[Congressional Bills 118th Congress]
[From the U.S. Government Publishing Office]
[H.R. 6256 Introduced in House (IH)]
<DOC>
118th CONGRESS
1st Session
H. R. 6256
To require that the Chief Information Officer of the Bureau of
Information Resources submit an annual report that lists all the
information technology procurement awards and contracts that were
awarded over $10,000,000.
_______________________________________________________________________
IN THE HOUSE OF REPRESENTATIVES
November 7, 2023
Mr. Baird introduced the following bill; which was referred to the
Committee on Foreign Affairs
_______________________________________________________________________
A BILL
To require that the Chief Information Officer of the Bureau of
Information Resources submit an annual report that lists all the
information technology procurement awards and contracts that were
awarded over $10,000,000.
Be it enacted by the Senate and House of Representatives of the
United States of America in Congress assembled,
SECTION 1. CYBERSECURITY PRIORITIZATION IN INFORMATION TECHNOLOGY
PROCUREMENT.
(a) Sense of Congress.--It is the sense of Congress that--
(1) the Department has not sufficiently emphasized
cybersecurity in its operations or in its procurement of
information technology, and that these shortcomings have
contributed to numerous cybersecurity incidents at the
Department; and
(2) the Department should prioritize, to the highest level
and to a greater extent than it already does, the minimization
of cybersecurity risks in its procurement of information
technology.
(b) Annual Report.--The Chief Information Officer in the Bureau of
Information Resources Management shall submit to the appropriate
congressional committees an annual report which--
(1) describes all Department information technology
procurement contracts awarded in the year prior to the issuance
of the report, including the name of the awardee and the
information technology they were contracted to procure; and
(2) for all Department information technology procurement
contracts awarded in the year prior to the issuance of the
report with contract price exceeding $10,000,000--
(A) details the cybersecurity risks which have been
or will be created by the information technology
procured or intended to be procured under the contract,
including the Department's strategy for mitigating
these risks;
(B) justifies the Department's choice to award the
contract to its particular awardee in light of those
cybersecurity risks; and
(C) justifies the Department's choice to procure
such information technology in light of those
cybersecurity risks.
(c) Definitions.--In this Act:
(1) Appropriate congressional committees.--The term
``appropriate congressional committees'' means the House
Committee on Foreign Affairs and the Senate Committee on
Foreign Relations.
(2) Cybersecurity incident.--The term ``cybersecurity
incident'' has the meaning given the term ``incident'' in
section 3552 of title 44, United States Code.
(3) Cybersecurity risk.--The term ``cybersecurity risk''
has the meaning given that term in section 2200 of the Homeland
Security Act of 2002 (6 U.S.C. 650), except that it refers
exclusively to cybersecurity risks to the Department's
information and information systems.
(4) Department.--The term ``Department'' means the United
States Department of State.
(5) Information system.--The term ``information system''
has the meaning given that term in section 3502 of title 44,
United States Code.
(6) Information technology.--The term ``information
technology'' has the meaning given that term in section 11101
of title 40, United States Code.
<all>