[Congressional Bills 118th Congress]
[From the U.S. Government Publishing Office]
[H.R. 6190 Introduced in House (IH)]
<DOC>
118th CONGRESS
1st Session
H. R. 6190
To provide for cybersecurity prioritization in formation technology
procurement.
_______________________________________________________________________
IN THE HOUSE OF REPRESENTATIVES
November 2, 2023
Mr. Kean of New Jersey introduced the following bill; which was
referred to the Committee on Foreign Affairs
_______________________________________________________________________
A BILL
To provide for cybersecurity prioritization in formation technology
procurement.
Be it enacted by the Senate and House of Representatives of the
United States of America in Congress assembled,
SECTION 1. CYBERSECURITY PRIORITIZATION IN INFORMATION TECHNOLOGY
PROCUREMENT.
(a) Sense of Congress.--It is the sense of Congress that--
(1) the Department has not sufficiently emphasized
cybersecurity in its operations or in its procurement of
information technology, and that these shortcomings have
contributed to numerous cybersecurity incidents at the
Department; and
(2) the Department should prioritize, to the highest level
and to a greater extent than it already does, the minimization
of cybersecurity risks in its procurement of information
technology.
(b) Annual Report.--The Chief Information Officer in the Bureau of
Information Resources Management shall submit to the appropriate
congressional committees an annual report that--
(1) describes all Department information technology
procurement contracts awarded in the year prior to the issuance
of the report, including the name of the awardee and the
information technology they were contracted to procure;
(2) for all Department information technology procurement
contracts awarded in the year prior to the issuance of the
report with contract price exceeding $10 million--
(A) details the cybersecurity risks which have been
or will be created by the information technology
procured or intended to be procured under the contract,
including the Department's strategy for mitigating
these risks;
(B) justifies the Department's choice to award the
contract to its particular awardee in light of those
cybersecurity risks; and
(C) justifies the Department's choice to procure
such information technology in light of those
cybersecurity risks.
(c) Definitions.--In this section--
(1) the term ``appropriate congressional committees''
means--
(A) the Committee on Foreign Affairs of the House
of Representatives; and
(B) the Committee on Foreign Relations of the
Senate;
(2) the term ``cybersecurity incident'' has the meaning
given the term ``incident'' in section 3552 of title 44, United
States Code;
(3) the term ``cybersecurity risk'' has the meaning given
that term in section 2200 of the Homeland Security Act of 2002
(6 U.S.C. 650), except that such term refers exclusively to
cybersecurity risks to the Department's information and
information systems;
(4) the term ``Department'' means the Department of State;
(5) the term ``information system'' has the meaning given
that term in section 3502 of title 44, United States Code; and
(6) the term ``information technology'' has the meaning
given that term in section 11101 of title 40, United States
Code.
<all>