Report text available as:

(PDF provides a complete and accurate display of this text.) Tip?


115th Congress }                                          { Rept. 115-129
                        HOUSE OF REPRESENTATIVES
 1st Session   }                                          { Part 1

======================================================================
 
             MODERNIZING GOVERNMENT TECHNOLOGY ACT OF 2017

                                _______
                                

  May 17, 2017.--Committed to the Committee of the Whole House on the 
              State of the Union and ordered to be printed

                                _______
                                

 Mr. Chaffetz, from the Committee on Oversight and Government Reform, 
                        submitted the following

                              R E P O R T

                        [To accompany H.R. 2227]

      [Including cost estimate of the Congressional Budget Office]

    The Committee on Oversight and Government Reform, to whom 
was referred the bill (H.R. 2227) to modernize Government 
information technology, and for other purposes, having 
considered the same, report favorably thereon without amendment 
and recommend that the bill do pass.

                                CONTENTS

                                                                   Page
Committee Statement and Views....................................     1
Section-by-Section...............................................    10
Explanation of Amendments........................................    15
Committee Consideration..........................................    15
Roll Call Votes..................................................    15
Application of Law to the Legislative Branch.....................    15
Statement of Oversight Findings and Recommendations of the 
  Committee......................................................    15
Statement of General Performance Goals and Objectives............    15
Duplication of Federal Programs..................................    16
Disclosure of Directed Rule Makings..............................    16
Federal Advisory Committee Act...................................    16
Unfunded Mandate Statement.......................................    16
Earmark Identification...........................................    16
Committee Estimate...............................................    16
Budget Authority and Congressional Budget Office Cost Estimate...    16

                     Committee Statement and Views


                          PURPOSE AND SUMMARY

    H.R. 2227, the Modernizing Government Technology (MGT) Act 
of 2017, authorizes two types of funds for the purpose of 
modernizing the federal government's legacy information 
technology (IT) and to incentivize IT savings in federal 
agencies. The bill authorizes all Chief Financial Officer (CFO) 
Act agencies to establish agency-specific IT modernization 
funds and the U.S. Office of Management and Budget (OMB) to 
oversee a government-wide IT modernization fund in the U.S. 
Department of Treasury to be administered by the General 
Services Administration (GSA).

                  BACKGROUND AND NEED FOR LEGISLATION

    H.R. 2227, the Modernizing Government Technology (MGT) Act 
of 2017, is the culmination of the Committee's oversight work 
in the 114th and 115th Congresses, including hearings and 
reporting on legacy IT, and an investigation by the Committee 
into a federal agency data breach.
    GAO 2015 High Risk Report. On February 11, 2015, the 
Committee held a hearing on the U.S. Government Accountability 
Office's (GAO) 2015 High-Risk Series report. For the first 
time, GAO had added ``Improving the Management of IT 
Acquisitions and Operations'' to its biannual ``High Risk'' 
list.\1\ The 2015 GAO High-Risk Series report highlighted 
several general areas of concern it deemed critical to 
improving IT acquisition and realizing cost savings, including 
IT spending on operations and maintenance (O&M;). GAO found that 
agencies spent over $80 billion annually on IT investments, but 
over 75 percent of the $80 billion went towards operations and 
maintenance of legacy IT. Because there is an increasing amount 
of O&M; funding spent on legacy programs, less funding is 
available for development.
---------------------------------------------------------------------------
    \1\Gov't Accountability Office, GAO-15-290, 2015 GAO High Risk 
Series: An Update (2015).
---------------------------------------------------------------------------

Legacy IT in 2015

    In December 2015, the Committee sent a bipartisan and 
bicameral letter to agencies requesting information from 
agencies on (1) mission-critical systems in need of 
modernization; (2) oldest programming languages in use; (3) top 
five oldest IT hardware/infrastructure in use; (4) unsupported 
software and operating systems; (5) the number of 
decommissioned legacy systems over the last five years; and (6) 
IT staffing information.\2\
---------------------------------------------------------------------------
    \2\Letter from the Hon. Jason Chaffetz, Chairman, H. Comm. on 
Oversight & Gov't Reform, Hon. Ron Johnson, Chairman, S. Comm. on 
Homeland Security & Gov't Affairs, et. al, to federal agencies (Dec. 
22, 2015) (letter and agency responses on file with the Committee).
---------------------------------------------------------------------------
    Mission Critical Systems in Need of Modernization. 
Generally, agencies provided dates for modernizing mission 
critical systems in need of modernization, but five agencies 
declined to provide this information for all systems 
identified. Agencies also reported spending a total of nearly 
$23 billion in O&M; costs on these systems over the last three 
years.
    Oldest Programming Languages. Agencies reported over 930 
million lines of code using more than 70 legacy programming 
languages. Those included: 424 million lines of 2000-era Active 
Server Pages code; 156 million lines of 1960s-era Common 
Business Oriented Language code; 136 million lines of 1960s-era 
Fortran code; and 62 million lines of 1970s to 2000-era C, C++, 
and C#.\3\ The Committee learned that NASA alone uses 51 
different programming languages.\4\ Agencies reported the 
languages requiring the most staff to support were COBOL, with 
1,085 employees, and Fortran, with 613 employees.
---------------------------------------------------------------------------
    \3\Id.
    \4\Id.
---------------------------------------------------------------------------
    Infrastructure/Hardware in Need of Modernization. Ten 
agencies did not indicate a planned date for modernizing or 
replacing at least one outdated IT component.
    Unsupported Software and Operating Systems. Agencies 
reported over 550 unsupported systems or software applications. 
The oldest reported unsupported software is a Fortran compiler 
that was last supported in 1991. Agencies also reported still 
using Windows 3.1 (released in 1992 and last supported by 
Microsoft in 2001), Windows NT (released in 1993 and last 
supported by the vendor in 2004), Windows 95 (released in 1995 
and last supported by the vendor in 2001), and Windows XP (last 
supported in 2014 and released in 2001). The Department of 
Treasury (Treasury) reported the largest number of unsupported 
software applications and operating systems at 121. DOD only 
reported two unsupported operating systems--Windows XP and 
Windows Server 2003.
    IT Staff. Agencies reported 244,000 IT staff, including 
federal employees and contractors. Based on the total number of 
IT staff reported to the Committee, DOD employs 74 percent of 
the reported IT staff across the federal government. The 
Department of Veterans Affairs (VA) reported 13,036 IT staff, 
over five times the IT staff at NASA. Twelve agencies did not 
or were not able to provide details on contractor staff. 
Finally, the average age of IT staff reported to the Committee 
was 49.4 years old.

Legacy IT in 2016

    In March 2017, the Committee sent a follow up letter to all 
CFO Act agencies requesting similar and updated information to 
the 2015 letter.\5\ A preliminary analysis of the information 
received from 14 agencies indicates that agencies continue to 
operate numerous outdated and insecure mission critical 
systems, use legacy programming languages with millions of 
lines of code, and deploy unsupported operating systems and 
software.
---------------------------------------------------------------------------
    \5\Letter from the Hon. Jason Chaffetz, Chairman, and Hon. Elijah 
E. Cummings, Ranking Member, H. Comm. on Oversight & Gov't Reform, 
Reps. Mark Meadows, Will Hurd, Gerry Connolly, Robin Kelly; and Senator 
Ron Johnson, Chairman, and Senator Claire McCaskill, Ranking Member, S. 
Comm. on Homeland Security and Gov't Affairs and Senators Jerry Moran, 
and Ton Udall to federal agencies (March 13, 2017) (Letter and agency 
responses on file with the Committee).
---------------------------------------------------------------------------
    Mission Critical Systems in Need of Modernization. Six 
mission-critical systems were retired or modernized: DOD's Army 
Rock Island Arsenal Joint Manufacturing and Technology Center 
Manufacturing Execution System, DOD's Army Active Guard and 
Reserve Management Information System, the Department of 
Education's (Education) Direct Loan Consolidation System 
(DLCS), the General Services Administration's (GSA) Electronic 
Acquisition System (EAS)/Comprizon, GSA's National Electronic 
Accounting and Reporting (NEAR), and the Small Business 
Administration (SBA) Email Migration.
    Oldest Programming Languages. COBOL is still the most-
reported legacy language. The average obligations for 
supporting legacy programming languages over the past three 
years was over $22 billion, among those reporting.
    Infrastructure/Hardware in Need of Modernization. The 14 
agencies identified 19 mission critical types of infrastructure 
or hardware that need to be modernized. Of the 19 
infrastructure or hardware items, six also contain Personally 
Identifiable Information (PII).
    Unsupported Software and Operating Systems. In 2016, 
agencies reported a total of 555 unsupported systems or 
software. In 2017, Education reported a decrease from 56 to 
seven. NASA has reported an increase from 95 to 192.
    GAO Report and Committee Hearing on Legacy IT. On May 25, 
2016, the Committee held a hearing, ``Federal Agencies' 
Reliance on Outdated and Unsupported Information Technology: A 
Ticking Time Bomb,'' to discuss legacy IT and the GAO findings 
in a report entitled, ``Federal Agencies Need to Address Aging 
Legacy Systems.''\6\ The Report assessed 26 agencies' IT O&M; 
spending plans for Fiscal Year (FY) 2010 through 2017 and 
reviewed in detail the IT spending and individual investments 
for 12 of these agencies. GAO reported that the federal 
government spent about 75 percent of the total annual IT budget 
(over $80 billion) for FY 2015 on O&M; investments and such 
spending had increased over the past seven fiscal years. GAO 
also reported that federal legacy IT investments are becoming 
increasingly obsolete with outdated software languages and 
hardware parts that are not supported.
---------------------------------------------------------------------------
    \6\Gov't Accountability Office, GAO-16-468, Federal Agencies Need 
to Address Aging Legacy Systems (2016).
---------------------------------------------------------------------------
    The following are key GAO findings from the report: (1) 
5,233 of approximately 7,000 federal IT investments are 
spending all of their funds on O&M; activities; (2) O&M; spending 
has increased over the past seven fiscal years; and (3) In FY 
2015, the top ten IT investments were in O&M; spending totaling 
$12.5 billion, including $4.38 billion by HHS for the Centers 
for Medicare and Medicaid Services' Medicate Management 
Information System, and $1.25 billion by DOD for the Defense 
Information Systems Network.
    Outdated Programming Languages and Unsupported Hardware. 
GAO also reported that federal legacy IT investments are 
becoming increasingly obsolete with outdated software languages 
and hardware parts no longer supported by the original vendor. 
GAO found several agencies (including the U.S. Department of 
Agriculture, the Department of Homeland Security, HHS, the 
Department of Justice, Treasury, and VA) reported using COBOL 
to program legacy systems. COBOL was first developed in the 
late 1950s and early 1960s. GAO also noted that all of the 12 
agencies selected for detailed review reported using 
unsupported operating systems and components in their FY 2014 
Federal Information Security Management Act (FISMA) reports. 
According to GAO, the following Departments also reported using 
1980s and 1990s Microsoft operating systems that have not been 
supported by the vendor in almost ten years: the Department of 
Commerce, DOD, Treasury, HHS, and VA.
    The GAO report provided examples of legacy investments and 
systems over 50 years old.\7\ For example, the IRS reported 
that the Individual Master File (IMF), which is the 
authoritative data source for individual taxpayer information, 
is over 50 years old. According to the IRS Chief Information 
Office (CIO), the IRS is working to modernize the IMF and has 
developed a process to translate Assembly code to Java to 
facilitate this modernization.\8\
---------------------------------------------------------------------------
    \7\Some of these systems and investments may have individual 
components newer than the age reported by the agency.
    \8\Committee staff call with Terry Milholland, IRS CIO (May 19, 
2016).
---------------------------------------------------------------------------
    In another example, the DOD reported that its Strategic 
Automated Command and Control System is over 50 years old. This 
system coordinates the operational functions of the U.S. 
nuclear forces and is run on an IBM Series/1 computer (from the 
1970s) and uses eight-inch floppy disks. GAO noted that the 8-
inch floppy disk was first introduced in the 1970s and only 
holds 80 kilobytes of data. A single modern flash drive can 
hold the same amount of data as 3.2 million floppy disks. DOD 
is modernizing this system with updated data storage, port 
expansion, portable terminals, and desktop terminals with 
completion scheduled at the end of FY 2017.
    Modernization Planning for O&M; Investments. GAO examined 
several O&M; investments that agency CIOs rated as moderate or 
high risk to determine whether agencies had replacement or 
modernization plans. GAO found that of the 23 O&M; investments 
they reviewed, agencies did have plans to replace or modernize 
19 of these investments. GAO acknowledged these plans but 
challenged the quality of these plans for 12 of the 19 O&M; 
investments because the plans were general or tentative and did 
not provide specific timelines, activities to be performed, or 
functions to be replaced or enhanced. For example, GAO 
identified two O&M; investments for HHS with moderate risk 
ratings (Centers for Medicare and Medicaid Services Medicare 
Appeals System (moderate) and Trusted Internet Connection 
Investment (moderate) where HHS has general modernization plans 
that lacked detail.
    GAO reported that OMB has recognized the upward trend in 
O&M; spending and has attributed this trend to several factors, 
including: (1) O&M; activities require maintaining legacy 
hardware, which costs more over time; (2) costs to maintain 
applications and systems that use older programming languages 
have increased since programmers with these skills are 
increasingly rare and more expensive; and (3) often when there 
is uncertainty as to how to characterize spending, agencies opt 
to characterize such investments as O&M; because these attract 
less oversight, require less documentation, and have a lower 
risk of reduced funding.
    Chairman Chaffetz on Legacy IT. During the May 25, 2016 
Committee hearing on legacy IT, Chairman Chaffetz noted:

          Federal agencies spend over $80 billion--$80 
        billion--annually on IT, and it largely doesn't work. 
        With the majority of this spending focused on 
        maintaining and operating legacy systems, this is 
        obviously a major concern for the United States 
        Congress and the operation of the Federal Government.
          Such spending on legacy IT results in higher costs 
        and security vulnerabilities where old software and 
        operating systems are no longer supported by vendors. 
        The federal government is years, and in some cases 
        decades, behind the private sector.\9\
---------------------------------------------------------------------------
    \9\Federal Agencies' Reliance on Outdated and Unsupported 
Information Technology: A Ticking Time Bomb Hearing Before the H. Comm. 
on Oversight & Gov't Reform, 114th Cong. (May 25, 2016).

    Chairman Chaffetz added, ``[W]e have a long way to go to 
get from COBOL to the cloud, but I am committed to helping us 
get there.''\10\
---------------------------------------------------------------------------
    \10\Id.
---------------------------------------------------------------------------
    Testimony of the Federal CIO. On May 25, 2016, in testimony 
before the Committee, then-federal CIO Tony Scott outlined the 
challenges associated with legacy IT, described actions the 
Administration had taken to address this problem, and explained 
how an IT Modernization Fund (ITMF) could improve the 
situation.\11\ Mr. Scott said legacy IT poses significant 
security and operations risks and said, ``Absent timely action, 
the cost to operate and maintain legacy systems, as well as 
security vulnerabilities and other risks, will continue to 
grow.'' Mr. Scott also described the advantages of the proposed 
ITMF process by saying it was analogous to a corporate capital 
committee in the private sector where IT investments are 
presented with a viable business case that demonstrates 
improved performance and lower costs for approval.
---------------------------------------------------------------------------
    \11\Id.
---------------------------------------------------------------------------
    OPM Data Breach Lessons Learned and Legacy IT 
Recommendation. In September 2016, a report of the majority 
Committee staff, entitled The OPM Data Breach: How the 
Government Jeopardized Our National Security for More than a 
Generation, included a recommendation to ``modernize existing 
legacy federal information technology assets.'' Based on the 
investigation of the OPM data breach, the report found ``there 
is a pressing need for federal agencies to modernize legacy IT 
in order to mitigate the cybersecurity threat inherent in 
unsupported, end of life IT systems and applications.''\12\ The 
report illustrated this need for modernization by noting that 
OPM said their legacy systems were often not capable of 
accepting certain types of encryption.\13\
---------------------------------------------------------------------------
    \12\H. Comm. on Oversight & Gov't Reform Majority Staff, The OPM 
Data Breach: How the Government Jeopardized Our National Security for 
More Than a Generation 19 (2016).
    \13\Id. at 25.
---------------------------------------------------------------------------
    As a consequence, the report recommended that ``[f]ederal 
agencies should utilize existing tools and Congress should 
consider new tools to incentivize the transition from legacy to 
modernized IT solutions.'' The report noted that ``[s]uch 
reliance on legacy IT can result in security vulnerabilities 
where old software or operating systems are no longer supported 
by vendors and aging IT infrastructure becomes difficult and 
expensive to secure.''\14\ H.R. 2227 authorizes new funding 
tools to jumpstart agency IT modernization efforts and 
incentivize agencies to realize cost savings through 
modernization.
---------------------------------------------------------------------------
    \14\Id.
---------------------------------------------------------------------------
    Federal Agency Legacy IT Oversight and Related Developments 
in the 115th Congress. On March 27, 2017, President Donald J. 
Trump announced the creation of the White House Office of 
American Innovation (OAI). The OAI will make recommendations to 
the President on policies and plans that improve government 
operations and services, improve the quality of life for 
Americans now and in the future, and spur job creation.\15\
---------------------------------------------------------------------------
    \15\Press Release, the White House, President Donald J. Trump 
Announces the White House Office of American Innovation (OAI) (Mar. 27, 
2017), available at https://www.whitehouse.gov/the-press-office/2017/
03/27/president-donald-j-trump-announces-white-house-office-american.
---------------------------------------------------------------------------
    In response to introduction of the MGT Act on April 28, 
2017, Reed Cordish and Chris Liddell, Assistants to the 
President and leaders of OAI, stated:

          We are excited about today's introduction of the 
        Modernizing Government Technology Act; this important 
        bipartisan work, led by Rep. Will Hurd and Rep. Steny 
        Hoyer, will enable significant progress to be made 
        towards creating a more effective, efficient, and 
        accountable government for all Americans.\16\
---------------------------------------------------------------------------
    \16\Hurd to Introduce Revised IT Modernization Bill with White 
House Support, NextGov, Apr. 28, 2017, http://www.nextgov.com/cio-
briefing/2017/04/hurd-introduce-revised-it-modernization-bill-white-
house-support/137420/.

    On March 28, 2017, the Subcommittee on Information 
Technology and the Subcommittee on Government Operations held a 
joint hearing, ``Reviewing Challenges in Federal IT 
Acquisition'' to discuss challenges in the current federal IT 
acquisition system, best practices from the private sector, and 
areas for IT acquisition reform. The Subcommittees heard 
testimony from a panel of witnesses that outlined some of the 
fiscal and security challenges posed by legacy IT, including 
former CIO for the IRS, Richard Spires.
    Spires recommended the Committee reintroduce and enact the 
MGT Act and stated:

          There are significant benefits for Agencies in having 
        such budget flexibility, thus enabling them to shift 
        resources saved through IT efficiencies into funding 
        new modernization initiatives that have direct mission 
        delivery impact. Further, having multi-year funding 
        capability via a [working capital fund] enables program 
        managers to more effectively plan and resource a 
        program over multiple fiscal years.\17\
---------------------------------------------------------------------------
    \17\Statement of Richard Spires, Former Chief Information Officer 
of the U.S. Department of Homeland Security and the Internal Revenue 
Service, Hearing Before the H. Comm. on Oversight & Gov't Reform, 114th 
Cong. (Mar. 28, 2017).

    On May 1, 2017, President Donald J. Trump signed an 
Executive Order (EO) establishing the American Technology 
Council to ``coordinate the vision, strategy and direction'' of 
IT across government and provide advice regarding its use. The 
EO states, ``Americans deserve better digital services from 
their Government. To effectuate this policy, the federal 
government must transform and modernize its information 
technology and how it uses and delivers digital services.''\18\
---------------------------------------------------------------------------
    \18\Presidential Executive Order on the Establishment of the 
American Technology Council, May 1, 2017, https://www.whitehouse.gov/
the-press-office/2017/05/01/presidential-executive-order-establishment-
american-technology-council.
---------------------------------------------------------------------------
    On May 11, 2017, President Donald J. Trump signed an 
Executive Order (EO) on ``Strengthening the Cybersecurity of 
Federal Networks and Critical Infrastructure.''\19\ The EO 
states:
---------------------------------------------------------------------------
    \19\Presidential Executive Order on Strengthening the Cybersecurity 
of Federal Networks and Critical Infrastructure, May 11, 2017, https://
www.whitehouse.gov/the-press-office/2017/05/11/presidential-executive-
order-strengthening-cybersecurity-federal.

          (i) The executive branch has for too long accepted 
        antiquated and difficult-to-defend IT.
          (ii) Effective risk management involves more than 
        just protecting IT and data currently in place. It also 
        requires planning so that maintenance, improvements, 
        and modernization occur in a coordinated way and with 
        appropriate regularity.\20\
---------------------------------------------------------------------------
    \20\Id.

    The EO directs the Director of the American Technology 
Council to coordinate and complete within 90 days a report to 
the President from the Secretary of Homeland Security, the 
Director of OMB, and the Administrator of General Services, in 
consultation with the Secretary of Commerce, as appropriate, 
regarding modernization of federal IT.
    Case Studies and Cost Saving Opportunities. In July 2016, 
OMB conducted an IT modernization case study and found that the 
majority of agencies who moved to cloud-based collaboration 
solutions experienced cost savings after only several years of 
investment. Larger agencies like DOJ invested $19 million in IT 
modernization and achieved subsequent savings of $10 million 
per year.
    Additionally, the National Oceanic and Atmospheric 
Administration (NOAA) was able to migrate to Google Apps within 
six months and decommission its legacy servers over the next 
two years to achieve $3.1 million in cost savings. GSA reported 
that after migration ``added value was immediately 
apparent''\21\ with improved productivity and communication, 
resulting in $3.7 million per year in savings. Overall, 
agencies were able to quickly recoup the cost of migration to 
cloud-based collaboration solutions and ultimately experienced 
significant cost savings.
---------------------------------------------------------------------------
    \21\The Office of Mgmt & Budget, IT Modernization Case Study (July 
2016).
---------------------------------------------------------------------------
    Legislation to Address the Challenge of Legacy IT. In 2016, 
Representative Hurd introduced H.R. 6004, the Modernizing 
Government Technology Act of 2016. H.R. 6004 adopted slightly 
modified language from two IT modernization bills previously 
introduced in the 114th Congress. Then in the 115th Congress, 
Representative Hurd introduced H.R. 2227, the Modernizing 
Government Technology Act of 2017. H.R. 2227 is substantially 
similar to H.R. 6004 with a few modifications.
    Like H.R. 6004, H.R. 2227 authorizes all CFO Act agencies 
to establish an IT modernization fund managed by the agency 
CIO. However, the language was modified in H.R. 2227 to state 
that agencies ``may'' establish such funds because some 
agencies already have working capital funds that could be used 
for IT modernization, and the Committee wanted to avoid a 
duplicative requirement. The Committee believes that absent a 
compelling reason, all covered agencies should establish 
working capital funds for IT modernization. Creating similar 
working capital fund capabilities at all covered agencies will 
encourage consistency and sharing of best practices and help 
avoid duplication across the federal government.
    In addition, H.R. 2227 authorizes a central Technology 
Modernization Fund (TMF) in the Department of Treasury to be 
managed by OMB and a board of experts, with the Commissioner of 
the Technology Transformation Service of GSA executing an 
administrative role.
    H.R. 2227 authorizes $250 million for each of fiscal years 
2018 and 2019 for the TMF. The Committee views this funding as 
seed money to kick start modernization efforts at agencies. The 
Committee expects to see results in terms of savings and 
increased security before authorizing more funding.
    The TMF Board responsibilities include identifying 
opportunities to improve or replace multiple IT systems with a 
smaller number of IT systems common to multiple agencies. The 
Committee encourages the TMF Board and the Commissioner of the 
Technology Transformation Services of GSA to consult with the 
federal CIO Council in their efforts to identify such 
opportunities.
    The Committee expects the TMF Board to focus on 
modernization of existing systems when shifting to IT systems 
that multiple agencies could leverage. The TMF is established 
as a funding mechanism available to covered agency CIOs, 
through an application process to fund IT projects that provide 
substantial and direct transformation away from legacy IT 
toward more efficient modernized technologies and services. 
Given the critical IT needs of the federal government, the TMF 
should be used solely to modernize federal IT systems. The 
Committee notes that it is not intended to be within the 
purview of the TMF Board to evaluate agency modernization 
initiatives funded by the agency's own IT Working Capital 
Funds.
    H.R. 2227 clarifies the authorized uses of agency IT 
modernization funds in section 3(a)(3). Section 3(a)(3)(D) 
provides agencies the option to use the agency IT modernization 
fund to reimburse the TMF should the agency have received such 
funding through a successful application to the TMF Board. This 
language makes clear that such reimbursement to the TMF may 
only be made with the approval of the covered agency CIO. 
Agency CIOs are expected to exercise independent judgment in 
evaluating whether to use their IT modernization fund to 
reimburse the TMF.
    H.R. 2227 also encourages agencies to consider, to the 
extent practicable, guidelines developed by OMB and the TMF 
Board for purposes of evaluating IT modernization projects to 
be funded by the agency IT modernization fund. This provision 
is not intended to establish a mandatory requirement, but it is 
intended to facilitate the sharing of best practices in 
evaluating IT modernization projects.
    H.R. 2227, section 3(b) and section 4(a)(7) establish 
reporting requirements for individual agency IT modernization 
funds and the TMF. The Committee considers these reporting 
requirements essential to maintaining transparency on the use 
of these funding mechanisms and expects timely updates of this 
information on a public website. Further, the Committee 
encourages the submission of information on cost savings for 
projects funded through these mechanisms.
    H.R. 2227 defines a legacy information system to mean ``an 
outdated or obsolete system of information technology.'' The 
Committee acknowledges this is a broad definition, but expects 
covered agency CIOs and the TMF Board to prioritize 
modernization of legacy IT systems that pose significant 
security and operational risks. Further, a significant 
indicator that an IT system is outdated or obsolete--or falls 
within the definition of legacy IT systems in H.R. 2227--is 
that it is no longer being supported by an original vendor or 
manufacturer.
    As a general matter, it should be noted that H.R. 2227 
provides tools to address the challenge of legacy IT that, in 
conjunction with the enhanced CIO authorities enacted in the 
Federal IT Acquisition Reform Act (FITARA),\22\ should drive 
agency modernization initiatives. H.R. 2227 is intended to 
build on FITARA and empower and hold accountable covered agency 
CIOs to pursue IT modernization. The covered agency CIO refers 
to the CIO with primary authority over the full agency IT 
portfolio and who reports to the agency head or senior 
management of the covered agency.
---------------------------------------------------------------------------
    \22\National Defense Authorization Act Fiscal Year 2015, P.L. 113-
291, Title VIII, Subtitle D (Dec. 19, 2014).
---------------------------------------------------------------------------

                          LEGISLATIVE HISTORY

    On April 28, 2017, Representative Will Hurd (R-TX) 
introduced H.R. 2227, the Modernizing Government Technology Act 
of 2017, or the MGT Act with Chairman Jason Chaffetz (R-UT) and 
Ranking Member Elijah E. Cummings (D-MD); Representatives 
Gerald Connolly (D-VA), Robin Kelly (D-IL), Ted Lieu (D-CA), Ro 
Khanna (D-CA), Derek Kilmer (D-WA), Barbara Comstock (R-VA), 
Kevin Yoder (R-KS), Scott Taylor (R-VA), and Kay Granger (R-
TX). House Majority Leader Kevin McCarthy (R-CA), House 
Minority Whip Steny Hoyer (D-MD), Representatives Val Butler 
Demings (D-FL), Suzan DelBene (D-WA), Blake Farenthold (R-TX), 
Darrell Issa (R-CA), and C.A. Dutch Ruppersberger (D-MD) also 
joined as cosponsors.
    On May 2, 2017, the Committee on Oversight and Government 
Reform ordered H.R. 2227 favorably reported to the House by 
voice vote.
    In the 114th Congress, on September 13, 2016, 
Representative Hurd introduced H.R. 6004, the Modernizing 
Government Technology Act of 2016 with Chairman Jason Chaffetz 
(R-UT), Ranking Member Elijah E. Cummings (D-MD), 
Representatives Gerald Connolly (D-VA), Robin Kelly (D-IL), and 
Ted Lieu (D-CA). House Majority Leader Kevin McCarthy (R-CA) 
and Minority Whip Steny Hoyer (D-MD) also joined as cosponsors. 
On September 15, 2016, the Committee on Oversight and 
Government Reform ordered H.R. 6004 favorably reported by voice 
vote, with an amendment. On September 22, 2016, the House 
agreed to a motion to suspend the rules and passed H.R. 6004 by 
voice vote.
    Also in the 114th Congress, two related bills were 
introduced that informed the text of H.R. 6004. These related 
bills were: (1) H.R. 4897, the Information Technology 
Modernization Act, which was introduced by Representative Hoyer 
(D-MD) on April 11, 2016; and (2) H.R.5792, the Modernizing 
Outdated and Vulnerable Equipment and Information Technology 
Act, which was introduced by Representative Hurd on July 14, 
2016.

                           Section-by-Section


Section 1. Short title; Table of contents

    The short title of the bill is the ``Modernization 
Government Technology Act of 2017.''

Section 2. Findings; Purposes

    Section 2 makes findings and establishes the purposes of 
the bill.
    Section 2(a) finds the following: (1) the federal 
government spends nearly 75 percent of its annual information 
technology (IT) budget on operating and maintaining existing 
legacy IT systems that can pose operational and security risks; 
(2) the GAO designated improving the management of IT 
acquisitions and operations to its biannual High Risk List and 
identified as a particular concern the increasing level of IT 
spending on Operations and Maintenance making less funding 
available for development or modernization; (3) the federal 
government must modernize federal IT systems to mitigate 
existing operational and security risks; and (4) the 
efficiencies, cost savings, and greater computing power offered 
by modernized solutions, such as cloud computing have the 
potential to (a) eliminate duplication and reduce costs, (b) 
address the critical need for cybersecurity by design, and (c) 
move the federal government into a broad, digital-services 
delivery model.
    Section 2(b) states the purposes of the bill are to: (1) 
assist the federal government in modernizing federal IT to 
mitigate current operational and security risks; (2) 
incentivize cost savings in federal IT through modernization; 
and (3) accelerate the acquisition and deployment of modernized 
IT solutions, such as cloud computing, by addressing 
impediments in the areas of funding, development, and 
acquisition practices.

Section 3. Establishment of agency information technology systems 
        modernization and working capital funds

    Section 3(a)(1) provides authority to each CFO Act agency 
head to establish an information technology system 
modernization and working capital fund.
    Section 3(a)(2) establishes the source of funds to be 
deposited in the IT working capital fund as reprogrammed and 
transferred funds made available in appropriations Acts 
subsequent to the date of enactment and consistent with 
applicable reprogramming law and guidelines of the 
Appropriations Committees; and discretionary appropriations 
funding made available subsequent to the date of enactment.
    Section 3(a)(3) establishes that funds from the IT working 
capital fund may only be used to: (A) improve, retire, or 
replace existing IT systems in the covered agency to improve 
efficiency and effectiveness; (B) transition legacy IT systems 
at a covered agency to cloud computing and other innovative 
platforms and technologies, including those serving more than 
one covered agency with common requirements; (C) assist and 
support agency efforts to provide adequate, risk-based, and 
cost-effective IT capabilities that address evolving threats to 
information security; and (D) for reimbursement of funds 
transferred to the covered agency from the Technology 
Modernization Fund, established under section 4, with the 
approval of the agency CIO.
    Section 3(a)(4) states an IT working capital fund may not 
be used to supplant funds provided for the operation and 
maintenance of any system already within an appropriation for 
the agency at the time the IT working capital fund is 
established.
    Section 3(a)(5) requires the head of each agency to 
prioritize funds within the IT working capital fund to be used 
initially for cost savings activities approved by the agency 
CIO, in consultation with the Administrator of the Office of 
Electronic Government (i.e., the federal CIO). Paragraph (5) 
also authorizes the agency to reprogram and transfer any 
amounts saved as a direct result of such activities for deposit 
into the applicable IT working capital fund, consistent with 
applicable law and guidelines of the Appropriations Committees.
    Section 3(a)(6) allows any funds deposited into an IT 
working capital fund to be available for obligation for three 
years after the last day of the fiscal year in which such funds 
were deposited.
    Section 3(a)(7) requires agency CIOs, in evaluating 
projects to be funded from the agency IT working capital fund, 
to consider to the extent practicable guidance established by 
the Office of Management and Budget (OMB), under Section 
4(a)(1) for evaluating IT projects to be funded by the 
Technology Modernization Fund established at Treasury, overseen 
by OMB. Such guidance shall include factors such as strong 
business case, technical design, procurement strategy 
(including use of incremental software development practices), 
and program management.
    Section 3(b) requires agencies to submit one year after 
enactment and every 6 months thereafter to OMB information on 
the agency's use of the IT working capital fund, including a 
list of IT investments funded by the fund and a summary by 
fiscal year of the obligations, expenditures, and unused 
balances of the fund; and requires OMB to make such information 
available on a public website.
    Section 3(c) defines covered agency in accordance with 
section 901(b) of title 31, United States Code.

Section 4. Establishment of Technology Modernization Fund and board

    Section 4(a)(1) establishes in the Treasury the Technology 
Modernization Fund (TMF) for technology-related activities to 
improve IT, to enhance cybersecurity across the federal 
government, and to be administered in accordance with OMB 
guidance.
    Section 4(a)(2) authorizes the Commissioner of the 
Technology Transformation Service at the General Services 
Administration (GSA), in consultation with the federal CIO 
Council and with the OMB Director's approval, to administer the 
TMF.
    Section 4(a)(3) requires that the use of TMF funds be in 
accordance with the recommendations of the Board and only for 
the following purposes: (A) to transfer such amounts to remain 
available until expended to the head of an agency to improve, 
retire, or replace existing federal IT systems to enhance 
cybersecurity and improve efficiency and effectiveness; (B) for 
the development, operation, and procurement of IT products, 
services, and acquisition vehicles for use by agencies to 
improve government-wide efficiency and cybersecurity; and (C) 
to provide services or work performed in support of the 
activities described in (A) and (B).
    Section 4(a)(4)(A) authorizes to be appropriated to the 
Fund $250 million in fiscal year 2018 and fiscal year 2019.
    Section 4(a)(4)(B) authorizes the Fund to be credited with 
all reimbursements, advances, or refunds or recoveries relating 
to IT or services provided through the Fund.
    Section 4(a)(4)(C) authorizes amounts deposited, credited, 
or otherwise made available to the Fund to be available for the 
purposes in Section 4(a)(3), as provided in appropriations 
Acts, until expended.
    Section 4(a)(5) authorizes reimbursement to the Fund by: 
(A) payment by the agency for the product or services developed 
in accordance with paragraph (3)(B) or (C), which shall be a 
fixed amount by the Commissioner of the Technology 
Transformation Service at GSA (Commissioner); and (B) 
reimbursement by the agency for any Funds transferred to the 
agency for purposes of IT modernization projects under 
paragraph (3)(A), including any services or work performed in 
support of such transfer under paragraph (3)(C) and in 
accordance with the terms of the written agreement described in 
Section 4(a)(6).
    Section 4(a)(5)(C) authorizes the Commissioner, in 
consultation with OMB, to establish the amounts to be paid by 
an agency and the terms of repayment for an agency's use of 
products or services developed in accordance with paragraphs 
(3)(B) or (C) at levels to ensure the solvency of the Fund, 
including operating expenses. The Commissioner is not 
authorized to change established amounts or terms of repayment, 
unless there is a review and approval from OMB.
    Section 4(a)(5)(D) authorizes the Commissioner to obtain 
reimbursement from the agency by issuance of transfer and 
counterwarrants or other lawful transfer documents (supported 
by itemized bills), if payments are not made (i) within 90 days 
after expiration of a repayment period described in the written 
agreement in paragraph (6); or (ii) within 45 days after the 
expiration of the time period to make a payment under a payment 
schedule for a product or service developed under paragraph 
(3)(B).
    Section 4(a)(6)(A) establishes a requirement for a written 
agreement prior to the transfer of funds to an agency under 
paragraph 3(A). The written agreement will document the purpose 
of the funding and the terms of repayment. The written 
agreement will be between the head of the agency and the 
Commissioner and for a period of not more than five years, 
unless approved by OMB. For any funds transferred to the agency 
under paragraph 3(A), these funds shall be transferred only on 
an incremental basis and will be tied to metric-based 
development milestones achieved by the agency.
    Section 4(a)(6)(B) requires that incremental development 
practices be used for work funded by the Fund and that such 
funds only be transferred on an incremental basis, tied to 
metric-based development milestones achieved by the agency and 
as described in the written agreement.
    Section 4(a)(7) requires OMB to publish and maintain a list 
of each project funded by the Fund on a public website not 
later than six months after enactment and to update not less 
than quarterly details of projects funded by the Fund including 
a project description, project status (including schedule delay 
and cost overruns), and financial expenditure data related to 
the project.
    Section 4(b)(1) establishes a Board to evaluate proposals 
submitted by agencies for funding authorized under the Fund.
    Section 4(b)(2) establishes Board responsibilities. The 
Board is responsible for:
          1. Providing input to OMB for the development of 
        processes for agencies to submit modernization 
        proposals to the Board and to establish the proposal 
        evaluation criteria by which proposals will be 
        evaluated. Such evaluation criteria shall include 
        addressing the greatest security and operational risks 
        having the greatest governmental-wide impact and having 
        a high probability of success based on factors such as 
        a strong business case, technical design, procurement 
        strategy (including adequate use of incremental 
        software development), and program management;
          2. Making recommendations to the Commissioner to 
        assist agencies in the further development and 
        refinement of select submitted modernization proposals;
          3. Reviewing and prioritizing, with OMB and the 
        Commissioner's assistance, modernization proposals 
        based upon criteria established in section 4(b)(2)(A);
          4. Identifying, with the Commissioner's assistance, 
        opportunities to improve or replace multiple IT systems 
        with a smaller number of IT systems common to multiple 
        agencies;
          5. Recommending the funding of modernization projects 
        in accordance with the uses described in subsection 
        (a)(3);
          6. Monitoring, in consultation with the Commissioner, 
        progress and performance in executing approved Fund 
        projects and if necessary recommending suspension or 
        termination of funding based on factors such as failure 
        to meet the terms of a written agreement; and
          7. Monitoring operating costs of the fund.
    Section 4(b)(3) establishes the membership of the Board as 
eight voting members.
    Section 4(b)(4) establishes the Administrator of the Office 
of Electronic Government, known as the federal CIO, as Chair of 
the Board.
    Section 4(b)(5) establishes as the permanent Board members 
the Chair and a senior GSA official with technical expertise in 
IT development and appointed by the GSA Administrator with OMB 
approval.
    Section 4(b)(6) establishes additional members of the Board 
as the following: one employee from the National Protection and 
Programs Directorate in the Department of Homeland Security, 
appointed by the Secretary of Homeland Security; one employee 
from the Department of Defense, appointed by the Secretary of 
Defense; and four federal employees with technical expertise 
and appointed by OMB. Additional members of the Board will 
serve one-year terms renewable up to three times at the 
discretion of the appointing official.
    Section 4(b)(7) prohibits additional pay, allowances, or 
benefits for members of the Board by reason of their services 
on the Board.
    Section 4(b)(8) authorizes OMB and GSA to detail on a 
nonreimbursable basis any OMB or GSA personnel to the Board to 
assist in carrying out the functions of the Board.
    Section 4(c)(1) provides generally that the Commissioner 
shall support the activities of the Board, provide technical 
support to agencies that receive TMF funding, and, with the 
concurrence of the Director, provide oversight of agencies that 
receive TMF funding.
    Section 4(c)(2) establishes specific responsibilities for 
the Commissioner as the following: (A) provide direct technical 
support in the form of personnel services or otherwise to 
agencies that receive transferred amounts from the Fund for 
subsection (a)(3)(A) and (B) activities; (B) assist the Board 
with the evaluation, prioritization, and development of agency 
modernization proposals; (C) perform regular project oversight 
and monitoring of approved agency modernization projects, in 
consultation with the Board and OMB to increase the likelihood 
of successful implementation and reduce waste; and (D) provide 
the Director with information necessary to fulfill reporting 
requirements in subsection (a)(7), including a list of projects 
funded by the Fund, on a public website to be updated not less 
than quarterly with a description of the project, project 
status, and financial expenditure data related to the project.
    Section 4(d) defines agency in accordance with section 551 
of title 5, United States Code.

Section 5. Definitions

    Section 5 defines Cloud Computing, Commissioner (as the 
Commissioner of the Technology Transformation Service of the 
General Services Administration), Director (as Director of 
OMB), Information Technology, and Legacy Information Technology 
System.

                       Explanation of Amendments

    No amendments to H.R. 2227 were offered or adopted during 
Full Committee consideration of the bill.

                        Committee Consideration

    On May 2, 2017, the Committee met in open session and 
ordered favorably reported to the House, H.R. 2227, by voice 
vote, a quorum being present.

                            Roll Call Votes

    No roll call votes were requested or conducted during Full 
Committee consideration of H.R. 2227.

              Application of Law to the Legislative Branch

    Section 102(b)(3) of Public Law 104-1 requires a 
description of the application of this bill to the legislative 
branch where the bill relates to the terms and conditions of 
employment or access to public services and accommodations. 
This bill establishes IT modernization funds at agencies and a 
centralized Modernization of Government Technology Fund at the 
Department of Treasury. As such, this bill does not relate to 
employment or access to public services and accommodations.

  Statement of Oversight Findings and Recommendations of the Committee

    In compliance with clause 3(c)(1) of rule XIII and clause 
(2)(b)(1) of rule X of the Rules of the House of 
Representatives, the Committee's oversight findings and 
recommendations are reflected in the descriptive portions of 
this report.

         Statement of General Performance Goals and Objectives

    In accordance with clause 3(c)(4) of rule XIII of the Rules 
of the House of Representatives, the Committee's performance 
goal and objective of the bill is to modernize Government 
information technology.

                    Duplication of Federal Programs

    In accordance with clause 2(c)(5) of rule XIII no provision 
of this bill establishes or reauthorizes a program of the 
Federal Government known to be duplicative of another Federal 
program, a program that was included in any report from the 
Government Accountability Office to Congress pursuant to 
section 21 of Public Law 111-139, or a program related to a 
program identified in the most recent Catalog of Federal 
Domestic Assistance.

                  Disclosure of Directed Rule Makings

    The Committee estimates that enacting this bill does not 
direct the completion of any specific rule makings within the 
meaning of section 551 of title 5, United States Code.

                     Federal Advisory Committee Act

    The Committee finds that the legislation does not establish 
or authorize the establishment of an advisory committee within 
the definition of Section 5(b) of the appendix to title 5 of 
the United States Code.

                       Unfunded Mandate Statement

    Section 423 of the Congressional Budget and Impoundment 
Control Act (as amended by Section 101(a)(2) of the Unfunded 
Mandate Reform Act, P.L. 104-4) requires a statement as to 
whether the provisions of the reported include unfunded 
mandates. In compliance with this requirement, the Committee 
has included below a letter from the Congressional Budget 
Office.

                         Earmark Identification

    This bill does not include any congressional earmarks, 
limited tax benefits, or limited tariff benefits as defined in 
clause 9 of rule XXI.

                           Committee Estimate

    Clause 3(d)(1) of rule XIII of the Rules of the House of 
Representatives requires an estimate and a comparison by the 
Committee of the costs that would be incurred in carrying out 
this bill. However, clause 3(d)(2)(B) of that rule provides 
that this requirement does not apply when the Committee has 
included in its report a timely submitted cost estimate of the 
bill prepared by the Director of the Congressional Budget 
Office under section 402 of the Congressional Budget Act of 
1974.

     Budget Authority and Congressional Budget Office Cost Estimate

    With respect to the requirements of clause 3(c)(2) of rule 
XIII of the Rules of the House of Representatives and section 
308(a) of the Congressional Budget Act of 1974 and with respect 
to requirements of clause (3)(c)(3) of rule XIII of the Rules 
of the House of Representatives and section 402 of the 
Congressional Budget Act of 1974, the Committee has received 
the following cost estimate for this bill from the Director of 
Congressional Budget Office:

                                     U.S. Congress,
                               Congressional Budget Office,
                                      Washington, DC, May 12, 2017.
Hon. Jason Chaffetz,
Chairman, Committee on Oversight and Government Reform,
House of Representatives, Washington, DC.
    Dear Mr. Chairman: The Congressional Budget Office has 
prepared the enclosed cost estimate for H.R. 2227, the MGT Act.
    If you wish further details on this estimate, we will be 
pleased to provide them. The CBO staff contact is Matthew 
Pickford.
            Sincerely,
                                                        Keith Hall.
    Enclosure.

H.R. 2227--MGT Act

    Summary: H.R. 2227 would establish new budget accounts to 
fund efforts to modernize government information technology 
(IT) systems. The new accounts would include a working capital 
fund for each major federal agency that would be used to retire 
and replace older IT systems (legacy systems) and a single 
government-wide technology and modernization fund to update 
federal IT systems and make them more secure. H.R. 2227 also 
would establish a board of managers to oversee, evaluate, and 
monitor federal IT spending. Finally, H.R. 2227 would authorize 
the appropriation of $250 million in each of fiscal years 2018 
and 2019 to cover the costs of complying with the bill.
    CBO estimates that implementing this legislation would cost 
$500 million over the 2017-2022 period, assuming appropriation 
of the specified amounts. CBO estimates that enacting H.R. 2227 
would not affect direct spending or revenues; therefore pay-as-
you- go procedures do not apply.
    CBO estimates that enacting H.R. 2227 would not increase 
net direct spending or on-budget deficits in any of the four 
consecutive 10-year periods beginning in 2028.
    H.R. 2227 contains no intergovernmental or private-sector 
mandates as defined in the Unfunded Mandates Reform Act (UMRA) 
and would impose no costs on state, local, or tribal 
governments.
    Estimated cost to the Federal Government: The estimated 
budgetary effects of H.R. 2227 are shown in the following 
table. The costs of this legislation fall within all budget 
functions that include IT spending.

----------------------------------------------------------------------------------------------------------------
                                                          By fiscal year, in billions of dollars--
                                          ----------------------------------------------------------------------
                                             2017      2018      2019      2020      2021      2022    2017-2022
----------------------------------------------------------------------------------------------------------------
                                 INCREASES IN SPENDING SUBJECT TO APPROPRIATION
 
Estimated Authorization Level............         0       250       250         0         0         0        500
Estimated Outlays........................         0        83       167       167        83         0        500
----------------------------------------------------------------------------------------------------------------

    Basis of estimate: For this estimate, CBO assumes that H.R. 
2227 will be enacted near the end of fiscal year 2017, that the 
necessary amounts will be appropriated each year, and that 
spending will follow historical spending patterns for similar 
investments in IT.
    H.R. 2227 would authorize the appropriation of $500 million 
over two fiscal years to establish a Technology Modernization 
Board and a Technology Modernization Fund. The board would 
consist of eight federal employees, two from the General 
Service Administration, one each from the Departments of 
Defense and Homeland Security, and four appointed by the Office 
of Management and Budget. The board's purpose would be to help 
improve information technology and cybersecurity systems across 
the government. Assuming appropriation of the authorized 
amounts, CBO estimates that implementing the bill would cost 
$500 million over the 2018-2022 period.
    The bill also would establish IT revolving funds in each 
major agency to be used to modernize information technology, 
primarily by replacing legacy systems with new technology. 
Individual agencies would be authorized to reprogram their 
discretionary appropriations to pay for new IT systems. In 
future years, any appropriated funds no longer needed to 
operate legacy systems because of changes made under the bill 
could be available to agencies, through the revolving funds, to 
upgrade other IT systems.
    Pay-As-You-Go considerations: None.
    Increase in long-term direct spending and deficits: CBO 
estimates that enacting H.R. 2227 would not increase net direct 
spending or on-budget deficits in any of the four consecutive 
10-year periods beginning in 2028.
    Intergovernmental and private-sector impact: H.R. 2227 
contains no intergovernmental or private-sector mandates as 
defined in UMRA and would impose no costs on state, local, or 
tribal governments.
    Estimate prepared by: Federal Costs: Matthew Pickford; 
Impact on state, local, and tribal governments: Zach Byrum; 
Impact on the private-sector: Paige Piper/Bach.
    Estimate approved by: H. Samuel Papenfuss, Deputy Assistant 
Director for Budget Analysis.

                                  [all]