Sec. 3. Software inventory update and expansion
837 words·~4 min read·
/bill/118/hr/1695/pcs/section-3A research copy — for the controlling text, always check the official state or federal source. Not legal advice.
As soon as practicable, and not later than 18 months after the date of enactment of this Act, the Chief Information Officer of each agency, in consultation with the Chief Financial Officer, the Chief Acquisition Officer, the Chief Data Officer, and General Counsel of the agency, or the equivalent officials of the agency, shall complete a comprehensive assessment of the software paid for by, in use at, or deployed throughout the agency, which shall include— the current software inventory of the agency, including software entitlements, contracts and other agreements or arrangements of the agency, and a list of the largest software entitlements of the agency separated by provider and category of software; a comprehensive, detailed accounting of— any software used by or deployed within the agency, including software developed or built by the agency, or by another agency for use by the agency, including shared services, as of the date of the comprehensive assessment, including, to the extent identifiable, the contracts and other agreements or arrangements used by the agency to acquire, build, deploy, or use such software; information and data on software entitlements, which shall include information on any additional fees or costs, including fees or costs for the use of cloud services, that are not included in the initial costs of the contract, agreement, or arrangement— for which the agency pays; that are not deployed or in use by the agency; and that are billed to the agency under any contract or business arrangement that creates duplication, or are otherwise determined to be unnecessary by the Chief Information Officer of the agency, or the equivalent official, in the deployment or use by the agency; and the extent— to which any software paid for, in use, or deployed throughout the agency is interoperable; and of the efforts of the agency to improve interoperability of software assets throughout the agency enterprise; a categorization of software entitlements of the agency by cost, volume, and type of software; a list of any provisions in the software entitlements of the agency that may restrict how the software can be deployed, accessed, or used, including any such restrictions on desktop or server hardware, through a cloud service provider, or on data ownership or access; and an analysis addressing— the accuracy and completeness of the comprehensive assessment; agency management of and compliance with all contracts or other agreements or arrangements that include or reference software entitlements or software management within the agency; the extent to which the agency accurately captures the total cost of software entitlements and related costs, including the total cost of upgrades over the life of a contract, cloud usage costs, and any other cost associated with the maintenance or servicing of contracts; and compliance with software license management policies of the agency.
The head of an agency may enter into 1 or more contracts to support the requirements of subsection (a). Contracts under paragraph
(1)shall not include contractors with organizational conflicts of interest, within the meaning given that term under subpart 9.5 of the Federal Acquisition Regulation. Over the course of a comprehensive assessment, contractors hired pursuant to paragraph
(1)shall maintain operational independence from the integration, management, and operations of the software inventory and software entitlements of the agency. On the date on which the Chief Information Officer, Chief Financial Officer, Chief Acquisition Officer, the Chief Data Officer, and General Counsel of an agency, or the equivalent officials of the agency, complete the comprehensive assessment, the Chief Information Officer shall submit the comprehensive assessment to the head of the agency. Not later than 30 days after the date on which the head of an agency receives the comprehensive assessment under subsection (c), the head of the agency shall submit the comprehensive assessment to— the Director; the Administrator; the Comptroller General of the United States; the Committee on Homeland Security and Governmental Affairs of the Senate; and the Committee on Oversight and Accountability of the House of Representatives. In order to ensure the utility and standardization of the comprehensive assessment of each agency, including to support the development of each plan and the report required under section 4(e)(2), the Director, in consultation with the Administrator, shall share information, best practices, and recommendations relating to the activities performed in the course of a comprehensive assessment of an agency. For each element of the intelligence community, a comprehensive assessment described under subsection
(a)shall be— conducted separately; performed only by an entity designated by the head of the element of the intelligence community, in accordance with appropriate applicable laws; performed in such a manner as to ensure appropriate protection of information which, if disclosed, may adversely affect national security; and submitted in summary form, not later than 30 days after the date on which the head of the element of the intelligence community receives the assessment, by the head of the element of the intelligence community to— the Director; the Select Committee on Intelligence of the Senate; and the Permanent Select Committee on Intelligence of the House of Representatives.