b) ADDITIONAL DEFINITIONS- As used in this subchapter:
`(1) The term `information security' means protecting information and
information systems from unauthorized access, use, disclosure, disruption,
modification, or destruction in order to provide--
`(A) integrity, which means guarding against improper information
modification or destruction, and includes ensuring information
nonrepudiation and authenticity;
`(B) confidentiality, which means preserving authorized restrictions
on access and disclosure, including means for protecting personal privacy
and proprietary information; and
`(C) availability, which means ensuring timely and reliable access to
and use of information.
`(2)(A) The term `national security system' means any information system
(including any telecommunications system) used or operated by an agency or
by a contractor of an agency, or other organization on behalf of an
agency--
`(i) the function, operation, or use of which--
`(I) involves intelligence activities;
`(II) involves cryptologic activities related to national
security;
`(III) involves command and control of military forces;
`(IV) involves equipment that is an integral part of a weapon or
weapons system; or
`(V) subject to subparagraph (B), is critical to the direct
fulfillment of military or intelligence missions; or
`(ii) is protected at all times by procedures established for
information that have been specifically authorized under criteria
established by an Executive order or an Act of Congress to be kept
classified in the interest of national defense or foreign policy.
`(B) Subparagraph (A)(i)(V) does not include a system that is to be used
for routine administrative and business applications (including payroll,
finance, logistics, and personnel management applications).
`(3) The term `information technology' has the meaning given that term
in section 11101 of title 40.
`Sec. 3543. Authority and functions of the Director
`(a) IN GENERAL- The Director shall oversee agency information security
policies and practices, including--
`(1) developing and overseeing the implementation of policies,
principles, standards, and guidelines on information security, including
through ensuring timely agency adoption of and compliance with standards
promulgated under section 11331 of title 40;
`(2) requiring agencies, consistent with the standards promulgated under
such section 11331 and the requirements of this subchapter, to identify and
provide information security protections commensurate with the risk and
magnitude of the harm resulting from the unauthorized access, use,
disclosure, disruption, modification, or destruction of--
`(A) information collected or maintained by or on behalf of an agency;
or
`(B) information systems used or operated by an agency or by a
contractor of an agency or other organization on behalf of an
agency;
`(3) coordinating the development of standards and guidelines under
section 20 of the National Institute of Standards and Technology Act (15
U.S.C. 278g-3) with agencies and offices operating or exercising control of
national security systems (including the National Security Agency) to
assure, to the maximum extent feasible, that such standards and guidelines
are complementary with standards and guidelines developed for national
security systems;
`(4) overseeing agency compliance with the requirements of this
subchapter, including through any authorized action under section 11303 of
title 40, to enforce accountability for compliance with such
requirements;
`(5) reviewing at least annually, and approving or disapproving, agency
information security programs required under section 3544(b);
`(6) coordinating information security policies and procedures with
related information resources management policies and procedures;
`(7) overseeing the operation of the Federal information security
incident center required under section 3546; and
`(8) reporting to Congress no later than March 1 of each year on agency
compliance with the requirements of this subchapter, including--
`(A) a summary of the findings of evaluations required by section
3545;
`(B) an assessment of the development, promulgation, and adoption of,
and compliance with, standards developed under section 20 of the National
Institute of Standards and Technology Act (15 U.S.C. 278g-3) and
promulgated under section 11331 of title 40;
`(C) significant deficiencies in agency information security
practices;
`(D) planned remedial action to address such deficiencies;
and
`(E) a summary of, and the views of the Director on, the report
prepared by the National Institute of Standards and Technology under
section 20(d)(10) of the National Institute of Standards and Technology
Act (15 U.S.C. 278g-3).
`(b) NATIONAL SECURITY SYSTEMS- Except for the authorities described in
paragraphs (4) and (8) of subsection (a), the authorities of the Director
under this section shall not apply to national security systems.
`(c) DEPARTMENT OF DEFENSE AND CENTRAL INTELLIGENCE AGENCY SYSTEMS- (1)
The authorities of the Director described in paragraphs (1) and (2) of
subsection (a) shall be delegated to the Secretary of Defense in the case of
systems described in paragraph (2) and to the Director of Central Intelligence
in the case of systems described in paragraph (3).
`(2) The systems described in this paragraph are systems that are operated
by the Department of Defense, a contractor of the Department of Defense, or
another entity on behalf of the Department of Defense that processes any
information the unauthorized access, use, disclosure, disruption,
modification, or destruction of which would have a debilitating impact on the
mission of the Department of Defense.
`(3) The systems described in this paragraph are systems that are operated
by the Central Intelligence Agency, a contractor of the Central Intelligence
Agency, or another entity on behalf of the Central Intelligence Agency that
processes any information the unauthorized access, use, disclosure,
disruption, modification, or destruction of which would have a debilitating
impact on the mission of the Central Intelligence Agency.
`Sec. 3544. Federal agency responsibilities
`(a) IN GENERAL- The head of each agency shall--
`(1) be responsible for--
`(A) providing information security protections commensurate with the
risk and magnitude of the harm resulting from unauthorized access, use,
disclosure, disruption, modification, or destruction of--
`(i) information collected or maintained by or on behalf of the
agency; and
`(ii) information systems used or operated by an agency or by a
contractor of an agency or other organization on behalf of an
agency;
`(B) complying with the requirements of this subchapter and related
policies, procedures, standards, and guidelines, including--
`(i) information security standards promulgated under section 11331
of title 40; and
`(ii) information security standards and guidelines for national
security systems issued in accordance with law and as directed by the
President; and
`(C) ensuring that information security management processes are
integrated with agency strategic and operational planning
processes;
`(2) ensure that senior agency officials provide information security
for the information and information systems that support the operations and
assets under their control, including through--
`(A) assessing the risk and magnitude of the harm that could result
from the unauthorized access, use, disclosure, disruption, modification,
or destruction of such information or information systems;
`(B) determining the levels of information security appropriate to
protect such information and information systems in accordance with
standards promulgated under section 11331 of title 40, for information
security classifications and related requirements;
`(C) implementing policies and procedures to cost-effectively reduce
risks to an acceptable level; and
`(D) periodically testing and evaluating information security controls
and techniques to ensure that they are effectively implemented;
`(3) delegate to the agency Chief Information Officer established under
section 3506 (or comparable official in an agency not covered by such
section) the authority to ensure compliance with the requirements imposed on
the agency under this subchapter, including--
`(A) designating a senior agency information security officer who
shall--
`(i) carry out the Chief Information Officer's responsibilities
under this section;
`(ii) possess professional qualifications, including training and
experience, required to administer the functions described under this
section;
`(iii) have information security duties as that official's primary
duty; and
`(iv) head an office with the mission and resources to assist in
ensuring agency compliance with this section;
`(B) developing and maintaining an agencywide information security
program as required by subsection (b);
`(C) developing and maintaining information security policies,
procedures, and control techniques to address all applicable requirements,
including those issued under section 3543 of this title, and section 11331
of title 40;
`(D) training and overseeing personnel with significant
responsibilities for information security with respect to such
responsibilities; and
`(E) assisting senior agency officials concerning their
responsibilities under paragraph (2);
`(4) ensure that the agency has trained personnel sufficient to assist
the agency in complying with the requirements of this subchapter and related
policies, procedures, standards, and guidelines; and
`(5) ensure that the agency Chief Information Officer, in coordination
with other senior agency officials, reports annually to the agency head on
the effectiveness of the agency information security program, including
progress of remedial actions.
`(b) AGENCY PROGRAM- Each agency shall develop, document, and implement an
agencywide information security program, approved by the Director under
section 3543(a)(5), to provide information security for the information and
information systems that support the operations and assets of the agency,
including those provided or managed by another agency, contractor, or other
source, that includes--
`(1) periodic assessments of the risk and magnitude of the harm that
could result from the unauthorized access, use, disclosure, disruption,
modification, or destruction of information and information systems that
support the operations and assets of the agency;
`(2) policies and procedures that--
`(A) are based on the risk assessments required by paragraph
(1);
`(B) cost-effectively reduce information security risks to an
acceptable level;
`(C) ensure that information security is addressed throughout the life
cycle of each agency information system; and
`(D) ensure compliance with--
`(i) the requirements of this subchapter;
`(ii) policies and procedures as may be prescribed by the Director,
and information security standards promulgated under section 11331 of
title 40;
`(iii) minimally acceptable system configuration requirements, as
determined by the agency; and
`(iv) any other applicable requirements, including standards and
guidelines for national security systems issued in accordance with law
and as directed by the President;
`(3) subordinate plans for providing adequate information security for
networks, facilities, and systems or groups of information systems, as
appropriate;
`(4) security awareness training to inform personnel, including
contractors and other users of information systems that support the
operations and assets of the agency, of--
`(A) information security risks associated with their activities;
and
`(B) their responsibilities in complying with agency policies and
procedures designed to reduce these risks;
`(5) periodic testing and evaluation of the effectiveness of information
security policies, procedures, and practices, to be performed with a
frequency depending on risk, but no less than annually, of which such
testing--
`(A) shall include testing of management, operational, and technical
controls of every information system identified in the inventory required
under section 3505(c); and
`(B) may include testing relied on in a evaluation under section
3545;
`(6) a process for planning, implementing, evaluating, and documenting
remedial action to address any deficiencies in the information security
policies, procedures, and practices of the agency;
`(7) procedures for detecting, reporting, and responding to security
incidents, consistent with standards and guidelines issued pursuant to
section 3546(b), including--
`(A) mitigating risks associated with such incidents before
substantial damage is done;
`(B) notifying and consulting with the Federal information security
incident center referred to in section 3546; and
`(C) notifying and consulting with, as appropriate--
`(i) law enforcement agencies and relevant Offices of Inspector
General;
`(ii) an office designated by the President for any incident
involving a national security system; and
`(iii) any other agency or office, in accordance with law or as
directed by the President; and
`(8) plans and procedures to ensure continuity of operations for
information systems that support the operations and assets of the
agency.
`(c) AGENCY REPORTING- Each agency shall--
`(1) report annually to the Director, the Committees on Government
Reform and Science of the House of Representatives, the Committees on
Governmental Affairs and Commerce, Science, and Transportation of the
Senate, the appropriate authorization and appropriations committees of
Congress, and the Comptroller General on the adequacy and effectiveness of
information security policies, procedures, and practices, and compliance
with the requirements of this subchapter, including compliance with each
requirement of subsection (b);
`(2) address the adequacy and effectiveness of information security
policies, procedures, and practices in plans and reports relating to--
`(A) annual agency budgets;
`(B) information resources management under subchapter 1 of this
chapter;
`(C) information technology management under subtitle III of title
40;
`(D) program performance under sections 1105 and 1115 through 1119 of
title 31, and sections 2801 and 2805 of title 39;
`(E) financial management under chapter 9 of title 31, and the Chief
Financial Officers Act of 1990 (31 U.S.C. 501 note; Public Law 101-576)
(and the amendments made by that Act);
`(F) financial management systems under the Federal Financial
Management Improvement Act (31 U.S.C. 3512 note); and
`(G) internal accounting and administrative controls under section
3512 of title 31, (known as the `Federal Managers Financial Integrity
Act'); and
`(3) report any significant deficiency in a policy, procedure, or
practice identified under paragraph (1) or (2)--
`(A) as a material weakness in reporting under section 3512 of title
31; and
`(B) if relating to financial management systems, as an instance of a
lack of substantial compliance under the Federal Financial Management
Improvement Act (31 U.S.C. 3512 note).
`(d) PERFORMANCE PLAN- (1) In addition to the requirements of subsection
(c), each agency, in consultation with the Director, shall include as part of
the performance plan required under section 1115 of title 31 a description
of--
`(A) the time periods, and
`(B) the resources, including budget, staffing, and training,
that are necessary to implement the program required under subsection
(b).
`(2) The description under paragraph (1) shall be based on the risk
assessments required under subsection (b)(2)(1).
`(e) PUBLIC NOTICE AND COMMENT- Each agency shall provide the public with
timely notice and opportunities for comment on proposed information security
policies and procedures to the extent that such policies and procedures affect
communication with the public.
`Sec. 3545. Annual independent evaluation
`(a) IN GENERAL- (1) Each year each agency shall have performed an
independent evaluation of the information security program and practices of
that agency to determine the effectiveness of such program and practices.
`(2) Each evaluation under this section shall include--
`(A) testing of the effectiveness of information security policies,
procedures, and practices of a representative subset of the agency's
information systems;
`(B) an assessment (made on the basis of the results of the testing) of
compliance with--
`(i) the requirements of this subchapter; and
`(ii) related information security policies, procedures, standards,
and guidelines; and
`(C) separate presentations, as appropriate, regarding information
security relating to national security systems.
`(b) INDEPENDENT AUDITOR- Subject to subsection (c)--
`(1) for each agency with an Inspector General appointed under the
Inspector General Act of 1978, the annual evaluation required by this
section shall be performed by the Inspector General or by an independent
external auditor, as determined by the Inspector General of the agency;
and
`(2) for each agency to which paragraph (1) does not apply, the head of
the agency shall engage an independent external auditor to perform the
evaluation.
`(c) NATIONAL SECURITY SYSTEMS- For each agency operating or exercising
control of a national security system, that portion of the evaluation required
by this section directly relating to a national security system shall be
performed--
`(1) only by an entity designated by the agency head; and
`(2) in such a manner as to ensure appropriate protection for
information associated with any information security vulnerability in such
system commensurate with the risk and in accordance with all applicable
laws.
`(d) EXISTING EVALUATIONS- The evaluation required by this section may be
based in whole or in part on an audit, evaluation, or report relating to
programs or practices of the applicable agency.
`(e) AGENCY REPORTING- (1) Each year, not later than such date established
by the Director, the head of each agency shall submit to the Director the
results of the evaluation required under this section.
`(2) To the extent an evaluation required under this section directly
relates to a national security system, the evaluation results submitted to the
Director shall contain only a summary and assessment of that portion of the
evaluation directly relating to a national security system.
`(f) PROTECTION OF INFORMATION- Agencies and evaluators shall take
appropriate steps to ensure the protection of information which, if disclosed,
may adversely affect information security. Such protections shall be
commensurate with the risk and comply with all applicable laws and
regulations.
`(g) OMB REPORTS TO CONGRESS- (1) The Director shall summarize the results
of the evaluations conducted under this section in the report to Congress
required under section 3543(a)(8).
`(2) The Director's report to Congress under this subsection shall
summarize information regarding information security relating to national
security systems in such a manner as to ensure appropriate protection for
information associated with any information security vulnerability in such
system commensurate with the risk and in accordance with all applicable
laws.
`(3) Evaluations and any other descriptions of information systems under
the authority and control of the Director of Central Intelligence or of
National Foreign Intelligence Programs systems under the authority and control
of the Secretary of Defense shall be made available to Congress only through
the appropriate oversight committees of Congress, in accordance with
applicable laws.
`(h) COMPTROLLER GENERAL- The Comptroller General shall periodically
evaluate and report to Congress on--
`(1) the adequacy and effectiveness of agency information security
policies and practices; and
`(2) implementation of the requirements of this subchapter.
`Sec. 3546. Federal information security incident center
`(a) IN GENERAL- The Director shall ensure the operation of a central
Federal information security incident center to--
`(1) provide timely technical assistance to operators of agency
information systems regarding security incidents, including guidance on
detecting and handling information security incidents;
`(2) compile and analyze information about incidents that threaten
information security;
`(3) inform operators of agency information systems about current and
potential information security threats, and vulnerabilities; and
`(4) consult with the National Institute of Standards and Technology,
agencies or offices operating or exercising control of national security
systems (including the National Security Agency), and such other agencies or
offices in accordance with law and as directed by the President regarding
information security incidents and related matters.
`(b) NATIONAL SECURITY SYSTEMS- Each agency operating or exercising
control of a national security system shall share information about
information security incidents, threats, and vulnerabilities with the Federal
information security incident center to the extent consistent with standards
and guidelines for national security systems, issued in accordance with law
and as directed by the President.
`Sec. 3547. National security systems
`The head of each agency operating or exercising control of a national
security system shall be responsible for ensuring that the agency--
`(1) provides information security protections commensurate with the
risk and magnitude of the harm resulting from the unauthorized access, use,
disclosure, disruption, modification, or destruction of the information
contained in such system;
`(2) implements information security policies and practices as required
by standards and guidelines for national security systems, issued in
accordance with law and as directed by the President; and
`(3) complies with the requirements of this subchapter.
`Sec. 3548. Authorization of appropriations
`There are authorized to be appropriated to carry out the provisions of
this subchapter such sums as may be necessary for each of fiscal years 2003
through 2007.
`Sec. 3549. Effect on existing law
`Nothing in this subchapter, section 11331 of title 40, or section 20 of
the National Standards and Technology Act (15 U.S.C. 278g-3) may be construed
as affecting the authority of the President, the Office of Management and
Budget or the Director thereof, the National Institute of Standards and
Technology, or the head of any agency, with respect to the authorized use or
disclosure of information, including with regard to the protection of personal
privacy under section 552a of title 5, the disclosure of information under
section 552 of title 5, the management and disposition of records under
chapters 29, 31, or 33 of title 44, the management of information resources
under subchapter I of chapter 35 of this title, or the disclosure of
information to the Congress or the Comptroller General of the United States.
While this subchapter is in effect, subchapter II of this chapter shall not
apply.'.
(2) CLERICAL AMENDMENT- The table of sections at the beginning of such
chapter 35 is amended by adding at the end the following:
`SUBCHAPTER III--INFORMATION SECURITY
`3541. Purposes.
`3542. Definitions.
`3543. Authority and functions of the Director.
`3544. Federal agency responsibilities.
`3545. Annual independent evaluation.
`3546. Federal information security incident center.
`3547. National security systems.
`3548. Authorization of appropriations.
`3549. Effect on existing law.'.
(c) INFORMATION SECURITY RESPONSIBILITIES OF CERTAIN AGENCIES-
(1) NATIONAL SECURITY RESPONSIBILITIES- (A) Nothing in this Act
(including any amendment made by this Act) shall supersede any authority of
the Secretary of Defense, the Director of Central Intelligence, or other
agency head, as authorized by law and as directed by the President, with
regard to the operation, control, or management of national security
systems, as defined by section 3542(b)(2) of title 44, United States
Code.
(B) Section 2224 of title 10, United States Code, is amended--
(i) in subsection (b), by striking `(b) OBJECTIVES AND MINIMUM
REQUIREMENTS- (1)' and inserting `(b) OBJECTIVES OF THE PROGRAM-
';
(ii) in subsection (b), by striking paragraph (2); and
(iii) in subsection (c), in the matter preceding paragraph (1), by
inserting `, including through compliance with subchapter III of chapter
35 of title 44' after `infrastructure'.
(2) ATOMIC ENERGY ACT OF 1954- Nothing in this Act shall supersede any
requirement made by or under the Atomic Energy Act of 1954 (42 U.S.C. 2011
et seq.). Restricted data or formerly restricted data shall be handled,
protected, classified, downgraded, and declassified in conformity with the
Atomic Energy Act of 1954 (42 U.S.C. 2011 et seq.).
SEC. 302. MANAGEMENT OF INFORMATION TECHNOLOGY.
(a) IN GENERAL- Section 11331 of title 40, United States Code, is amended
to read as follows:
`Sec. 11331. Responsibilities for Federal information systems standards
`(a) STANDARDS AND GUIDELINES-
`(1) AUTHORITY TO PRESCRIBE- Except as provided under paragraph (2), the
Secretary of Commerce shall, on the basis of standards and guidelines
developed by the National Institute of Standards and Technology pursuant to
paragraphs (2) and (3) of section 20(a) of the National Institute of
Standards and Technology Act (15 U.S.C. 278g-3(a)), prescribe standards and
guidelines pertaining to Federal information systems.
`(2) NATIONAL SECURITY SYSTEMS- Standards and guidelines for national
security systems (as defined under this section) shall be developed,
prescribed, enforced, and overseen as otherwise authorized by law and as
directed by the President.
`(b) MANDATORY REQUIREMENTS-
`(1) AUTHORITY TO MAKE MANDATORY- Except as provided under paragraph
(2), the Secretary shall make standards prescribed under subsection (a)(1)
compulsory and binding to the extent determined necessary by the Secretary
to improve the efficiency of operation or security of Federal information
systems.
`(2) REQUIRED MANDATORY STANDARDS- (A) Standards prescribed under
subsection (a)(1) shall include information security standards that--
`(i) provide minimum information security requirements as determined
under section 20(b) of the National Institute of Standards and Technology
Act (15 U.S.C. 278g-3(b)); and
`(ii) are otherwise necessary to improve the security of Federal
information and information systems.
`(B) Information security standards described in subparagraph (A) shall
be compulsory and binding.
`(c) AUTHORITY TO DISAPPROVE OR MODIFY- The President may disapprove or
modify the standards and guidelines referred to in subsection (a)(1) if the
President determines such action to be in the public interest. The President's
authority to disapprove or modify such standards and guidelines may not be
delegated. Notice of such disapproval or modification shall be published
promptly in the Federal Register. Upon receiving notice of such disapproval or
modification, the Secretary of Commerce shall immediately rescind or modify
such standards or guidelines as directed by the President.
`(d) EXERCISE OF AUTHORITY- To ensure fiscal and policy consistency, the
Secretary shall exercise the authority conferred by this section subject to
direction by the President and in coordination with the Director of the Office
of Management and Budget.
`(e) APPLICATION OF MORE STRINGENT STANDARDS- The head of an executive
agency may employ standards for the cost-effective information security for
information systems within or under the supervision of that agency that are
more stringent than the standards the Secretary prescribes under this section
if the more stringent standards--
`(1) contain at least the applicable standards made compulsory and
binding by the Secretary; and
`(2) are otherwise consistent with policies and guidelines issued under
section 3543 of title 44.
`(f) DECISIONS ON PROMULGATION OF STANDARDS- The decision by the Secretary
regarding the promulgation of any standard under this section shall occur not
later than 6 months after the submission of the proposed standard to the
Secretary by the National Institute of Standards and Technology, as provided
under section 20 of the National Institute of Standards and Technology Act (15
U.S.C. 278g-3).
`(g) DEFINITIONS- In this section:
`(1) FEDERAL INFORMATION SYSTEM- The term `Federal information system'
means an information system used or operated by an executive agency, by a
contractor of an executive agency, or by another organization on behalf of
an executive agency.
`(2) INFORMATION SECURITY- The term `information security' has the
meaning given that term in section 3542(b)(1) of title 44.
`(3) NATIONAL SECURITY SYSTEM- The term `national security system' has
the meaning given that term in section 3542(b)(2) of title 44.'.
(b) CLERICAL AMENDMENT- The item relating to section 11331 in the table of
sections at the beginning of chapter 113 of such title is amended to read as
follows:
`11331. Responsibilities for Federal information systems
standards.'.
SEC. 303. NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY.
Section 20 of the National Institute of Standards and Technology Act (15
U.S.C. 278g-3), is amended by striking the text and inserting the
following:
`(a) IN GENERAL- The Institute shall--
`(1) have the mission of developing standards, guidelines, and
associated methods and techniques for information systems;
`(2) develop standards and guidelines, including minimum requirements,
for information systems used or operated by an agency or by a contractor of
an agency or other organization on behalf of an agency, other than national
security systems (as defined in section 3542(b)(2) of title 44, United
States Code); and
`(3) develop standards and guidelines, including minimum requirements,
for providing adequate information security for all agency operations and
assets, but such standards and guidelines shall not apply to national
security systems.
`(b) MINIMUM REQUIREMENTS FOR STANDARDS AND GUIDELINES- The standards and
guidelines required by subsection (a) shall include, at a minimum--
`(1)(A) standards to be used by all agencies to categorize all
information and information systems collected or maintained by or on behalf
of each agency based on the objectives of providing appropriate levels of
information security according to a range of risk levels;
`(B) guidelines recommending the types of information and information
systems to be included in each such category; and
`(C) minimum information security requirements for information and
information systems in each such category;
`(2) a definition of and guidelines concerning detection and handling of
information security incidents; and
`(3) guidelines developed in conjunction with the Department of Defense,
including the National Security Agency, for identifying an information
system as a national security system consistent with applicable requirements
for national security systems, issued in accordance with law and as directed
by the President.
`(c) DEVELOPMENT OF STANDARDS AND GUIDELINES- In developing standards and
guidelines required by subsections (a) and (b), the Institute shall--
`(1) consult with other agencies and offices and the private sector
(including the Director of the Office of Management and Budget, the
Departments of Defense and Energy, the National Security Agency, the General
Accounting Office, and the Secretary of Homeland Security) to assure--
`(A) use of appropriate information security policies, procedures, and
techniques, in order to improve information security and avoid unnecessary
and costly duplication of effort; and
`(B) that such standards and guidelines are complementary with
standards and guidelines employed for the protection of national security
systems and information contained in such systems;
`(2) provide the public with an opportunity to comment on proposed
standards and guidelines;
`(3) submit to the Secretary of Commerce for promulgation under section
11331 of title 40, United States Code--
`(A) standards, as required under subsection (b)(1)(A), no later than
12 months after the date of the enactment of this section; and
`(B) minimum information security requirements for each category, as
required under subsection (b)(1)(C), no later than 36 months after the
date of the enactment of this section;
`(4) issue guidelines as required under subsection (b)(1)(B), no later
than 18 months after the date of the enactment of this section;
`(5) to the maximum extent practicable, ensure that such standards and
guidelines do not require the use or procurement of specific products,
including any specific hardware or software;
`(6) to the maximum extent practicable, ensure that such standards and
guidelines provide for sufficient flexibility to permit alternative
solutions to provide equivalent levels of protection for identified
information security risks; and
`(7) to the maximum extent practicable, use flexible, performance-based
standards and guidelines that permit the use of off-the-shelf commercially
developed information security products.
`(d) INFORMATION SECURITY FUNCTIONS- The Institute shall--
`(1) submit standards developed pursuant to subsection (a), along with
recommendations as to the extent to which these should be made compulsory
and binding, to the Secretary of Commerce for promulgation under section
11331 of title 40, United States Code;
`(2) provide technical assistance to agencies, upon request,
regarding--
`(A) compliance with the standards and guidelines developed under
subsection (a);
`(B) detecting and handling information security incidents;
and
`(C) information security policies, procedures, and
practices;
`(3) conduct research, as needed, to determine the nature and extent of
information security vulnerabilities and techniques for providing
cost-effective information security;
`(4) develop and periodically revise performance indicators and measures
for agency information security policies and practices;
`(5) evaluate private sector information security policies and practices
and commercially available information technologies to assess potential
application by agencies to strengthen information security;
`(6) assist the private sector, upon request, in using and applying the
results of activities under this section;
`(7) evaluate security policies and practices developed for national
security systems to assess potential application by agencies to strengthen
information security;
`(8) periodically assess the effectiveness of standards and guidelines
developed under this section and undertake revisions as appropriate;
`(9) solicit and consider the recommendations of the Information
Security and Privacy Advisory Board, established by section 21, regarding
standards and guidelines developed under subsection (a) and submit such
recommendations to the Secretary of Commerce with such standards submitted
to the Secretary; and
`(10) prepare an annual public report on activities undertaken in the
previous year, and planned for the coming year, to carry out
responsibilities under this section.
`(e) DEFINITIONS- As used in this section--
`(1) the term `agency' has the same meaning as provided in section
3502(1) of title 44, United States Code;
`(2) the term `information security' has the same meaning as provided in
section 3542(b)(1) of such title;
`(3) the term `information system' has the same meaning as provided in
section 3502(8) of such title;
`(4) the term `information technology' has the same meaning as provided
in section 11101 of title 40, United States Code; and
`(5) the term `national security system' has the same meaning as
provided in section 3542(b)(2) of title 44, United States Code.
`(f) AUTHORIZATION OF APPROPRIATIONS- There are authorized to be
appropriated to the Secretary of Commerce $20,000,000 for each of fiscal years
2003, 2004, 2005, 2006, and 2007 to enable the National Institute of Standards
and Technology to carry out the provisions of this section.'.
SEC. 304. INFORMATION SECURITY AND PRIVACY ADVISORY BOARD.
Section 21 of the National Institute of Standards and Technology Act (15
U.S.C. 278g-4), is amended--
(1) in subsection (a), by striking `Computer System Security and Privacy
Advisory Board' and inserting `Information Security and Privacy Advisory
Board';
(2) in subsection (a)(1), by striking `computer or telecommunications'
and inserting `information technology';
(3) in subsection (a)(2)--
(A) by striking `computer or telecommunications technology' and
inserting `information technology'; and
(B) by striking `computer or telecommunications equipment' and
inserting `information technology';
(4) in subsection (a)(3)--
(A) by striking `computer systems' and inserting `information system';
and
(B) by striking `computer systems security' and inserting `information
security';
(5) in subsection (b)(1) by striking `computer systems security' and
inserting `information security';
(6) in subsection (b) by striking paragraph (2) and inserting the
following:
`(2) to advise the Institute, the Secretary of Commerce, and the
Director of the Office of Management and Budget on information security and
privacy issues pertaining to Federal Government information systems,
including through review of proposed standards and guidelines developed
under section 20; and';
(7) in subsection (b)(3) by inserting `annually' after `report';
(8) by inserting after subsection (e) the following new
subsection:
`(f) The Board shall hold meetings at such locations and at such time and
place as determined by a majority of the Board.';
(9) by redesignating subsections (f) and (g) as subsections (g) and (h),
respectively; and
(10) by striking subsection (h), as redesignated by paragraph (9), and
inserting the following:
`(h) As used in this section, the terms `information system' and
`information technology' have the meanings given in section 20.'.
SEC. 305. TECHNICAL AND CONFORMING AMENDMENTS.
(a) COMPUTER SECURITY ACT- Section 11332 of title 40, United States Code,
and the item relating to that section in the table of sections for chapter 113
of such title, are repealed.
(b) FLOYD D. SPENCE NATIONAL DEFENSE AUTHORIZATION ACT FOR FISCAL YEAR
2001- The Floyd D. Spence National Defense Authorization Act for Fiscal Year
2001 (Public Law 106-398) is amended by striking section 1062 (44 U.S.C. 3531
note).
(c) PAPERWORK REDUCTION ACT- (1) Section 3504(g) of title 44, United
States Code, is amended--
(A) by adding `and' at the end of paragraph (1);
(B) in paragraph (2)--
(i) by striking `sections 11331 and 11332(b) and (c) of title 40' and
inserting `section 11331 of title 40 and subchapter II of this chapter';
and
(ii) by striking `; and' and inserting a period; and
(C) by striking paragraph (3).
(2) Section 3505 of such title is amended by adding at the end--
`(c) INVENTORY OF MAJOR INFORMATION SYSTEMS- (1) The head of each agency
shall develop and maintain an inventory of major information systems
(including major national security systems) operated by or under the control
of such agency.
`(2) The identification of information systems in an inventory under this
subsection shall include an identification of the interfaces between each such
system and all other systems or networks, including those not operated by or
under the control of the agency.
`(3) Such inventory shall be--
`(A) updated at least annually;
`(B) made available to the Comptroller General; and
`(C) used to support information resources management, including--
`(i) preparation and maintenance of the inventory of information
resources under section 3506(b)(4);
`(ii) information technology planning, budgeting, acquisition, and
management under section 3506(h), subtitle III of title 40, and related
laws and guidance;
`(iii) monitoring, testing, and evaluation of information security
controls under subchapter II;
`(iv) preparation of the index of major information systems required
under section 552(g) of title 5, United States Code; and
`(v) preparation of information system inventories required for
records management under chapters 21, 29, 31, and 33.
`(4) The Director shall issue guidance for and oversee the implementation
of the requirements of this subsection.'.
(3) Section 3506(g) of such title is amended--
(A) by adding `and' at the end of paragraph (1);
(B) in paragraph (2)--
(i) by striking `section 11332 of title 40' and inserting `subchapter
II of this chapter'; and
(ii) by striking `; and' and inserting a period; and
(C) by striking paragraph (3).
SEC. 401. AUTHORIZATION OF APPROPRIATIONS.
Except for those purposes for which an authorization of appropriations is
specifically provided in title I or II, including the amendments made by such
titles, there are authorized to be appropriated such sums as are necessary to
carry out titles I and II for each of fiscal years 2003 through 2007.
SEC. 402. EFFECTIVE DATES.
(a) TITLES I AND II-
(1) IN GENERAL- Except as provided under paragraph (2), titles I and II
and the amendments made by such titles shall take effect 120 days after the
date of enactment of this Act.
(2) IMMEDIATE ENACTMENT- Sections 207, 214, and 215 shall take effect on
the date of enactment of this Act.
(b) TITLES III AND IV- Title III and this title shall take effect on the
date of enactment of this Act.
SEC. 501. SHORT TITLE.
This title may be cited as the `Confidential Information Protection and
Statistical Efficiency Act of 2002'.
SEC. 502. DEFINITIONS.
As used in this title:
(1) The term `agency' means any entity that falls within the definition
of the term `executive agency' as defined in section 102 of title 31, United
States Code, or `agency', as defined in section 3502 of title 44, United
States Code.
(2) The term `agent' means an individual--
(A)(i) who is an employee of a private organization or a researcher
affiliated with an institution of higher learning (including a person
granted special sworn status by the Bureau of the Census under section
23(c) of title 13, United States Code), and with whom a contract or other
agreement is executed, on a temporary basis, by an executive agency to
perform exclusively statistical activities under the control and
supervision of an officer or employee of that agency;
(ii) who is working under the authority of a government entity with
which a contract or other agreement is executed by an executive agency to
perform exclusively statistical activities under the control of an officer
or employee of that agency;
(iii) who is a self-employed researcher, a consultant, a contractor,
or an employee of a contractor, and with whom a contract or other
agreement is executed by an executive agency to perform a statistical
activity under the control of an officer or employee of that agency;
or
(iv) who is a contractor or an employee of a contractor, and who is
engaged by the agency to design or maintain the systems for handling or
storage of data received under this title; and
(B) who agrees in writing to comply with all provisions of law that
affect information acquired by that agency.
(3) The term `business data' means operating and financial data and
information about businesses, tax-exempt organizations, and government
entities.
(4) The term `identifiable form' means any representation of information
that permits the identity of the respondent to whom the information applies
to be reasonably inferred by either direct or indirect means.
(5) The term `nonstatistical purpose'--
(A) means the use of data in identifiable form for any purpose that is
not a statistical purpose, including any administrative, regulatory, law
enforcement, adjudicatory, or other purpose that affects the rights,
privileges, or benefits of a particular identifiable respondent;
and
(B) includes the disclosure under section 552 of title 5, United
States Code (popularly known as the Freedom of Information Act) of data
that are acquired for exclusively statistical purposes under a pledge of
confidentiality.
(6) The term `respondent' means a person who, or organization that, is
requested or required to supply information to an agency, is the subject of
information requested or required to be supplied to an agency, or provides
that information to an agency.
(7) The term `statistical activities'--
(A) means the collection, compilation, processing, or analysis of data
for the purpose of describing or making estimates concerning the whole, or
relevant groups or components within, the economy, society, or the natural
environment; and
(B) includes the development of methods or resources that support
those activities, such as measurement methods, models, statistical
classifications, or sampling frames.
(8) The term `statistical agency or unit' means an agency or
organizational unit of the executive branch whose activities are
predominantly the collection, compilation, processing, or analysis of
information for statistical purposes.
(9) The term `statistical purpose'--
(A) means the description, estimation, or analysis of the
characteristics of groups, without identifying the individuals or
organizations that comprise such groups; and
(B) includes the development, implementation, or maintenance of
methods, technical or administrative procedures, or information resources
that support the purposes described in subparagraph (A).
SEC. 503. COORDINATION AND OVERSIGHT OF POLICIES.
(a) IN GENERAL- The Director of the Office of Management and Budget shall
coordinate and oversee the confidentiality and disclosure policies established
by this title. The Director may promulgate rules or provide other guidance to
ensure consistent interpretation of this title by the affected agencies.
(b) AGENCY RULES- Subject to subsection (c), agencies may promulgate rules
to implement this title. Rules governing disclosures of information that are
authorized by this title shall be promulgated by the agency that originally
collected the information.
(c) REVIEW AND APPROVAL OF RULES- The Director shall review any rules
proposed by an agency pursuant to this title for consistency with the
provisions of this title and chapter 35 of title 44, United States Code, and
such rules shall be subject to the approval of the Director.
(d) REPORTS-
(1) The head of each agency shall provide to the Director of the Office
of Management and Budget such reports and other information as the Director
requests.
(2) Each Designated Statistical Agency referred to in section 522 shall
report annually to the Director of the Office of Management and Budget, the
Committee on Government Reform of the House of Representatives, and the
Committee on Governmental Affairs of the Senate on the actions it has taken
to implement sections 523 and 524. The report shall include copies of each
written agreement entered into pursuant to section 524(a) for the applicable
year.
(3) The Director of the Office of Management and Budget shall include a
summary of reports submitted to the Director under paragraph (2) and actions
taken by the Director to advance the purposes of this title in the annual
report to the Congress on statistical programs prepared under section
3504(e)(2) of title 44, United States Code.
SEC. 504. EFFECT ON OTHER LAWS.
(a) TITLE 44, UNITED STATES CODE- This title, including amendments made by
this title, does not diminish the authority under section 3510 of title 44,
United States Code, of the Director of the Office of Management and Budget to
direct, and of an agency to make, disclosures that are not inconsistent with
any applicable law.
(b) TITLE 13 AND TITLE 44, UNITED STATES CODE- This title, including
amendments made by this title, does not diminish the authority of the Bureau
of the Census to provide information in accordance with sections 8, 16, 301,
and 401 of title 13, United States Code, and section 2108 of title 44, United
States Code.
(c) TITLE 13, UNITED STATES CODE- This title, including amendments made by
this title, shall not be construed as authorizing the disclosure for
nonstatistical purposes of demographic data or information collected by the
Census Bureau pursuant to section 9 of title 13, United States Code.
(d) VARIOUS ENERGY STATUTES- Data or information acquired by the Energy
Information Administration under a pledge of confidentiality and designated by
the Energy Information Administration to be used for exclusively statistical
purposes shall not be disclosed in identifiable form for nonstatistical
purposes under--
(1) section 12, 20, or 59 of the Federal Energy Administration Act of
1974 (15 U.S.C. 771, 779, 790h);
(2) section 11 of the Energy Supply and Environmental Coordination Act
of 1974 (15 U.S.C. 796); or
(3) section 205 or 407 of the Department of the Energy Organization Act
of 1977 (42 U.S.C. 7135, 7177).
(e) SECTION 201 OF CONGRESSIONAL BUDGET ACT OF 1974- This title, including
amendments made by this title, shall not be construed to limit any authorities
of the Congressional Budget Office to work (consistent with laws governing the
confidentiality of information the disclosure of which would be a violation of
law) with databases of Designated Statistical Agencies (as defined in section
522), either separately or, for data that may be shared pursuant to section
524 of this title or other authority, jointly in order to improve the general
utility of these databases for the statistical purpose of analyzing pension
and health care financing issues.
(f) PREEMPTION OF STATE LAW- Nothing in this title shall preempt
applicable State law regarding the confidentiality of data collected by the
States.
(g) STATUTES REGARDING FALSE STATEMENTS- Notwithstanding section 512,
information collected by an agency for exclusively statistical purposes under
a pledge of confidentiality may be provided by the collecting agency to a law
enforcement agency for the prosecution of submissions to the collecting agency
of false statistical information under statutes that authorize criminal
penalties (such as section 221 of title 13, United States Code) or civil
penalties for the provision of false statistical information, unless such
disclosure or use would otherwise be prohibited under Federal law.
(h) CONSTRUCTION- Nothing in this title shall be construed as restricting
or diminishing any confidentiality protections or penalties for unauthorized
disclosure that otherwise apply to data or information collected for
statistical purposes or nonstatistical purposes, including, but not limited
to, section 6103 of the Internal Revenue Code of 1986 (26 U.S.C. 6103).
(i) AUTHORITY OF CONGRESS- Nothing in this title shall be construed to
affect the authority of the Congress, including its committees, members, or
agents, to obtain data or information for a statistical purpose, including for
oversight of an agency's statistical activities.
SEC. 511. FINDINGS AND PURPOSES.
(a) FINDINGS- The Congress finds the following:
(1) Individuals, businesses, and other organizations have varying
degrees of legal protection when providing information to the agencies for
strictly statistical purposes.
(2) Pledges of confidentiality by agencies provide assurances to the
public that information about individuals or organizations or provided by
individuals or organizations for exclusively statistical purposes will be
held in confidence and will not be used against such individuals or
organizations in any agency action.
(3) Protecting the confidentiality interests of individuals or
organizations who provide information under a pledge of confidentiality for
Federal statistical programs serves both the interests of the public and the
needs of society.
(4) Declining trust of the public in the protection of information
provided under a pledge of confidentiality to the agencies adversely affects
both the accuracy and completeness of statistical analyses.
(5) Ensuring that information provided under a pledge of confidentiality
for statistical purposes receives protection is essential in continuing
public cooperation in statistical programs.
(b) PURPOSES- The purposes of this subtitle are the following:
(1) To ensure that information supplied by individuals or organizations
to an agency for statistical purposes under a pledge of confidentiality is
used exclusively for statistical purposes.
(2) To ensure that individuals or organizations who supply information
under a pledge of confidentiality to agencies for statistical purposes will
neither have that information disclosed in identifiable form to anyone not
authorized by this title nor have that information used for any purpose
other than a statistical purpose.
(3) To safeguard the confidentiality of individually identifiable
information acquired under a pledge of confidentiality for statistical
purposes by controlling access to, and uses made of, such information.
SEC. 512. LIMITATIONS ON USE AND DISCLOSURE OF DATA AND INFORMATION.
(a) USE OF STATISTICAL DATA OR INFORMATION- Data or information acquired
by an agency under a pledge of confidentiality and for exclusively statistical
purposes shall be used by officers, employees, or agents of the agency
exclusively for statistical purposes.
(b) DISCLOSURE OF STATISTICAL DATA OR INFORMATION-
(1) Data or information acquired by an agency under a pledge of
confidentiality for exclusively statistical purposes shall not be disclosed
by an agency in identifiable form, for any use other than an exclusively
statistical purpose, except with the informed consent of the
respondent.
(2) A disclosure pursuant to paragraph (1) is authorized only when the
head of the agency approves such disclosure and the disclosure is not
prohibited by any other law.
(3) This section does not restrict or diminish any confidentiality
protections in law that otherwise apply to data or information acquired by
an agency under a pledge of confidentiality for exclusively statistical
purposes.
(c) RULE FOR USE OF DATA OR INFORMATION FOR NONSTATISTICAL PURPOSES- A
statistical agency or unit shall clearly distinguish any data or information
it collects for nonstatistical purposes (as authorized by law) and provide
notice to the public, before the data or information is collected, that the
data or information could be used for nonstatistical purposes.
(d) DESIGNATION OF AGENTS- A statistical agency or unit may designate
agents, by contract or by entering into a special agreement containing the
provisions required under section 502(2) for treatment as an agent under that
section, who may perform exclusively statistical activities, subject to the
limitations and penalties described in this title.
SEC. 513. FINES AND PENALTIES.
Whoever, being an officer, employee, or agent of an agency acquiring
information for exclusively statistical purposes, having taken and subscribed
the oath of office, or having sworn to observe the limitations imposed by
section 512, comes into possession of such information by reason of his or her
being an officer, employee, or agent and, knowing that the disclosure of the
specific information is prohibited under the provisions of this title,
willfully discloses the information in any manner to a person or agency not
entitled to receive it, shall be guilty of a class E felony and imprisoned for
not more than 5 years, or fined not more than $250,000, or both.
SEC. 521. FINDINGS AND PURPOSES.
(a) FINDINGS- The Congress finds the following:
(1) Federal statistics are an important source of information for public
and private decision-makers such as policymakers, consumers, businesses,
investors, and workers.
(2) Federal statistical agencies should continuously seek to improve
their efficiency. Statutory constraints limit the ability of these agencies
to share data and thus to achieve higher efficiency for Federal statistical
programs.
(3) The quality of Federal statistics depends on the willingness of
businesses to respond to statistical surveys. Reducing reporting burdens
will increase response rates, and therefore lead to more accurate
characterizations of the economy.
(4) Enhanced sharing of business data among the Bureau of the Census,
the Bureau of Economic Analysis, and the Bureau of Labor Statistics for
exclusively statistical purposes will improve their ability to track more
accurately the large and rapidly changing nature of United States business.
In particular, the statistical agencies will be able to better ensure that
businesses are consistently classified in appropriate industries, resolve
data anomalies, produce statistical samples that are consistently adjusted
for the entry and exit of new businesses in a timely manner, and correct
faulty reporting errors quickly and efficiently.
(5) The Congress enacted the International Investment and Trade in
Services Act of 1990 that allowed the Bureau of the Census, the Bureau of
Economic Analysis, and the Bureau of Labor Statistics to share data on
foreign-owned companies. The Act not only expanded detailed industry
coverage from 135 industries to over 800 industries with no increase in the
data collected from respondents but also demonstrated how data sharing can
result in the creation of valuable data products.
(6) With subtitle A of this title, the sharing of business data among
the Bureau of the Census, the Bureau of Economic Analysis, and the Bureau of
Labor Statistics continues to ensure the highest level of confidentiality
for respondents to statistical surveys.
(b) PURPOSES- The purposes of this subtitle are the following:
(1) To authorize the sharing of business data among the Bureau of the
Census, the Bureau of Economic Analysis, and the Bureau of Labor Statistics
for exclusively statistical purposes.
(2) To reduce the paperwork burdens imposed on businesses that provide
requested information to the Federal Government.
(3) To improve the comparability and accuracy of Federal economic
statistics by allowing the Bureau of the Census, the Bureau of Economic
Analysis, and the Bureau of Labor Statistics to update sample frames,
develop consistent classifications of establishments and companies into
industries, improve coverage, and reconcile significant differences in data
produced by the three agencies.
(4) To increase understanding of the United States economy, especially
for key industry and regional statistics, to develop more accurate measures
of the impact of technology on productivity growth, and to enhance the
reliability of the Nation's most important economic indicators, such as the
National Income and Product Accounts.
SEC. 522. DESIGNATION OF STATISTICAL AGENCIES.
For purposes of this subtitle, the term `Designated Statistical Agency'
means each of the following:
(1) The Bureau of the Census of the Department of Commerce.
(2) The Bureau of Economic Analysis of the Department of Commerce.
(3) The Bureau of Labor Statistics of the Department of Labor.
SEC. 523. RESPONSIBILITIES OF DESIGNATED STATISTICAL AGENCIES.
The head of each of the Designated Statistical Agencies shall--
(1) identify opportunities to eliminate duplication and otherwise reduce
reporting burden and cost imposed on the public in providing information for
statistical purposes;
(2) enter into joint statistical projects to improve the quality and
reduce the cost of statistical programs; and
(3) protect the confidentiality of individually identifiable information
acquired for statistical purposes by adhering to safeguard principles,
including--
(A) emphasizing to their officers, employees, and agents the
importance of protecting the confidentiality of information in cases where
the identity of individual respondents can reasonably be inferred by
either direct or indirect means;
(B) training their officers, employees, and agents in their legal
obligations to protect the confidentiality of individually identifiable
information and in the procedures that must be followed to provide access
to such information;
(C) implementing appropriate measures to assure the physical and
electronic security of confidential data;
(D) establishing a system of records that identifies individuals
accessing confidential data and the project for which the data were
required; and
(E) being prepared to document their compliance with safeguard
principles to other agencies authorized by law to monitor such
compliance.
SEC. 524. SHARING OF BUSINESS DATA AMONG DESIGNATED STATISTICAL
AGENCIES.
(a) IN GENERAL- A Designated Statistical Agency may provide business data
in an identifiable form to another Designated Statistical Agency under the
terms of a written agreement among the agencies sharing the business data that
specifies--
(1) the business data to be shared;
(2) the statistical purposes for which the business data are to be
used;
(3) the officers, employees, and agents authorized to examine the
business data to be shared; and
(4) appropriate security procedures to safeguard the confidentiality of
the business data.
(b) RESPONSIBILITIES OF AGENCIES UNDER OTHER LAWS- The provision of
business data by an agency to a Designated Statistical Agency under this
subtitle shall in no way alter the responsibility of the agency providing the
data under other statutes (including section 552 of title 5, United States
Code (popularly known as the Freedom of Information Act), and section 552b of
title 5, United States Code (popularly known as the Privacy Act of 1974)) with
respect to the provision or withholding of such information by the agency
providing the data.
(c) RESPONSIBILITIES OF OFFICERS, EMPLOYEES, AND AGENTS- Examination of
business data in identifiable form shall be limited to the officers,
employees, and agents authorized to examine the individual reports in
accordance with written agreements pursuant to this section. Officers,
employees, and agents of a Designated Statistical Agency who receive data
pursuant to this subtitle shall be subject to all provisions of law, including
penalties, that relate--
(1) to the unlawful provision of the business data that would apply to
the officers, employees, and agents of the agency that originally obtained
the information; and
(2) to the unlawful disclosure of the business data that would apply to
officers, employees, and agents of the agency that originally obtained the
information.
(d) NOTICE- Whenever a written agreement concerns data that respondents
were required by law to report and the respondents were not informed that the
data could be shared among the Designated Statistical Agencies, for
exclusively statistical purposes, the terms of such agreement shall be
described in a public notice issued by the agency that intends to provide the
data. Such notice shall allow a minimum of 60 days for public comment.
SEC. 525. LIMITATIONS ON USE OF BUSINESS DATA PROVIDED BY DESIGNATED
STATISTICAL AGENCIES.
(a) USE, GENERALLY- Business data provided by a Designated Statistical
Agency pursuant to this subtitle shall be used exclusively for statistical
purposes.
(b) PUBLICATION- Publication of business data acquired by a Designated
Statistical Agency shall occur in a manner whereby the data furnished by any
particular respondent are not in identifiable form.
SEC. 526. CONFORMING AMENDMENTS.
(a) DEPARTMENT OF COMMERCE- Section 1 of the Act of January 27, 1938 (15
U.S.C. 176a) is amended by striking `The' and inserting `Except as provided in
the Confidential Information Protection and Statistical Efficiency Act of
2002, the'.
(b) TITLE 13- Chapter 10 of title 13, United States Code, is amended--
(1) by adding after section 401 the following:
`Sec. 402. Providing business data to Designated Statistical Agencies
`The Bureau of the Census may provide business data to the Bureau of
Economic Analysis and the Bureau of Labor Statistics (`Designated Statistical
Agencies') if such information is required for an authorized statistical
purpose and the provision is the subject of a written agreement with that
Designated Statistical Agency, or their successors, as defined in the
Confidential Information Protection and Statistical Efficiency Act of 2002.';
and
(2) in the table of sections for the chapter by adding after the item
relating to section 401 the following:
`402. Providing business data to Designated Statistical
Agencies.'.