Sec. 5. Open source software guidance
785 words·~4 min read·
/bill/117/s/4913/rs/section-5A research copy — for the controlling text, always check the official state or federal source. Not legal advice.
In this section: The term appropriate congressional committee has the meaning given the term in section 2 of the Homeland Security Act of 2002 ( 6 U.S.C. 101 ). The term covered agency means an agency described in section 901(b) of title 31, United States Code. The term Director means the Director of the Office of Management and Budget. The term national security system has the meaning given the term in section 3552 of title 44, United States Code.
(5)The terms open source software and open source software community have the meanings given those terms in section 2201 of the Homeland Security Act of 2002 ( 6 U.S.C. 651 ), as amended by section 3 of this Act. Not later than 1 year after the date of enactment of this Act, the Director, in coordination with the National Cyber Director, the Director of the Cybersecurity and Infrastructure Security Agency, and the Administrator of General Services, shall issue guidance on the responsibilities of the chief information officer at each covered agency regarding open source software, which shall include— how chief information officers at each covered agency should, considering industry and open source software community best practices— manage and reduce risks of using open source software; and guide contributing to and releasing open source software; how chief information officers should enable, rather than inhibit, the secure usage of open source software at each covered agency; any relevant updates to the Memorandum M–16–21 issued by the Office of Management and Budget on August 8, 2016, entitled, Federal Source Code Policy: Achieving Efficiency, Transparency, and Innovation through Reusable and Open Source Software ; and how covered agencies may contribute publicly to open source software that the covered agency uses, including how chief information officers should encourage those contributions. The guidance issued under paragraph
(1)shall not apply to national security systems. Not later than 1 year after the date of enactment of this Act, the chief information officer of each covered agency described in selected under paragraph (2), in coordination with the Director, the National Cyber Director, the Director of the Cybersecurity and Infrastructure Security Agency, and the Administrator of General Services, shall establish a pilot open source function at the covered agency that— is modeled after open source program offices, such as those in the private sector, the nonprofit sector, academia, and other non-Federal entities; and shall— support the secure usage of open source software at the covered agency; develop policies and processes for contributions to and releases of open source software at the covered agency, in consultation, as appropriate, with the O o ffices of G g eneral C c ounsel and P p rocurement of the covered agency; interface with the open source software community; and manage and reduce risks of consuming using open source software at the covered agency. The Director, in coordination with the National Cyber Director, the Director of the Cybersecurity and Infrastructure Security Agency, and the Administrator of General Services, shall select 1 or more covered agencies to conduct the pilot described in paragraph
(1)Not later than 1 year after the establishment of the pilot open source functions described in paragraph (1), the Director, in coordination with the National Cyber Director, the Director of the Cybersecurity and Infrastructure Security Agency, and the Administrator of General Services, shall assess whether open source functions should be established at some or all covered agencies, including— how to organize those functions within covered agencies, such as the creation of open source program offices; and appropriate roles and responsibilities for those functions. If the Director determines, based on the assessment described in paragraph (3), that some or all of the open source functions should be established at some or all covered agencies, the Director, in coordination with the National Cyber Director, the Director of the Cybersecurity and Infrastructure Security Agency, and the Administrator of General Services, shall issue guidance on the implementation of those functions. The Director shall— not later than 1 year after the date of enactment of this Act, brief the appropriate congressional committees on the guidance issued under subsection (b); and not later than 540 days after the establishment of the pilot open source functions under subsection (c)(1), submit to the appropriate congressional committees a report on— the pilot open source functions; and the results of the assessment conducted under subsection (c)(3). Section 3554(b) of title 44, United States Code, is amended— in paragraph (7), by striking and at the end; in paragraph (8), by striking the period at the end and inserting ; and ; and by adding at the end the following: plans and procedures to ensure the secure usage and development of software, including open source software. .
Connectionstraces to 2
Traces to 2 documents
U.S. Code
Citation graph
cites case law
Cites 2Cited by 0 across 0 sources