- TXT
-
PDF
(PDF provides a complete and accurate display of this text.)
Tip
?
115th Congress } { Rept. 115-129
HOUSE OF REPRESENTATIVES
1st Session } { Part 1
======================================================================
MODERNIZING GOVERNMENT TECHNOLOGY ACT OF 2017
_______
May 17, 2017.--Committed to the Committee of the Whole House on the
State of the Union and ordered to be printed
_______
Mr. Chaffetz, from the Committee on Oversight and Government Reform,
submitted the following
R E P O R T
[To accompany H.R. 2227]
[Including cost estimate of the Congressional Budget Office]
The Committee on Oversight and Government Reform, to whom
was referred the bill (H.R. 2227) to modernize Government
information technology, and for other purposes, having
considered the same, report favorably thereon without amendment
and recommend that the bill do pass.
CONTENTS
Page
Committee Statement and Views.................................... 1
Section-by-Section............................................... 10
Explanation of Amendments........................................ 15
Committee Consideration.......................................... 15
Roll Call Votes.................................................. 15
Application of Law to the Legislative Branch..................... 15
Statement of Oversight Findings and Recommendations of the
Committee...................................................... 15
Statement of General Performance Goals and Objectives............ 15
Duplication of Federal Programs.................................. 16
Disclosure of Directed Rule Makings.............................. 16
Federal Advisory Committee Act................................... 16
Unfunded Mandate Statement....................................... 16
Earmark Identification........................................... 16
Committee Estimate............................................... 16
Budget Authority and Congressional Budget Office Cost Estimate... 16
Committee Statement and Views
PURPOSE AND SUMMARY
H.R. 2227, the Modernizing Government Technology (MGT) Act
of 2017, authorizes two types of funds for the purpose of
modernizing the federal government's legacy information
technology (IT) and to incentivize IT savings in federal
agencies. The bill authorizes all Chief Financial Officer (CFO)
Act agencies to establish agency-specific IT modernization
funds and the U.S. Office of Management and Budget (OMB) to
oversee a government-wide IT modernization fund in the U.S.
Department of Treasury to be administered by the General
Services Administration (GSA).
BACKGROUND AND NEED FOR LEGISLATION
H.R. 2227, the Modernizing Government Technology (MGT) Act
of 2017, is the culmination of the Committee's oversight work
in the 114th and 115th Congresses, including hearings and
reporting on legacy IT, and an investigation by the Committee
into a federal agency data breach.
GAO 2015 High Risk Report. On February 11, 2015, the
Committee held a hearing on the U.S. Government Accountability
Office's (GAO) 2015 High-Risk Series report. For the first
time, GAO had added ``Improving the Management of IT
Acquisitions and Operations'' to its biannual ``High Risk''
list.\1\ The 2015 GAO High-Risk Series report highlighted
several general areas of concern it deemed critical to
improving IT acquisition and realizing cost savings, including
IT spending on operations and maintenance (O&M). GAO found that
agencies spent over $80 billion annually on IT investments, but
over 75 percent of the $80 billion went towards operations and
maintenance of legacy IT. Because there is an increasing amount
of O&M funding spent on legacy programs, less funding is
available for development.
---------------------------------------------------------------------------
\1\Gov't Accountability Office, GAO-15-290, 2015 GAO High Risk
Series: An Update (2015).
---------------------------------------------------------------------------
Legacy IT in 2015
In December 2015, the Committee sent a bipartisan and
bicameral letter to agencies requesting information from
agencies on (1) mission-critical systems in need of
modernization; (2) oldest programming languages in use; (3) top
five oldest IT hardware/infrastructure in use; (4) unsupported
software and operating systems; (5) the number of
decommissioned legacy systems over the last five years; and (6)
IT staffing information.\2\
---------------------------------------------------------------------------
\2\Letter from the Hon. Jason Chaffetz, Chairman, H. Comm. on
Oversight & Gov't Reform, Hon. Ron Johnson, Chairman, S. Comm. on
Homeland Security & Gov't Affairs, et. al, to federal agencies (Dec.
22, 2015) (letter and agency responses on file with the Committee).
---------------------------------------------------------------------------
Mission Critical Systems in Need of Modernization.
Generally, agencies provided dates for modernizing mission
critical systems in need of modernization, but five agencies
declined to provide this information for all systems
identified. Agencies also reported spending a total of nearly
$23 billion in O&M costs on these systems over the last three
years.
Oldest Programming Languages. Agencies reported over 930
million lines of code using more than 70 legacy programming
languages. Those included: 424 million lines of 2000-era Active
Server Pages code; 156 million lines of 1960s-era Common
Business Oriented Language code; 136 million lines of 1960s-era
Fortran code; and 62 million lines of 1970s to 2000-era C, C++,
and C#.\3\ The Committee learned that NASA alone uses 51
different programming languages.\4\ Agencies reported the
languages requiring the most staff to support were COBOL, with
1,085 employees, and Fortran, with 613 employees.
---------------------------------------------------------------------------
\3\Id.
\4\Id.
---------------------------------------------------------------------------
Infrastructure/Hardware in Need of Modernization. Ten
agencies did not indicate a planned date for modernizing or
replacing at least one outdated IT component.
Unsupported Software and Operating Systems. Agencies
reported over 550 unsupported systems or software applications.
The oldest reported unsupported software is a Fortran compiler
that was last supported in 1991. Agencies also reported still
using Windows 3.1 (released in 1992 and last supported by
Microsoft in 2001), Windows NT (released in 1993 and last
supported by the vendor in 2004), Windows 95 (released in 1995
and last supported by the vendor in 2001), and Windows XP (last
supported in 2014 and released in 2001). The Department of
Treasury (Treasury) reported the largest number of unsupported
software applications and operating systems at 121. DOD only
reported two unsupported operating systems--Windows XP and
Windows Server 2003.
IT Staff. Agencies reported 244,000 IT staff, including
federal employees and contractors. Based on the total number of
IT staff reported to the Committee, DOD employs 74 percent of
the reported IT staff across the federal government. The
Department of Veterans Affairs (VA) reported 13,036 IT staff,
over five times the IT staff at NASA. Twelve agencies did not
or were not able to provide details on contractor staff.
Finally, the average age of IT staff reported to the Committee
was 49.4 years old.
Legacy IT in 2016
In March 2017, the Committee sent a follow up letter to all
CFO Act agencies requesting similar and updated information to
the 2015 letter.\5\ A preliminary analysis of the information
received from 14 agencies indicates that agencies continue to
operate numerous outdated and insecure mission critical
systems, use legacy programming languages with millions of
lines of code, and deploy unsupported operating systems and
software.
---------------------------------------------------------------------------
\5\Letter from the Hon. Jason Chaffetz, Chairman, and Hon. Elijah
E. Cummings, Ranking Member, H. Comm. on Oversight & Gov't Reform,
Reps. Mark Meadows, Will Hurd, Gerry Connolly, Robin Kelly; and Senator
Ron Johnson, Chairman, and Senator Claire McCaskill, Ranking Member, S.
Comm. on Homeland Security and Gov't Affairs and Senators Jerry Moran,
and Ton Udall to federal agencies (March 13, 2017) (Letter and agency
responses on file with the Committee).
---------------------------------------------------------------------------
Mission Critical Systems in Need of Modernization. Six
mission-critical systems were retired or modernized: DOD's Army
Rock Island Arsenal Joint Manufacturing and Technology Center
Manufacturing Execution System, DOD's Army Active Guard and
Reserve Management Information System, the Department of
Education's (Education) Direct Loan Consolidation System
(DLCS), the General Services Administration's (GSA) Electronic
Acquisition System (EAS)/Comprizon, GSA's National Electronic
Accounting and Reporting (NEAR), and the Small Business
Administration (SBA) Email Migration.
Oldest Programming Languages. COBOL is still the most-
reported legacy language. The average obligations for
supporting legacy programming languages over the past three
years was over $22 billion, among those reporting.
Infrastructure/Hardware in Need of Modernization. The 14
agencies identified 19 mission critical types of infrastructure
or hardware that need to be modernized. Of the 19
infrastructure or hardware items, six also contain Personally
Identifiable Information (PII).
Unsupported Software and Operating Systems. In 2016,
agencies reported a total of 555 unsupported systems or
software. In 2017, Education reported a decrease from 56 to
seven. NASA has reported an increase from 95 to 192.
GAO Report and Committee Hearing on Legacy IT. On May 25,
2016, the Committee held a hearing, ``Federal Agencies'
Reliance on Outdated and Unsupported Information Technology: A
Ticking Time Bomb,'' to discuss legacy IT and the GAO findings
in a report entitled, ``Federal Agencies Need to Address Aging
Legacy Systems.''\6\ The Report assessed 26 agencies' IT O&M
spending plans for Fiscal Year (FY) 2010 through 2017 and
reviewed in detail the IT spending and individual investments
for 12 of these agencies. GAO reported that the federal
government spent about 75 percent of the total annual IT budget
(over $80 billion) for FY 2015 on O&M investments and such
spending had increased over the past seven fiscal years. GAO
also reported that federal legacy IT investments are becoming
increasingly obsolete with outdated software languages and
hardware parts that are not supported.
---------------------------------------------------------------------------
\6\Gov't Accountability Office, GAO-16-468, Federal Agencies Need
to Address Aging Legacy Systems (2016).
---------------------------------------------------------------------------
The following are key GAO findings from the report: (1)
5,233 of approximately 7,000 federal IT investments are
spending all of their funds on O&M activities; (2) O&M spending
has increased over the past seven fiscal years; and (3) In FY
2015, the top ten IT investments were in O&M spending totaling
$12.5 billion, including $4.38 billion by HHS for the Centers
for Medicare and Medicaid Services' Medicate Management
Information System, and $1.25 billion by DOD for the Defense
Information Systems Network.
Outdated Programming Languages and Unsupported Hardware.
GAO also reported that federal legacy IT investments are
becoming increasingly obsolete with outdated software languages
and hardware parts no longer supported by the original vendor.
GAO found several agencies (including the U.S. Department of
Agriculture, the Department of Homeland Security, HHS, the
Department of Justice, Treasury, and VA) reported using COBOL
to program legacy systems. COBOL was first developed in the
late 1950s and early 1960s. GAO also noted that all of the 12
agencies selected for detailed review reported using
unsupported operating systems and components in their FY 2014
Federal Information Security Management Act (FISMA) reports.
According to GAO, the following Departments also reported using
1980s and 1990s Microsoft operating systems that have not been
supported by the vendor in almost ten years: the Department of
Commerce, DOD, Treasury, HHS, and VA.
The GAO report provided examples of legacy investments and
systems over 50 years old.\7\ For example, the IRS reported
that the Individual Master File (IMF), which is the
authoritative data source for individual taxpayer information,
is over 50 years old. According to the IRS Chief Information
Office (CIO), the IRS is working to modernize the IMF and has
developed a process to translate Assembly code to Java to
facilitate this modernization.\8\
---------------------------------------------------------------------------
\7\Some of these systems and investments may have individual
components newer than the age reported by the agency.
\8\Committee staff call with Terry Milholland, IRS CIO (May 19,
2016).
---------------------------------------------------------------------------
In another example, the DOD reported that its Strategic
Automated Command and Control System is over 50 years old. This
system coordinates the operational functions of the U.S.
nuclear forces and is run on an IBM Series/1 computer (from the
1970s) and uses eight-inch floppy disks. GAO noted that the 8-
inch floppy disk was first introduced in the 1970s and only
holds 80 kilobytes of data. A single modern flash drive can
hold the same amount of data as 3.2 million floppy disks. DOD
is modernizing this system with updated data storage, port
expansion, portable terminals, and desktop terminals with
completion scheduled at the end of FY 2017.
Modernization Planning for O&M Investments. GAO examined
several O&M investments that agency CIOs rated as moderate or
high risk to determine whether agencies had replacement or
modernization plans. GAO found that of the 23 O&M investments
they reviewed, agencies did have plans to replace or modernize
19 of these investments. GAO acknowledged these plans but
challenged the quality of these plans for 12 of the 19 O&M
investments because the plans were general or tentative and did
not provide specific timelines, activities to be performed, or
functions to be replaced or enhanced. For example, GAO
identified two O&M investments for HHS with moderate risk
ratings (Centers for Medicare and Medicaid Services Medicare
Appeals System (moderate) and Trusted Internet Connection
Investment (moderate) where HHS has general modernization plans
that lacked detail.
GAO reported that OMB has recognized the upward trend in
O&M spending and has attributed this trend to several factors,
including: (1) O&M activities require maintaining legacy
hardware, which costs more over time; (2) costs to maintain
applications and systems that use older programming languages
have increased since programmers with these skills are
increasingly rare and more expensive; and (3) often when there
is uncertainty as to how to characterize spending, agencies opt
to characterize such investments as O&M because these attract
less oversight, require less documentation, and have a lower
risk of reduced funding.
Chairman Chaffetz on Legacy IT. During the May 25, 2016
Committee hearing on legacy IT, Chairman Chaffetz noted:
Federal agencies spend over $80 billion--$80
billion--annually on IT, and it largely doesn't work.
With the majority of this spending focused on
maintaining and operating legacy systems, this is
obviously a major concern for the United States
Congress and the operation of the Federal Government.
Such spending on legacy IT results in higher costs
and security vulnerabilities where old software and
operating systems are no longer supported by vendors.
The federal government is years, and in some cases
decades, behind the private sector.\9\
---------------------------------------------------------------------------
\9\Federal Agencies' Reliance on Outdated and Unsupported
Information Technology: A Ticking Time Bomb Hearing Before the H. Comm.
on Oversight & Gov't Reform, 114th Cong. (May 25, 2016).
Chairman Chaffetz added, ``[W]e have a long way to go to
get from COBOL to the cloud, but I am committed to helping us
get there.''\10\
---------------------------------------------------------------------------
\10\Id.
---------------------------------------------------------------------------
Testimony of the Federal CIO. On May 25, 2016, in testimony
before the Committee, then-federal CIO Tony Scott outlined the
challenges associated with legacy IT, described actions the
Administration had taken to address this problem, and explained
how an IT Modernization Fund (ITMF) could improve the
situation.\11\ Mr. Scott said legacy IT poses significant
security and operations risks and said, ``Absent timely action,
the cost to operate and maintain legacy systems, as well as
security vulnerabilities and other risks, will continue to
grow.'' Mr. Scott also described the advantages of the proposed
ITMF process by saying it was analogous to a corporate capital
committee in the private sector where IT investments are
presented with a viable business case that demonstrates
improved performance and lower costs for approval.
---------------------------------------------------------------------------
\11\Id.
---------------------------------------------------------------------------
OPM Data Breach Lessons Learned and Legacy IT
Recommendation. In September 2016, a report of the majority
Committee staff, entitled The OPM Data Breach: How the
Government Jeopardized Our National Security for More than a
Generation, included a recommendation to ``modernize existing
legacy federal information technology assets.'' Based on the
investigation of the OPM data breach, the report found ``there
is a pressing need for federal agencies to modernize legacy IT
in order to mitigate the cybersecurity threat inherent in
unsupported, end of life IT systems and applications.''\12\ The
report illustrated this need for modernization by noting that
OPM said their legacy systems were often not capable of
accepting certain types of encryption.\13\
---------------------------------------------------------------------------
\12\H. Comm. on Oversight & Gov't Reform Majority Staff, The OPM
Data Breach: How the Government Jeopardized Our National Security for
More Than a Generation 19 (2016).
\13\Id. at 25.
---------------------------------------------------------------------------
As a consequence, the report recommended that ``[f]ederal
agencies should utilize existing tools and Congress should
consider new tools to incentivize the transition from legacy to
modernized IT solutions.'' The report noted that ``[s]uch
reliance on legacy IT can result in security vulnerabilities
where old software or operating systems are no longer supported
by vendors and aging IT infrastructure becomes difficult and
expensive to secure.''\14\ H.R. 2227 authorizes new funding
tools to jumpstart agency IT modernization efforts and
incentivize agencies to realize cost savings through
modernization.
---------------------------------------------------------------------------
\14\Id.
---------------------------------------------------------------------------
Federal Agency Legacy IT Oversight and Related Developments
in the 115th Congress. On March 27, 2017, President Donald J.
Trump announced the creation of the White House Office of
American Innovation (OAI). The OAI will make recommendations to
the President on policies and plans that improve government
operations and services, improve the quality of life for
Americans now and in the future, and spur job creation.\15\
---------------------------------------------------------------------------
\15\Press Release, the White House, President Donald J. Trump
Announces the White House Office of American Innovation (OAI) (Mar. 27,
2017), available at https://www.whitehouse.gov/the-press-office/2017/
03/27/president-donald-j-trump-announces-white-house-office-american.
---------------------------------------------------------------------------
In response to introduction of the MGT Act on April 28,
2017, Reed Cordish and Chris Liddell, Assistants to the
President and leaders of OAI, stated:
We are excited about today's introduction of the
Modernizing Government Technology Act; this important
bipartisan work, led by Rep. Will Hurd and Rep. Steny
Hoyer, will enable significant progress to be made
towards creating a more effective, efficient, and
accountable government for all Americans.\16\
---------------------------------------------------------------------------
\16\Hurd to Introduce Revised IT Modernization Bill with White
House Support, NextGov, Apr. 28, 2017, http://www.nextgov.com/cio-
briefing/2017/04/hurd-introduce-revised-it-modernization-bill-white-
house-support/137420/.
On March 28, 2017, the Subcommittee on Information
Technology and the Subcommittee on Government Operations held a
joint hearing, ``Reviewing Challenges in Federal IT
Acquisition'' to discuss challenges in the current federal IT
acquisition system, best practices from the private sector, and
areas for IT acquisition reform. The Subcommittees heard
testimony from a panel of witnesses that outlined some of the
fiscal and security challenges posed by legacy IT, including
former CIO for the IRS, Richard Spires.
Spires recommended the Committee reintroduce and enact the
MGT Act and stated:
There are significant benefits for Agencies in having
such budget flexibility, thus enabling them to shift
resources saved through IT efficiencies into funding
new modernization initiatives that have direct mission
delivery impact. Further, having multi-year funding
capability via a [working capital fund] enables program
managers to more effectively plan and resource a
program over multiple fiscal years.\17\
---------------------------------------------------------------------------
\17\Statement of Richard Spires, Former Chief Information Officer
of the U.S. Department of Homeland Security and the Internal Revenue
Service, Hearing Before the H. Comm. on Oversight & Gov't Reform, 114th
Cong. (Mar. 28, 2017).
On May 1, 2017, President Donald J. Trump signed an
Executive Order (EO) establishing the American Technology
Council to ``coordinate the vision, strategy and direction'' of
IT across government and provide advice regarding its use. The
EO states, ``Americans deserve better digital services from
their Government. To effectuate this policy, the federal
government must transform and modernize its information
technology and how it uses and delivers digital services.''\18\
---------------------------------------------------------------------------
\18\Presidential Executive Order on the Establishment of the
American Technology Council, May 1, 2017, https://www.whitehouse.gov/
the-press-office/2017/05/01/presidential-executive-order-establishment-
american-technology-council.
---------------------------------------------------------------------------
On May 11, 2017, President Donald J. Trump signed an
Executive Order (EO) on ``Strengthening the Cybersecurity of
Federal Networks and Critical Infrastructure.''\19\ The EO
states:
---------------------------------------------------------------------------
\19\Presidential Executive Order on Strengthening the Cybersecurity
of Federal Networks and Critical Infrastructure, May 11, 2017, https://
www.whitehouse.gov/the-press-office/2017/05/11/presidential-executive-
order-strengthening-cybersecurity-federal.
(i) The executive branch has for too long accepted
antiquated and difficult-to-defend IT.
(ii) Effective risk management involves more than
just protecting IT and data currently in place. It also
requires planning so that maintenance, improvements,
and modernization occur in a coordinated way and with
appropriate regularity.\20\
---------------------------------------------------------------------------
\20\Id.
The EO directs the Director of the American Technology
Council to coordinate and complete within 90 days a report to
the President from the Secretary of Homeland Security, the
Director of OMB, and the Administrator of General Services, in
consultation with the Secretary of Commerce, as appropriate,
regarding modernization of federal IT.
Case Studies and Cost Saving Opportunities. In July 2016,
OMB conducted an IT modernization case study and found that the
majority of agencies who moved to cloud-based collaboration
solutions experienced cost savings after only several years of
investment. Larger agencies like DOJ invested $19 million in IT
modernization and achieved subsequent savings of $10 million
per year.
Additionally, the National Oceanic and Atmospheric
Administration (NOAA) was able to migrate to Google Apps within
six months and decommission its legacy servers over the next
two years to achieve $3.1 million in cost savings. GSA reported
that after migration ``added value was immediately
apparent''\21\ with improved productivity and communication,
resulting in $3.7 million per year in savings. Overall,
agencies were able to quickly recoup the cost of migration to
cloud-based collaboration solutions and ultimately experienced
significant cost savings.
---------------------------------------------------------------------------
\21\The Office of Mgmt & Budget, IT Modernization Case Study (July
2016).
---------------------------------------------------------------------------
Legislation to Address the Challenge of Legacy IT. In 2016,
Representative Hurd introduced H.R. 6004, the Modernizing
Government Technology Act of 2016. H.R. 6004 adopted slightly
modified language from two IT modernization bills previously
introduced in the 114th Congress. Then in the 115th Congress,
Representative Hurd introduced H.R. 2227, the Modernizing
Government Technology Act of 2017. H.R. 2227 is substantially
similar to H.R. 6004 with a few modifications.
Like H.R. 6004, H.R. 2227 authorizes all CFO Act agencies
to establish an IT modernization fund managed by the agency
CIO. However, the language was modified in H.R. 2227 to state
that agencies ``may'' establish such funds because some
agencies already have working capital funds that could be used
for IT modernization, and the Committee wanted to avoid a
duplicative requirement. The Committee believes that absent a
compelling reason, all covered agencies should establish
working capital funds for IT modernization. Creating similar
working capital fund capabilities at all covered agencies will
encourage consistency and sharing of best practices and help
avoid duplication across the federal government.
In addition, H.R. 2227 authorizes a central Technology
Modernization Fund (TMF) in the Department of Treasury to be
managed by OMB and a board of experts, with the Commissioner of
the Technology Transformation Service of GSA executing an
administrative role.
H.R. 2227 authorizes $250 million for each of fiscal years
2018 and 2019 for the TMF. The Committee views this funding as
seed money to kick start modernization efforts at agencies. The
Committee expects to see results in terms of savings and
increased security before authorizing more funding.
The TMF Board responsibilities include identifying
opportunities to improve or replace multiple IT systems with a
smaller number of IT systems common to multiple agencies. The
Committee encourages the TMF Board and the Commissioner of the
Technology Transformation Services of GSA to consult with the
federal CIO Council in their efforts to identify such
opportunities.
The Committee expects the TMF Board to focus on
modernization of existing systems when shifting to IT systems
that multiple agencies could leverage. The TMF is established
as a funding mechanism available to covered agency CIOs,
through an application process to fund IT projects that provide
substantial and direct transformation away from legacy IT
toward more efficient modernized technologies and services.
Given the critical IT needs of the federal government, the TMF
should be used solely to modernize federal IT systems. The
Committee notes that it is not intended to be within the
purview of the TMF Board to evaluate agency modernization
initiatives funded by the agency's own IT Working Capital
Funds.
H.R. 2227 clarifies the authorized uses of agency IT
modernization funds in section 3(a)(3). Section 3(a)(3)(D)
provides agencies the option to use the agency IT modernization
fund to reimburse the TMF should the agency have received such
funding through a successful application to the TMF Board. This
language makes clear that such reimbursement to the TMF may
only be made with the approval of the covered agency CIO.
Agency CIOs are expected to exercise independent judgment in
evaluating whether to use their IT modernization fund to
reimburse the TMF.
H.R. 2227 also encourages agencies to consider, to the
extent practicable, guidelines developed by OMB and the TMF
Board for purposes of evaluating IT modernization projects to
be funded by the agency IT modernization fund. This provision
is not intended to establish a mandatory requirement, but it is
intended to facilitate the sharing of best practices in
evaluating IT modernization projects.
H.R. 2227, section 3(b) and section 4(a)(7) establish
reporting requirements for individual agency IT modernization
funds and the TMF. The Committee considers these reporting
requirements essential to maintaining transparency on the use
of these funding mechanisms and expects timely updates of this
information on a public website. Further, the Committee
encourages the submission of information on cost savings for
projects funded through these mechanisms.
H.R. 2227 defines a legacy information system to mean ``an
outdated or obsolete system of information technology.'' The
Committee acknowledges this is a broad definition, but expects
covered agency CIOs and the TMF Board to prioritize
modernization of legacy IT systems that pose significant
security and operational risks. Further, a significant
indicator that an IT system is outdated or obsolete--or falls
within the definition of legacy IT systems in H.R. 2227--is
that it is no longer being supported by an original vendor or
manufacturer.
As a general matter, it should be noted that H.R. 2227
provides tools to address the challenge of legacy IT that, in
conjunction with the enhanced CIO authorities enacted in the
Federal IT Acquisition Reform Act (FITARA),\22\ should drive
agency modernization initiatives. H.R. 2227 is intended to
build on FITARA and empower and hold accountable covered agency
CIOs to pursue IT modernization. The covered agency CIO refers
to the CIO with primary authority over the full agency IT
portfolio and who reports to the agency head or senior
management of the covered agency.
---------------------------------------------------------------------------
\22\National Defense Authorization Act Fiscal Year 2015, P.L. 113-
291, Title VIII, Subtitle D (Dec. 19, 2014).
---------------------------------------------------------------------------
LEGISLATIVE HISTORY
On April 28, 2017, Representative Will Hurd (R-TX)
introduced H.R. 2227, the Modernizing Government Technology Act
of 2017, or the MGT Act with Chairman Jason Chaffetz (R-UT) and
Ranking Member Elijah E. Cummings (D-MD); Representatives
Gerald Connolly (D-VA), Robin Kelly (D-IL), Ted Lieu (D-CA), Ro
Khanna (D-CA), Derek Kilmer (D-WA), Barbara Comstock (R-VA),
Kevin Yoder (R-KS), Scott Taylor (R-VA), and Kay Granger (R-
TX). House Majority Leader Kevin McCarthy (R-CA), House
Minority Whip Steny Hoyer (D-MD), Representatives Val Butler
Demings (D-FL), Suzan DelBene (D-WA), Blake Farenthold (R-TX),
Darrell Issa (R-CA), and C.A. Dutch Ruppersberger (D-MD) also
joined as cosponsors.
On May 2, 2017, the Committee on Oversight and Government
Reform ordered H.R. 2227 favorably reported to the House by
voice vote.
In the 114th Congress, on September 13, 2016,
Representative Hurd introduced H.R. 6004, the Modernizing
Government Technology Act of 2016 with Chairman Jason Chaffetz
(R-UT), Ranking Member Elijah E. Cummings (D-MD),
Representatives Gerald Connolly (D-VA), Robin Kelly (D-IL), and
Ted Lieu (D-CA). House Majority Leader Kevin McCarthy (R-CA)
and Minority Whip Steny Hoyer (D-MD) also joined as cosponsors.
On September 15, 2016, the Committee on Oversight and
Government Reform ordered H.R. 6004 favorably reported by voice
vote, with an amendment. On September 22, 2016, the House
agreed to a motion to suspend the rules and passed H.R. 6004 by
voice vote.
Also in the 114th Congress, two related bills were
introduced that informed the text of H.R. 6004. These related
bills were: (1) H.R. 4897, the Information Technology
Modernization Act, which was introduced by Representative Hoyer
(D-MD) on April 11, 2016; and (2) H.R.5792, the Modernizing
Outdated and Vulnerable Equipment and Information Technology
Act, which was introduced by Representative Hurd on July 14,
2016.
Section-by-Section
Section 1. Short title; Table of contents
The short title of the bill is the ``Modernization
Government Technology Act of 2017.''
Section 2. Findings; Purposes
Section 2 makes findings and establishes the purposes of
the bill.
Section 2(a) finds the following: (1) the federal
government spends nearly 75 percent of its annual information
technology (IT) budget on operating and maintaining existing
legacy IT systems that can pose operational and security risks;
(2) the GAO designated improving the management of IT
acquisitions and operations to its biannual High Risk List and
identified as a particular concern the increasing level of IT
spending on Operations and Maintenance making less funding
available for development or modernization; (3) the federal
government must modernize federal IT systems to mitigate
existing operational and security risks; and (4) the
efficiencies, cost savings, and greater computing power offered
by modernized solutions, such as cloud computing have the
potential to (a) eliminate duplication and reduce costs, (b)
address the critical need for cybersecurity by design, and (c)
move the federal government into a broad, digital-services
delivery model.
Section 2(b) states the purposes of the bill are to: (1)
assist the federal government in modernizing federal IT to
mitigate current operational and security risks; (2)
incentivize cost savings in federal IT through modernization;
and (3) accelerate the acquisition and deployment of modernized
IT solutions, such as cloud computing, by addressing
impediments in the areas of funding, development, and
acquisition practices.
Section 3. Establishment of agency information technology systems
modernization and working capital funds
Section 3(a)(1) provides authority to each CFO Act agency
head to establish an information technology system
modernization and working capital fund.
Section 3(a)(2) establishes the source of funds to be
deposited in the IT working capital fund as reprogrammed and
transferred funds made available in appropriations Acts
subsequent to the date of enactment and consistent with
applicable reprogramming law and guidelines of the
Appropriations Committees; and discretionary appropriations
funding made available subsequent to the date of enactment.
Section 3(a)(3) establishes that funds from the IT working
capital fund may only be used to: (A) improve, retire, or
replace existing IT systems in the covered agency to improve
efficiency and effectiveness; (B) transition legacy IT systems
at a covered agency to cloud computing and other innovative
platforms and technologies, including those serving more than
one covered agency with common requirements; (C) assist and
support agency efforts to provide adequate, risk-based, and
cost-effective IT capabilities that address evolving threats to
information security; and (D) for reimbursement of funds
transferred to the covered agency from the Technology
Modernization Fund, established under section 4, with the
approval of the agency CIO.
Section 3(a)(4) states an IT working capital fund may not
be used to supplant funds provided for the operation and
maintenance of any system already within an appropriation for
the agency at the time the IT working capital fund is
established.
Section 3(a)(5) requires the head of each agency to
prioritize funds within the IT working capital fund to be used
initially for cost savings activities approved by the agency
CIO, in consultation with the Administrator of the Office of
Electronic Government (i.e., the federal CIO). Paragraph (5)
also authorizes the agency to reprogram and transfer any
amounts saved as a direct result of such activities for deposit
into the applicable IT working capital fund, consistent with
applicable law and guidelines of the Appropriations Committees.
Section 3(a)(6) allows any funds deposited into an IT
working capital fund to be available for obligation for three
years after the last day of the fiscal year in which such funds
were deposited.
Section 3(a)(7) requires agency CIOs, in evaluating
projects to be funded from the agency IT working capital fund,
to consider to the extent practicable guidance established by
the Office of Management and Budget (OMB), under Section
4(a)(1) for evaluating IT projects to be funded by the
Technology Modernization Fund established at Treasury, overseen
by OMB. Such guidance shall include factors such as strong
business case, technical design, procurement strategy
(including use of incremental software development practices),
and program management.
Section 3(b) requires agencies to submit one year after
enactment and every 6 months thereafter to OMB information on
the agency's use of the IT working capital fund, including a
list of IT investments funded by the fund and a summary by
fiscal year of the obligations, expenditures, and unused
balances of the fund; and requires OMB to make such information
available on a public website.
Section 3(c) defines covered agency in accordance with
section 901(b) of title 31, United States Code.
Section 4. Establishment of Technology Modernization Fund and board
Section 4(a)(1) establishes in the Treasury the Technology
Modernization Fund (TMF) for technology-related activities to
improve IT, to enhance cybersecurity across the federal
government, and to be administered in accordance with OMB
guidance.
Section 4(a)(2) authorizes the Commissioner of the
Technology Transformation Service at the General Services
Administration (GSA), in consultation with the federal CIO
Council and with the OMB Director's approval, to administer the
TMF.
Section 4(a)(3) requires that the use of TMF funds be in
accordance with the recommendations of the Board and only for
the following purposes: (A) to transfer such amounts to remain
available until expended to the head of an agency to improve,
retire, or replace existing federal IT systems to enhance
cybersecurity and improve efficiency and effectiveness; (B) for
the development, operation, and procurement of IT products,
services, and acquisition vehicles for use by agencies to
improve government-wide efficiency and cybersecurity; and (C)
to provide services or work performed in support of the
activities described in (A) and (B).
Section 4(a)(4)(A) authorizes to be appropriated to the
Fund $250 million in fiscal year 2018 and fiscal year 2019.
Section 4(a)(4)(B) authorizes the Fund to be credited with
all reimbursements, advances, or refunds or recoveries relating
to IT or services provided through the Fund.
Section 4(a)(4)(C) authorizes amounts deposited, credited,
or otherwise made available to the Fund to be available for the
purposes in Section 4(a)(3), as provided in appropriations
Acts, until expended.
Section 4(a)(5) authorizes reimbursement to the Fund by:
(A) payment by the agency for the product or services developed
in accordance with paragraph (3)(B) or (C), which shall be a
fixed amount by the Commissioner of the Technology
Transformation Service at GSA (Commissioner); and (B)
reimbursement by the agency for any Funds transferred to the
agency for purposes of IT modernization projects under
paragraph (3)(A), including any services or work performed in
support of such transfer under paragraph (3)(C) and in
accordance with the terms of the written agreement described in
Section 4(a)(6).
Section 4(a)(5)(C) authorizes the Commissioner, in
consultation with OMB, to establish the amounts to be paid by
an agency and the terms of repayment for an agency's use of
products or services developed in accordance with paragraphs
(3)(B) or (C) at levels to ensure the solvency of the Fund,
including operating expenses. The Commissioner is not
authorized to change established amounts or terms of repayment,
unless there is a review and approval from OMB.
Section 4(a)(5)(D) authorizes the Commissioner to obtain
reimbursement from the agency by issuance of transfer and
counterwarrants or other lawful transfer documents (supported
by itemized bills), if payments are not made (i) within 90 days
after expiration of a repayment period described in the written
agreement in paragraph (6); or (ii) within 45 days after the
expiration of the time period to make a payment under a payment
schedule for a product or service developed under paragraph
(3)(B).
Section 4(a)(6)(A) establishes a requirement for a written
agreement prior to the transfer of funds to an agency under
paragraph 3(A). The written agreement will document the purpose
of the funding and the terms of repayment. The written
agreement will be between the head of the agency and the
Commissioner and for a period of not more than five years,
unless approved by OMB. For any funds transferred to the agency
under paragraph 3(A), these funds shall be transferred only on
an incremental basis and will be tied to metric-based
development milestones achieved by the agency.
Section 4(a)(6)(B) requires that incremental development
practices be used for work funded by the Fund and that such
funds only be transferred on an incremental basis, tied to
metric-based development milestones achieved by the agency and
as described in the written agreement.
Section 4(a)(7) requires OMB to publish and maintain a list
of each project funded by the Fund on a public website not
later than six months after enactment and to update not less
than quarterly details of projects funded by the Fund including
a project description, project status (including schedule delay
and cost overruns), and financial expenditure data related to
the project.
Section 4(b)(1) establishes a Board to evaluate proposals
submitted by agencies for funding authorized under the Fund.
Section 4(b)(2) establishes Board responsibilities. The
Board is responsible for:
1. Providing input to OMB for the development of
processes for agencies to submit modernization
proposals to the Board and to establish the proposal
evaluation criteria by which proposals will be
evaluated. Such evaluation criteria shall include
addressing the greatest security and operational risks
having the greatest governmental-wide impact and having
a high probability of success based on factors such as
a strong business case, technical design, procurement
strategy (including adequate use of incremental
software development), and program management;
2. Making recommendations to the Commissioner to
assist agencies in the further development and
refinement of select submitted modernization proposals;
3. Reviewing and prioritizing, with OMB and the
Commissioner's assistance, modernization proposals
based upon criteria established in section 4(b)(2)(A);
4. Identifying, with the Commissioner's assistance,
opportunities to improve or replace multiple IT systems
with a smaller number of IT systems common to multiple
agencies;
5. Recommending the funding of modernization projects
in accordance with the uses described in subsection
(a)(3);
6. Monitoring, in consultation with the Commissioner,
progress and performance in executing approved Fund
projects and if necessary recommending suspension or
termination of funding based on factors such as failure
to meet the terms of a written agreement; and
7. Monitoring operating costs of the fund.
Section 4(b)(3) establishes the membership of the Board as
eight voting members.
Section 4(b)(4) establishes the Administrator of the Office
of Electronic Government, known as the federal CIO, as Chair of
the Board.
Section 4(b)(5) establishes as the permanent Board members
the Chair and a senior GSA official with technical expertise in
IT development and appointed by the GSA Administrator with OMB
approval.
Section 4(b)(6) establishes additional members of the Board
as the following: one employee from the National Protection and
Programs Directorate in the Department of Homeland Security,
appointed by the Secretary of Homeland Security; one employee
from the Department of Defense, appointed by the Secretary of
Defense; and four federal employees with technical expertise
and appointed by OMB. Additional members of the Board will
serve one-year terms renewable up to three times at the
discretion of the appointing official.
Section 4(b)(7) prohibits additional pay, allowances, or
benefits for members of the Board by reason of their services
on the Board.
Section 4(b)(8) authorizes OMB and GSA to detail on a
nonreimbursable basis any OMB or GSA personnel to the Board to
assist in carrying out the functions of the Board.
Section 4(c)(1) provides generally that the Commissioner
shall support the activities of the Board, provide technical
support to agencies that receive TMF funding, and, with the
concurrence of the Director, provide oversight of agencies that
receive TMF funding.
Section 4(c)(2) establishes specific responsibilities for
the Commissioner as the following: (A) provide direct technical
support in the form of personnel services or otherwise to
agencies that receive transferred amounts from the Fund for
subsection (a)(3)(A) and (B) activities; (B) assist the Board
with the evaluation, prioritization, and development of agency
modernization proposals; (C) perform regular project oversight
and monitoring of approved agency modernization projects, in
consultation with the Board and OMB to increase the likelihood
of successful implementation and reduce waste; and (D) provide
the Director with information necessary to fulfill reporting
requirements in subsection (a)(7), including a list of projects
funded by the Fund, on a public website to be updated not less
than quarterly with a description of the project, project
status, and financial expenditure data related to the project.
Section 4(d) defines agency in accordance with section 551
of title 5, United States Code.
Section 5. Definitions
Section 5 defines Cloud Computing, Commissioner (as the
Commissioner of the Technology Transformation Service of the
General Services Administration), Director (as Director of
OMB), Information Technology, and Legacy Information Technology
System.
Explanation of Amendments
No amendments to H.R. 2227 were offered or adopted during
Full Committee consideration of the bill.
Committee Consideration
On May 2, 2017, the Committee met in open session and
ordered favorably reported to the House, H.R. 2227, by voice
vote, a quorum being present.
Roll Call Votes
No roll call votes were requested or conducted during Full
Committee consideration of H.R. 2227.
Application of Law to the Legislative Branch
Section 102(b)(3) of Public Law 104-1 requires a
description of the application of this bill to the legislative
branch where the bill relates to the terms and conditions of
employment or access to public services and accommodations.
This bill establishes IT modernization funds at agencies and a
centralized Modernization of Government Technology Fund at the
Department of Treasury. As such, this bill does not relate to
employment or access to public services and accommodations.
Statement of Oversight Findings and Recommendations of the Committee
In compliance with clause 3(c)(1) of rule XIII and clause
(2)(b)(1) of rule X of the Rules of the House of
Representatives, the Committee's oversight findings and
recommendations are reflected in the descriptive portions of
this report.
Statement of General Performance Goals and Objectives
In accordance with clause 3(c)(4) of rule XIII of the Rules
of the House of Representatives, the Committee's performance
goal and objective of the bill is to modernize Government
information technology.
Duplication of Federal Programs
In accordance with clause 2(c)(5) of rule XIII no provision
of this bill establishes or reauthorizes a program of the
Federal Government known to be duplicative of another Federal
program, a program that was included in any report from the
Government Accountability Office to Congress pursuant to
section 21 of Public Law 111-139, or a program related to a
program identified in the most recent Catalog of Federal
Domestic Assistance.
Disclosure of Directed Rule Makings
The Committee estimates that enacting this bill does not
direct the completion of any specific rule makings within the
meaning of section 551 of title 5, United States Code.
Federal Advisory Committee Act
The Committee finds that the legislation does not establish
or authorize the establishment of an advisory committee within
the definition of Section 5(b) of the appendix to title 5 of
the United States Code.
Unfunded Mandate Statement
Section 423 of the Congressional Budget and Impoundment
Control Act (as amended by Section 101(a)(2) of the Unfunded
Mandate Reform Act, P.L. 104-4) requires a statement as to
whether the provisions of the reported include unfunded
mandates. In compliance with this requirement, the Committee
has included below a letter from the Congressional Budget
Office.
Earmark Identification
This bill does not include any congressional earmarks,
limited tax benefits, or limited tariff benefits as defined in
clause 9 of rule XXI.
Committee Estimate
Clause 3(d)(1) of rule XIII of the Rules of the House of
Representatives requires an estimate and a comparison by the
Committee of the costs that would be incurred in carrying out
this bill. However, clause 3(d)(2)(B) of that rule provides
that this requirement does not apply when the Committee has
included in its report a timely submitted cost estimate of the
bill prepared by the Director of the Congressional Budget
Office under section 402 of the Congressional Budget Act of
1974.
Budget Authority and Congressional Budget Office Cost Estimate
With respect to the requirements of clause 3(c)(2) of rule
XIII of the Rules of the House of Representatives and section
308(a) of the Congressional Budget Act of 1974 and with respect
to requirements of clause (3)(c)(3) of rule XIII of the Rules
of the House of Representatives and section 402 of the
Congressional Budget Act of 1974, the Committee has received
the following cost estimate for this bill from the Director of
Congressional Budget Office:
U.S. Congress,
Congressional Budget Office,
Washington, DC, May 12, 2017.
Hon. Jason Chaffetz,
Chairman, Committee on Oversight and Government Reform,
House of Representatives, Washington, DC.
Dear Mr. Chairman: The Congressional Budget Office has
prepared the enclosed cost estimate for H.R. 2227, the MGT Act.
If you wish further details on this estimate, we will be
pleased to provide them. The CBO staff contact is Matthew
Pickford.
Sincerely,
Keith Hall.
Enclosure.
H.R. 2227--MGT Act
Summary: H.R. 2227 would establish new budget accounts to
fund efforts to modernize government information technology
(IT) systems. The new accounts would include a working capital
fund for each major federal agency that would be used to retire
and replace older IT systems (legacy systems) and a single
government-wide technology and modernization fund to update
federal IT systems and make them more secure. H.R. 2227 also
would establish a board of managers to oversee, evaluate, and
monitor federal IT spending. Finally, H.R. 2227 would authorize
the appropriation of $250 million in each of fiscal years 2018
and 2019 to cover the costs of complying with the bill.
CBO estimates that implementing this legislation would cost
$500 million over the 2017-2022 period, assuming appropriation
of the specified amounts. CBO estimates that enacting H.R. 2227
would not affect direct spending or revenues; therefore pay-as-
you- go procedures do not apply.
CBO estimates that enacting H.R. 2227 would not increase
net direct spending or on-budget deficits in any of the four
consecutive 10-year periods beginning in 2028.
H.R. 2227 contains no intergovernmental or private-sector
mandates as defined in the Unfunded Mandates Reform Act (UMRA)
and would impose no costs on state, local, or tribal
governments.
Estimated cost to the Federal Government: The estimated
budgetary effects of H.R. 2227 are shown in the following
table. The costs of this legislation fall within all budget
functions that include IT spending.
----------------------------------------------------------------------------------------------------------------
By fiscal year, in billions of dollars--
----------------------------------------------------------------------
2017 2018 2019 2020 2021 2022 2017-2022
----------------------------------------------------------------------------------------------------------------
INCREASES IN SPENDING SUBJECT TO APPROPRIATION
Estimated Authorization Level............ 0 250 250 0 0 0 500
Estimated Outlays........................ 0 83 167 167 83 0 500
----------------------------------------------------------------------------------------------------------------
Basis of estimate: For this estimate, CBO assumes that H.R.
2227 will be enacted near the end of fiscal year 2017, that the
necessary amounts will be appropriated each year, and that
spending will follow historical spending patterns for similar
investments in IT.
H.R. 2227 would authorize the appropriation of $500 million
over two fiscal years to establish a Technology Modernization
Board and a Technology Modernization Fund. The board would
consist of eight federal employees, two from the General
Service Administration, one each from the Departments of
Defense and Homeland Security, and four appointed by the Office
of Management and Budget. The board's purpose would be to help
improve information technology and cybersecurity systems across
the government. Assuming appropriation of the authorized
amounts, CBO estimates that implementing the bill would cost
$500 million over the 2018-2022 period.
The bill also would establish IT revolving funds in each
major agency to be used to modernize information technology,
primarily by replacing legacy systems with new technology.
Individual agencies would be authorized to reprogram their
discretionary appropriations to pay for new IT systems. In
future years, any appropriated funds no longer needed to
operate legacy systems because of changes made under the bill
could be available to agencies, through the revolving funds, to
upgrade other IT systems.
Pay-As-You-Go considerations: None.
Increase in long-term direct spending and deficits: CBO
estimates that enacting H.R. 2227 would not increase net direct
spending or on-budget deficits in any of the four consecutive
10-year periods beginning in 2028.
Intergovernmental and private-sector impact: H.R. 2227
contains no intergovernmental or private-sector mandates as
defined in UMRA and would impose no costs on state, local, or
tribal governments.
Estimate prepared by: Federal Costs: Matthew Pickford;
Impact on state, local, and tribal governments: Zach Byrum;
Impact on the private-sector: Paige Piper/Bach.
Estimate approved by: H. Samuel Papenfuss, Deputy Assistant
Director for Budget Analysis.
[all]