[Senate Report 115-244]
[From the U.S. Government Publishing Office]


                                                      Calendar No. 408
                                               
115th Congress    }                            {                Report
   2d Session     }              SENATE        {               115-244
_______________________________________________________________________

                                     

                                                       

                     FITARA ENHANCEMENT ACT OF 2017

                               __________

                              R E P O R T

                                 of the

                   COMMITTEE ON HOMELAND SECURITY AND

                          GOVERNMENTAL AFFAIRS

                          UNITED STATES SENATE

                              to accompany

                                S. 1867

        TO AMEND TITLE 40, UNITED STATES CODE, TO ELIMINATE THE
          SUNSET OF CERTAIN PROVISIONS RELATING TO INFORMATION
           TECHNOLOGY, TO AMEND THE CARL LEVIN AND HOWARD P.
         ``BUCK'' MCKEON NATIONAL DEFENSE AUTHORIZATION ACT FOR
         FISCAL YEAR 2015 TO EXTEND THE SUNSET RELATING TO THE
     FEDERAL DATA CENTER CONSOLIDATION INITIATIVE, AND FOR PURPOSES







[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]






                  May 10, 2018.--Ordered to be printed
                                   ______

                         U.S. GOVERNMENT PUBLISHING OFFICE 

79-010                         WASHINGTON : 2018
                  
                  
                  
                  
                  
        COMMITTEE ON HOMELAND SECURITY AND GOVERNMENTAL AFFAIRS

                    RON JOHNSON, Wisconsin, Chairman
JOHN McCAIN, Arizona                 CLAIRE McCASKILL, Missouri
ROB PORTMAN, Ohio                    THOMAS R. CARPER, Delaware
RAND PAUL, Kentucky                  HEIDI HEITKAMP, North Dakota
JAMES LANKFORD, Oklahoma             GARY C. PETERS, Michigan
MICHAEL B. ENZI, Wyoming             MAGGIE HASSAN, New Hampshire
JOHN HOEVEN, North Dakota            KAMALA D. HARRIS, California
STEVE DAINES, Montana                DOUG JONES, Alabama

                  Christopher R. Hixon, Staff Director
                Gabrielle D'Adamo Singer, Chief Counsel
       Patrick J. Bailey, Chief Counsel for Governmental Affairs
               Margaret E. Daum, Minority Staff Director
               Stacia M. Cardille, Minority Chief Counsel
       Charles A. Moskowitz, Minority Senior Legislative Counsel
                 Katherine C. Sybenga, Minority Counsel
                     Laura W. Kilbride, Chief Clerk









                                                      Calendar No. 408
                                               
115th Congress    }                            {                Report
   2d Session     }              SENATE        {               115-244

======================================================================



 
                     FITARA ENHANCEMENT ACT OF 2017

                                _______
                                

                  May 10, 2018.--Ordered to be printed

                                _______
                                

 Mr. Johnson, from the Committee on Homeland Security and Governmental 
                    Affairs, submitted the following

                              R E P O R T

                         [To accompany S. 1867]

      [Including cost estimate of the Congressional Budget Office]

    The Committee on Homeland Security and Governmental 
Affairs, to which was referred the bill (S. 1867), to amend 
title 40, United States Code, to eliminate the sunset of 
certain provisions relating to information technology, to amend 
the Carl Levin and Howard P. ``Buck'' McKeon National Defense 
Authorization Act for Fiscal Year 2015 to extend the sunset 
relating to the Federal Data Center Consolidation Initiative, 
and for other purposes, having considered the same, reports 
favorably, thereon without amendment and recommends that the 
bill do pass.

                                CONTENTS

                                                                   Page
  I. Purpose and Summary..............................................1
 II. Background and Need for the Legislation..........................2
III. Legislative History..............................................5
 IV. Section-by-Section Analysis, as Reported.........................6
  V. Evaluation of Regulatory Impact..................................6
 VI. Congressional Budget Office Cost Estimate........................6
VII. Changes in Existing Law Made by the bill, as Reported............7

                         I. PURPOSE AND SUMMARY

    S. 1867, the FITARA Enhancement Act of 2017, extends the 
Federal Data Center Consolidation Initiative (FDCCI) from 2018 
to 2020, and makes permanent the Federal IT Dashboard and 
PortfolioStat reviews to support ongoing efforts to modernize 
Federal information technology (IT) systems. This bill requires 
agencies to continue consolidating their data centers, 
coordinating with the Office of Management and Budget (OMB) to 
review agency IT projects, and making publicly available on the 
IT Dashboard information regarding the status of agency IT 
projects in meeting OMB's optimization targets. The 
reauthorization and extension of these provisions from the 
Federal Information Technology Acquisition Reform Act 
(FITARA)\1\ will sustain management and review processes that 
increase transparency, improve risk management, and enhance the 
efficiency of Federal IT projects.
---------------------------------------------------------------------------
    \1\ The Federal Information Technology Acquisition Reform Act 
(FITARA) is the popular name used to refer to subtitle D 
(Sec. Sec. 831-837) of title VIII of division A of the Carl Levin and 
Howard P. ``Buck'' McKeon National Defense Authorization Act for Fiscal 
Year 2015, Pub. L. 113-291, Sec. Sec.  831-837, 128 Stat. 3292 (2014) 
[hereinafter FY 2015 NDAA] (see 40 U.S.C. Sec. 101 note).
---------------------------------------------------------------------------

                II. BACKGROUND AND NEED FOR LEGISLATION

Federal Information Technology Acquisition Reform Act

    This bill extends key provisions of FITARA that are set to 
expire on October 1, 2018. The Federal Government spends almost 
$100 billion annually to fund thousands of IT projects.\2\ 
Federal agencies are using over 75 percent of these funds to 
operate and maintain--rather than replace or upgrade--legacy IT 
systems that are becoming increasingly obsolete.\3\ In 
addition, efforts that have been made to upgrade legacy IT 
systems have been poorly managed, resulting in billions of 
dollars in wasteful spending. The U.S. Government 
Accountability Office (GAO) highlighted in July 2013 that 
shortcomings in agency IT project management have cost American 
taxpayers billions of dollars in ``failed and poorly performing 
IT investments.''\4\
---------------------------------------------------------------------------
    \2\ See Gov't Accountability Off., GAO-16-696T, Information 
Technology: Federal Agencies Need to Address Aging Legacy Systems 
(2016), https://www.gao.gov/assets/680/677454.pdf.
    \3\Id.
    \4\ See Gov't Accountability Off., GAO-13-796T, Information 
Technology: OMB and Agencies Need to More Effectively Implement Major 
Initiative to Save Billions of Dollars (2013), http://www.gao.gov/
assets/660/656191.pdf.
---------------------------------------------------------------------------
    Congress passed FITARA as a provision of the Carl Levin and 
Howard P. ``Buck'' McKeon National Defense Authorization Act 
for Fiscal Year 2015 in December 2014 to address these 
challenges and eliminate duplication and waste in Federal IT 
acquisition and management.\5\ FITARA empowered agency Chief 
Information Officers (CIOs) with clarified authorities and 
responsibilities for managing agency IT projects, and enabled 
Congress to oversee management and acquisition of IT systems 
across the Federal enterprise.\6\ OMB issued FITARA-required 
implementation guidance in June 2015 that directed agencies in 
establishing IT management processes, controls, and authorities 
to ensure accountability for the cost, schedule, performance, 
and security of their IT projects. Ultimately, FITARA 
facilitated the establishment of a common baseline for IT 
management roles and responsibilities along with a consistent 
framework for performance metrics to strengthen CIO 
accountability and ``align IT resources with agency missions, 
goals, programmatic priorities, and statutory 
requirements.''\7\
---------------------------------------------------------------------------
    \5\FY 2015 NDAA at 831-837, 128 Stat. 3292 (2014).
    \6\See Off. Of Mgmt. & Budget, Exec. Off. Of the President, OMB 
Memorandum M-15-14, Management and Oversight of Federal Information 
Technology (June 10, 2015), https://www.whitehouse.gov/sites/
whitehouse.gov/files/omb/memoranda/2015/m-15-14.pdf; see also FY 2015 
NDAA.
    \7\Id.
---------------------------------------------------------------------------
    Despite efforts made by agencies and OMB to implement 
FITARA provisions and improve Federal IT management, IT 
acquisitions and operations management have remained on GAO's 
High-Risk List of Federal programs in need of major reform 
since 2015. OMB and Federal agencies have been making progress 
and displaying leadership commitment to FITARA, though 
independent watchdogs have also found that OMB and Federal 
agencies must continue enhancing agencies' capacity for 
improving IT management, action plan development, monitoring, 
and demonstrated progress of implementation.\8\ OMB continues 
to revise agency guidance, update optimization targets, and 
maintain oversight through tools such as data center 
consolidation, IT Dashboard, and PortfolioStat to fully 
implement the goals of FITARA and remove the management of IT 
acquisitions and operations from GAO's High-Risk List.\9\ 
Although significant progress has been made, it is unlikely 
that these goals will be achieved prior to the expiration of 
portions of FITARA in October 2018.\10\
---------------------------------------------------------------------------
    \8\See Gov't Accountability Off., GAO-17-317, High-Risk Series: 
Progress on Many High-Risk Areas, While Substantial Efforts Needed on 
Others (2017), https://www.gao.gov/assets/690/682765.pdf.
    \9\See Off. Of Mgmt. & Budget, Exec. Off. Of the President, OMB 
Memorandum M-16-19, Data Center Optimization Initiative (DCOI) (Aug. 1, 
2016), https://obamawhitehouse.archives.gov/sites/default/files/omb/
memoranda/2016/m-16-19-1.pdf.
    \10\See Gov't Accountability Off., GAO-17-686T, Information 
Technology: Sustained Management Attention to the Implementation of 
FITARA is Needed to Better Manage Acquisitions and Operations (2017), 
https://www.gao.gov/assets/690/685231.pdf; see also GAO-17-317, supra 
note 8.
---------------------------------------------------------------------------
    This bill extends the FITARA provisions on data center 
consolidation by two years and permanently codifies the IT 
Dashboard and PortfolioStat reviews. Congress initially 
established these sunset provisions to allow for Congress to 
determine the effectiveness of FITARA requirements. The 
Committee has found that these optimization, review, and 
transparency mechanisms drive more responsible governance of 
the Federal IT enterprise, and is encouraged that agencies have 
reported billions of dollars in cost savings from these 
initiatives.\11\ This bill's reauthorization of the data center 
consolidation, IT Dashboard, and PortfolioStat provisions will 
continue to drive better agency IT acquisition management and 
cross-government efficiencies into the future.
---------------------------------------------------------------------------
    \11\See Off. Of Mgmt. & Budget, Exec. Off. of the President, IT 
Dashboard: Cost Savings, https://itdashboard.gov/drupal/cost-savings 
(last visited Apr. 12, 2018).
---------------------------------------------------------------------------

Data center consolidation

    OMB reported to GAO that server utilization rates across 
the Federal Government's estimated 150,000 servers were as low 
as five percent in 2009.\12\ This presented an opportunity to 
optimize data center energy, facility, labor, and storage costs 
through consolidation. Under OMB's leadership, the FDCCI began 
in 2010 with the goal of closing 40 percent of agency-
identified, noncore data centers through consolidation to save 
or avoid between three and five billion dollars in hardware, 
software, energy, and real estate costs. Additionally, the 
shift to modern computing platforms and technologies would 
increase the overall IT security posture of the Government.\13\
---------------------------------------------------------------------------
    \12\See Gov't Accountability Off., GAO-17-448, Data Center 
Optimization: Agencies Need to Address Challenges and Improve Progress 
to Achieve Cost Savings Goal (2017), http://www.gao.gov/assets/690/
686574.pdf.
    \13\See Off. Of Mgmt. & Budget, Exec. Off. Of the President, OMB 
Memorandum, Federal Data Center Consolidation Initiative (Feb. 26, 
2010), https://obamawhitehouse.archives.gov/sites/default/files/omb/
assets/egov_docs/federal_data_center_consolidation_initiative_02-26-
2010.pdf.
---------------------------------------------------------------------------
    On August 1, 2016, OMB established the Data Center 
Optimization Initiative (DCOI) to supersede the FDCCI, 
emphasizing the optimization of Federal data centers, such as 
through cost savings, greater efficiencies, and improved 
security, rather than a single focus on consolidation. DCOI 
continues to implement the data center requirements set forth 
in FITARA by requiring agencies to develop and report on their 
data center strategies; transition to more efficient 
infrastructure, such as cloud services and inter-agency shared 
services; leverage technology advancements to optimize 
infrastructure; and provide quality services for the public 
good.\14\
---------------------------------------------------------------------------
    \14\Off. Of Mgmt. & Budget, Exec. Off. Of the President, M-16-19, 
supra note 9.
---------------------------------------------------------------------------
    GAO reported in June 2017 that agencies had closed 4,388 of 
the 9,995 total Federal data centers. Agencies plan to close a 
total of 5,597 through fiscal year (FY) 2019, which extends 
beyond the expiration of FITARA provisions in October 2018.\15\ 
Congress agrees with GAO that more time is needed for agencies 
to ``achieve planned IT portfolio and data center consolidation 
savings'' and ultimately better manage almost $100 billion in 
annual IT spending.\16\
---------------------------------------------------------------------------
    \15\GAO-17-686T, supra note 10.
    \16\GAO-17-317, supra note 8.
---------------------------------------------------------------------------
    This bill extends the sunset of the data center 
consolidation and optimization efforts statutory mandate to 
October 2020 to continue to drive agency progress in full 
implementation of data center consolidation plans and reduce 
duplication and waste across the Federal Government. The 
Committee will continue oversight of agencies and OMB through 
the extended sunset period to ensure maximum realization of 
efficiencies and improved security from the consolidation 
efforts.

IT Dashboard

    OMB maintains the IT Dashboard on a publicly-accessible 
website to publish historical data on the goals, costs, 
schedules, and risks associated with major IT projects. Agency 
CIOs self-report quantitative and qualitative risk assessment 
narratives based on cost and schedule variance for IT projects, 
along with development, maintenance, and services spending 
costs at each major project milestone, for inclusion on the IT 
Dashboard.\17\
---------------------------------------------------------------------------
    \17\See Off. Of Mgmt. & Budget, Exec. Off. of the President, IT 
Dashboard, https://itdashboard.gov (last visited Apr. 12, 2018).
---------------------------------------------------------------------------
    Centralizing common performance metrics supports the 
oversight efforts of the Committee and provides transparency to 
the public. However, the ratings and reporting of metrics must 
improve. Since 2012, GAO has regularly made recommendations on 
improving the consistency and regularity of the ratings across 
the agencies as well as the need for improved consistency of 
metrics reporting, such as in cost savings and functionality 
delivery rates, across the agencies. In many instances, the 
CIO-reported ratings were more optimistic in reporting risk for 
their IT spending compared to the risk assessment conducted by 
GAO.\18\ Key agency stakeholders and OMB may face serious 
challenges in making decisions on agency IT spending if the IT 
Dashboard information is inaccurate or outdated.\19\
---------------------------------------------------------------------------
    \18\See Gov't Accountability Off., GAO-16-494, IT Dashboard: 
Agencies Need to Fully Consider Risks When Rating Their Major 
Investments (2016), http://www.gao.gov/assets/680/677624.pdf; see also 
GAO-17-686T, supra note 10.
    \19\GAO-17-686T, supra note 10.
---------------------------------------------------------------------------
    This bill would permanently authorize the IT Dashboard and 
supporting activities. Continued oversight is required to 
improve the accuracy of the CIO risk assessments and use the 
ratings with the cost and schedule variances to improve the 
success of IT projects.

PortfolioStat

    An agency's IT portfolio consists of information on the 
agency's IT inventory, projects, and capabilities, as well as 
assessments of such considerations as commodity IT projects, 
potential areas of duplication across the agency enterprise, 
and alignment of IT projects to the agency's business 
functions.\20\ PortfolioStat is a data-driven effort overseen 
by OMB for agencies to examine their IT portfolios annually to 
identify common areas of spending with the goal of decreasing 
duplication and driving down costs.\21\
---------------------------------------------------------------------------
    \20\See Chief Info. Officer Council, Portfolio Stat, CIO.gov, 
https://www.cio.gov/fed-it-topics/sustainability-transparency/
portfoliostat/ (last visited Apr.12, 2018).
    \21\See Off. Of Mgmt. & Budget, Exec. Off. Of the President, OMB 
Memorandum M-12-10, Implementing PortfolioStat (Mar. 30, 2012), https:/
/obamawhitehouse.archives.gov/sites/default/files/omb/memoranda/2012/m-
12-10_1.pdf.
---------------------------------------------------------------------------
    According to OMB, agencies identified more than $2.5 
billion in potential savings for FY 2013 through FY 2015 in 
PortfolioStat reviews.\22\ Since 2012, agencies have reported 
over $750 million in savings and cost avoidance due to 
consolidation and renegotiation directly resulting from the 
PortfolioStat process. These face-to-face, evidence-based 
project reviews uncovered the need to further empower agency 
CIOs, strengthen IT portfolio governance, and continue 
advancements in service delivery that have been codified in 
FITARA.\23\
---------------------------------------------------------------------------
    \22\See Steven Vanroekel, PortfoliloStat 2.0: Driving Better 
Management and Efficiency in Federal IT, White House Blog (Mar. 27, 
2013), https://obamawhitehouse.archives.gov/blog/2013/03/27/
portfoliostat-20-driving-better-management-and-efficiency-federal-it.
    \23\See Off. Of Mgmt. & Budget, Exec. Off. Of the President, OMB 
Memorandum M-13-09, Fiscal Year 2013 PortfolioStat Guidance: 
Strengthening Federal IT Portfolio Management (Mar. 27, 2013), https://
obamawhitehouse.archives.gov/sites/default/files/omb/memoranda/2013/m-
13-09.pdf.
---------------------------------------------------------------------------
    Though the PortfolioStat process has improved oversight and 
governance of agency IT enterprise management, its full 
potential for driving efficiencies has not yet been fully 
realized. In February 2017, GAO highlighted that only $1.4 
billion in savings, 24 percent of the originally-planned $6 
billion, had resulted from the PortfolioStat initiative for FY 
2012 through FY 2015.\24\ By permanently extending the IT 
portfolio review provision of FITARA, agencies will continue to 
work with OMB in reviewing and holding accountable their IT 
projects to identify opportunities for modernization, 
optimization, and efficiencies. The Committee will continue 
oversight of the Federal agencies as they work to mature their 
visibility and reviews of their IT enterprise.
---------------------------------------------------------------------------
    \24\GAO-17-317, supra note 8.
---------------------------------------------------------------------------

                        III. LEGISLATIVE HISTORY

    S. 1867 was introduced by Senator Steve Daines (R-MT) on 
September 26, 2017. The bill was referred to the Senate 
Committee on Homeland Security and Governmental Affairs. The 
Committee considered S. 1867 at a business meeting on October 
4, 2017. The Committee favorably reported the bill by voice 
vote en bloc. Senators present for the vote were Johnson, 
Lankford, Daines, McCaskill, Tester, Heitkamp, Hassan, and 
Harris.
    The legislation was included as subtitle D (831 09837) of 
title VIII of division A of the FY 2015 NDAA, and enacted into 
law on December 12, 2017 as Public Law Number 113-291, 831-837, 
128 Stat. 3292 (2014) (see 40 U.S.C. 101 note).

        IV. SECTION-BY-SECTION ANALYSIS OF THE BILL, AS REPORTED

Section 1. Short title

    This section provides the bill's short title as the 
``FITARA Enhancement Act of 2017''.

Section 2. Elimination of sunset relating to transparency and risk 
        management of major information technology investments

    This section eliminates the sunset provision originally 
established in section 11302(c) of title 40, United States 
Code, relating to risk management and transparency of major 
information technology projects.

Section 3. Elimination of sunset relating to information technology 
        portfolio, program, and resource reviews

    This section eliminates the sunset provision established in 
section 11319 of title 40, United States Code, relating to 
information technology portfolio, program, and resource 
reviews.

Section 4. Extension of sunset relating to federal data center 
        consolidation initiative

    This section extends the sunset relating to the FDCCI from 
2018 to 2020, as established in section 834 of FITARA within 
the National Defense Authorization Act of 2015.

                   V. EVALUATION OF REGULATORY IMPACT

    Pursuant to the requirements of paragraph 11(b) of rule 
XXVI of the Standing Rules of the Senate, the Committee has 
considered the regulatory impact of this bill and determined 
that the bill will have no regulatory impact within the meaning 
of the rules. The Committee agrees with the Congressional 
Budget Office's statement that the bill contains no 
intergovernmental or private-sector mandates as defined in the 
Unfunded Mandates Reform Act and would impose no costs on 
state, local, or tribal governments.

             VI. CONGRESSIONAL BUDGET OFFICE COST ESTIMATE

                                                  October 18, 2017.
Hon. Ron Johnson,
Chairman, Committee on Homeland Security and Governmental Affairs, U.S. 
        Senate, Washington, DC.
    Dear Mr. Chairman: The Congressional Budget Office has 
prepared the enclosed cost estimate for S. 1867, the FITARA 
Enhancement Act of 2017.
    If you wish further details on this estimate, we will be 
pleased to provide them. The CBO staff contact is Matthew 
Pickford.
            Sincerely,
                                                        Keith Hall.
    Enclosure.

S. 1867--FITARA Enhancement Act of 2017

    S. 1867 would amend the Federal Information Technology 
Acquisition Reform Act (FITARA) to permanently extend some 
expiring provisions. FITARA was enacted as part of the National 
Defense Authorization Act for Fiscal Year 2015 and concerns how 
the U.S. government buys and manages computer technology. 
Specifically, the bill would extend the Federal Data Center 
Consolidation Initiative (FDCCI), PortfolioStat reviews, and 
the information technology (IT) dashboard.
    The FDCCI aims to reduce costs and save energy, 
PortfolioStat reviews are face-to-face meeting between each 
agency's IT officers and the Office of Management and Budget 
(OMB), and the IT dashboard provides online details of federal 
information technology spending. Information from OMB suggests 
that implementing those efforts costs a few million dollars 
annually for agencies to produce the necessary information; 
however, OMB expects that much of this work would continue 
regardless of the expiring authority to conduct them. Thus, CBO 
estimates there would be no significant additional cost or 
savings to continue those efforts under S. 1867.
    Enacting the bill could affect direct spending by agencies 
not funded through annual appropriations; therefore, pay-as-
you-go procedures apply. CBO estimates, however, that any net 
increase in spending by those agencies would not be 
significant. Enacting S. 1867 would not affect revenues.
    CBO estimates that enacting S. 1867 would not increase 
direct spending or on-budget deficits in any of the four 
consecutive 10-year periods beginning in 2028.
    S. 1867 contains no intergovernmental or private-sector 
mandates as defined in the Unfunded Mandates Reform.
    On September 29, 2017, CBO transmitted a cost estimate for 
H.R. 3243, the FITARA Enhancement Act of 2017, as ordered 
reported by the House Committee on Oversight and Government 
Reform on July 19, 2017. The two pieces of legislation are 
similar, and CBO's estimates of the budgetary effects are the 
same.
    The CBO staff contacts for this estimate is Matthew 
Pickford. The estimate was approved by H. Samuel Papenfuss, 
Deputy Assistant Director for Budget Analysis.

       VII. CHANGES IN EXISTING LAW MADE BY THE BILL, AS REPORTED

    The provisions of this bill were included as subtitle D 
(831 09837) of title VIII of division A of the FY 2015 NDAA and 
enacted into law on December 12, 2017, as Public Law Number 
113-291, 831-837, 128 Stat. 3292 (2014). The provisions were 
codified in Title 40 of the United States Code in section 101 
note.
    Accordingly, this legislation would not make changes in 
existing law within the meaning of clauses (a) and (b) of 
paragraph 12 of rule XXVI of the Standing Rules of the Senate.

                            [all]