Sec. 834. FEDERAL DATA CENTER CONSOLIDATION INITIATIVE
1,375 words·~6 min read·
/statute-compilations/comps-11977/sec-834A research copy — for the controlling text, always check the official state or federal source. Not legal advice.
## SEC. 834 FEDERAL DATA CENTER CONSOLIDATION INITIATIVE **[**[44 U.S.C. 3601 note](/us/usc/t44/s3601)**]** ###
(a)Definitions In this section: ####
(1)Administrator The term “Administrator” means the Administrator of the Office of Electronic Government established under section 3602 of title 44, United States Code (and also known as the Office of E-Government and Information Technology), within the Office of Management and Budget. ####
(2)Covered agency The term “covered agency” means the following (including all associated components of the agency): #####
(A)Department of Agriculture. #####
(B)Department of Commerce. #####
(C)Department of Defense. #####
(D)Department of Education. #####
(E)Department of Energy. #####
(F)Department of Health and Human Services. #####
(G)Department of Homeland Security. #####
(H)Department of Housing and Urban Development. #####
(I)Department of the Interior. #####
(J)Department of Justice. #####
(K)Department of Labor. #####
(L)Department of State. #####
(M)Department of Transportation. #####
(N)Department of Treasury. #####
(O)Department of Veterans Affairs. #####
(P)Environmental Protection Agency. #####
(Q)General Services Administration. #####
(R)National Aeronautics and Space Administration. #####
(S)National Science Foundation. #####
(T)Nuclear Regulatory Commission. #####
(U)Office of Personnel Management. #####
(V)Small Business Administration. #####
(W)Social Security Administration. #####
(X)United States Agency for International Development. ####
(3)New data center The term “new data center” means— #####
(A)######
(i)a data center or a portion thereof that is owned, operated, or maintained by a covered agency; or ######
(ii)to the extent practicable, a data center or portion thereof— ######
(I)that is owned, operated, or maintained by a contractor on behalf of a covered agency on the date on which the contract between the covered agency and the contractor expires; and ######
(II)with respect to which the covered agency extends the contract, or enters into a new contract, with the contractor; and #####
(B)on or after the date that is 180 days after the date of enactment of the Federal Data Center Enhancement Act of 2023, a data center or portion thereof that is— ######
(i)established; or ######
(ii)substantially upgraded or expanded. ###
(b)Minimum Requirements for New Data Centers ####
(1)In general Not later than 180 days after the date of enactment of the Federal Data Center Enhancement Act of 2023, the Administrator shall establish minimum requirements for new data centers in consultation with the Administrator of General Services and the Federal Chief Information Officers Council. ####
(2)Contents #####
(A)In general The minimum requirements established under paragraph
(1)shall include requirements relating to— ######
(i)the availability of new data centers; ######
(ii)the use of new data centers, including costs related to the facility, energy consumption, and related infrastructure; ######
(iii)uptime percentage; ######
(iv)protections against power failures, including on-site energy generation and access to multiple transmission paths; ######
(v)protections against physical intrusions and natural disasters; ######
(vi)information security protections required by subchapter II of chapter 35 of title 44, United States Code, and other applicable law and policy; and ######
(vii)any other requirements the Administrator determines appropriate. #####
(B)Consultation In establishing the requirements described in subparagraph (A)(vi), the Administrator shall consult with the Director of the Cybersecurity and Infrastructure Security Agency and the National Cyber Director. ####
(3)Incorporation of minimum requirements into current data centers As soon as practicable, and in any case not later than 90 days after the Administrator establishes the minimum requirements pursuant to paragraph (1), the Administrator shall issue guidance to ensure, as appropriate, that covered agencies incorporate the minimum requirements established under that paragraph into the operations of any data center of a covered agency existing as of the date of enactment of the Federal Data Center Enhancement Act of 2023. ####
(4)Review of requirements The Administrator, in consultation with the Administrator of General Services and the Federal Chief Information Officers Council, shall review, update, and modify the minimum requirements established under paragraph (1), as necessary. ####
(5)Report on new data centers During the development and planning lifecycle of a new data center, if the head of a covered agency determines that the covered agency is likely to make a management or financial decision relating to any data center, the head of the covered agency shall— #####
(A)notify— ######
(i)the Administrator; ######
(ii)Committee on Homeland Security and Governmental Affairs of the Senate; and ######
(iii)Committee on Oversight and Accountability of the House of Representatives; and #####
(B)describe in the notification with sufficient detail how the covered agency intends to comply with the minimum requirements established under paragraph (1). ####
(6)Use of technology In determining whether to establish or continue to operate an existing data center, the head of a covered agency shall— #####
(A)regularly assess the application portfolio of the covered agency and ensure that each at-risk legacy application is updated, replaced, or modernized, as appropriate, to take advantage of modern technologies; and #####
(B)prioritize and, to the greatest extent possible, leverage commercial data center solutions, including hybrid cloud, multi-cloud, co-location, interconnection, or cloud computing (as defined in section 3607 of this Chapter) rather than acquiring, overseeing, or managing custom data center infrastructure. ####
(7)Public website #####
(A)In general The Administrator shall maintain a public-facing website that includes information, data, and explanatory statements relating to the compliance of covered agencies with the requirements of this section. #####
(B)Processes and procedures In maintaining the website described in subparagraph (A), the Administrator shall— ######
(i)ensure covered agencies regularly, and not less frequently than biannually, update the information, data, and explanatory statements posed on the website, pursuant to guidance issued by the Administrator, relating to any new data centers and, as appropriate, each existing data center of the covered agency; and ######
(ii)ensure that all information, data, and explanatory statements on the website are maintained as open Government data assets. ###
(c)Ensuring Cybersecurity Standards for Data Center Consolidation and Cloud Computing ####
(1)In general The head of a covered agency shall oversee and manage the data center portfolio and the information technology strategy of the covered agency in accordance with Federal cybersecurity guidelines and directives, including— #####
(A)information security standards and guidelines promulgated by the Director of the National Institute of Standards and Technology; #####
(B)applicable requirements and guidance issued by the Director of the Office of Management and Budget pursuant to section 3614 of title 44, United States Code; and #####
(C)directives issued by the Secretary of Homeland Security under section 3553 of title 44, United States Code. ####
(2)Rule of construction Nothing in this section shall be construed to limit the ability of the Director of the Office of Management and Budget to update or modify the Federal guidelines on cloud computing security. ###
(d)Waiver of Requirements The Director of National Intelligence and the Secretary of Defense, or their respective designee, may waive the applicability to any national security system, as defined in section 3542 of title 44, United States Code, of any provision of this section if the Director of National Intelligence or the Secretary of Defense, or their respective designee, determines that such waiver is in the interest of national security. Not later than 30 days after making a waiver under this subsection, the Director of National Intelligence or the Secretary of Defense, or their respective designee, shall submit to the Committee on Homeland Security and Governmental Affairs and the Select Committee on Intelligence of the Senate and the Committee on Oversight and Government Reform and the Permanent Select Committee on Intelligence of the House of Representatives a statement describing the waiver and the reasons for the waiver. ###
(e)Sunset This section is repealed effective on October 1, 202610. 10Section 834 was repealed effective on October 1, 2022; however, effective on the date of enactment of section 5302(c) of division E of Public Law 118–31 (eff. date is December 22, 2023) provides for an amendment to extend this sunset provision by striking “2022” and inserting “2026” shown here to reflect the probable intent of Congress. Such amendment should have also included language to restore this section into existing law.
Connectionstraces to 2
Traces to 2 documents
U.S. Code
public-private-law
Citation graph
cites case law
Cites 2Cited by 0 across 0 sources