[Senate Report 115-244] [From the U.S. Government Publishing Office] Calendar No. 408 115th Congress } { Report 2d Session } SENATE { 115-244 _______________________________________________________________________ FITARA ENHANCEMENT ACT OF 2017 __________ R E P O R T of the COMMITTEE ON HOMELAND SECURITY AND GOVERNMENTAL AFFAIRS UNITED STATES SENATE to accompany S. 1867 TO AMEND TITLE 40, UNITED STATES CODE, TO ELIMINATE THE SUNSET OF CERTAIN PROVISIONS RELATING TO INFORMATION TECHNOLOGY, TO AMEND THE CARL LEVIN AND HOWARD P. ``BUCK'' MCKEON NATIONAL DEFENSE AUTHORIZATION ACT FOR FISCAL YEAR 2015 TO EXTEND THE SUNSET RELATING TO THE FEDERAL DATA CENTER CONSOLIDATION INITIATIVE, AND FOR PURPOSES [GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT] May 10, 2018.--Ordered to be printed ______ U.S. GOVERNMENT PUBLISHING OFFICE 79-010 WASHINGTON : 2018 COMMITTEE ON HOMELAND SECURITY AND GOVERNMENTAL AFFAIRS RON JOHNSON, Wisconsin, Chairman JOHN McCAIN, Arizona CLAIRE McCASKILL, Missouri ROB PORTMAN, Ohio THOMAS R. CARPER, Delaware RAND PAUL, Kentucky HEIDI HEITKAMP, North Dakota JAMES LANKFORD, Oklahoma GARY C. PETERS, Michigan MICHAEL B. ENZI, Wyoming MAGGIE HASSAN, New Hampshire JOHN HOEVEN, North Dakota KAMALA D. HARRIS, California STEVE DAINES, Montana DOUG JONES, Alabama Christopher R. Hixon, Staff Director Gabrielle D'Adamo Singer, Chief Counsel Patrick J. Bailey, Chief Counsel for Governmental Affairs Margaret E. Daum, Minority Staff Director Stacia M. Cardille, Minority Chief Counsel Charles A. Moskowitz, Minority Senior Legislative Counsel Katherine C. Sybenga, Minority Counsel Laura W. Kilbride, Chief Clerk Calendar No. 408 115th Congress } { Report 2d Session } SENATE { 115-244 ====================================================================== FITARA ENHANCEMENT ACT OF 2017 _______ May 10, 2018.--Ordered to be printed _______ Mr. Johnson, from the Committee on Homeland Security and Governmental Affairs, submitted the following R E P O R T [To accompany S. 1867] [Including cost estimate of the Congressional Budget Office] The Committee on Homeland Security and Governmental Affairs, to which was referred the bill (S. 1867), to amend title 40, United States Code, to eliminate the sunset of certain provisions relating to information technology, to amend the Carl Levin and Howard P. ``Buck'' McKeon National Defense Authorization Act for Fiscal Year 2015 to extend the sunset relating to the Federal Data Center Consolidation Initiative, and for other purposes, having considered the same, reports favorably, thereon without amendment and recommends that the bill do pass. CONTENTS Page I. Purpose and Summary..............................................1 II. Background and Need for the Legislation..........................2 III. Legislative History..............................................5 IV. Section-by-Section Analysis, as Reported.........................6 V. Evaluation of Regulatory Impact..................................6 VI. Congressional Budget Office Cost Estimate........................6 VII. Changes in Existing Law Made by the bill, as Reported............7 I. PURPOSE AND SUMMARY S. 1867, the FITARA Enhancement Act of 2017, extends the Federal Data Center Consolidation Initiative (FDCCI) from 2018 to 2020, and makes permanent the Federal IT Dashboard and PortfolioStat reviews to support ongoing efforts to modernize Federal information technology (IT) systems. This bill requires agencies to continue consolidating their data centers, coordinating with the Office of Management and Budget (OMB) to review agency IT projects, and making publicly available on the IT Dashboard information regarding the status of agency IT projects in meeting OMB's optimization targets. The reauthorization and extension of these provisions from the Federal Information Technology Acquisition Reform Act (FITARA)\1\ will sustain management and review processes that increase transparency, improve risk management, and enhance the efficiency of Federal IT projects. --------------------------------------------------------------------------- \1\ The Federal Information Technology Acquisition Reform Act (FITARA) is the popular name used to refer to subtitle D (Sec. Sec. 831-837) of title VIII of division A of the Carl Levin and Howard P. ``Buck'' McKeon National Defense Authorization Act for Fiscal Year 2015, Pub. L. 113-291, Sec. Sec. 831-837, 128 Stat. 3292 (2014) [hereinafter FY 2015 NDAA] (see 40 U.S.C. Sec. 101 note). --------------------------------------------------------------------------- II. BACKGROUND AND NEED FOR LEGISLATION Federal Information Technology Acquisition Reform Act This bill extends key provisions of FITARA that are set to expire on October 1, 2018. The Federal Government spends almost $100 billion annually to fund thousands of IT projects.\2\ Federal agencies are using over 75 percent of these funds to operate and maintain--rather than replace or upgrade--legacy IT systems that are becoming increasingly obsolete.\3\ In addition, efforts that have been made to upgrade legacy IT systems have been poorly managed, resulting in billions of dollars in wasteful spending. The U.S. Government Accountability Office (GAO) highlighted in July 2013 that shortcomings in agency IT project management have cost American taxpayers billions of dollars in ``failed and poorly performing IT investments.''\4\ --------------------------------------------------------------------------- \2\ See Gov't Accountability Off., GAO-16-696T, Information Technology: Federal Agencies Need to Address Aging Legacy Systems (2016), https://www.gao.gov/assets/680/677454.pdf. \3\Id. \4\ See Gov't Accountability Off., GAO-13-796T, Information Technology: OMB and Agencies Need to More Effectively Implement Major Initiative to Save Billions of Dollars (2013), http://www.gao.gov/ assets/660/656191.pdf. --------------------------------------------------------------------------- Congress passed FITARA as a provision of the Carl Levin and Howard P. ``Buck'' McKeon National Defense Authorization Act for Fiscal Year 2015 in December 2014 to address these challenges and eliminate duplication and waste in Federal IT acquisition and management.\5\ FITARA empowered agency Chief Information Officers (CIOs) with clarified authorities and responsibilities for managing agency IT projects, and enabled Congress to oversee management and acquisition of IT systems across the Federal enterprise.\6\ OMB issued FITARA-required implementation guidance in June 2015 that directed agencies in establishing IT management processes, controls, and authorities to ensure accountability for the cost, schedule, performance, and security of their IT projects. Ultimately, FITARA facilitated the establishment of a common baseline for IT management roles and responsibilities along with a consistent framework for performance metrics to strengthen CIO accountability and ``align IT resources with agency missions, goals, programmatic priorities, and statutory requirements.''\7\ --------------------------------------------------------------------------- \5\FY 2015 NDAA at 831-837, 128 Stat. 3292 (2014). \6\See Off. Of Mgmt. & Budget, Exec. Off. Of the President, OMB Memorandum M-15-14, Management and Oversight of Federal Information Technology (June 10, 2015), https://www.whitehouse.gov/sites/ whitehouse.gov/files/omb/memoranda/2015/m-15-14.pdf; see also FY 2015 NDAA. \7\Id. --------------------------------------------------------------------------- Despite efforts made by agencies and OMB to implement FITARA provisions and improve Federal IT management, IT acquisitions and operations management have remained on GAO's High-Risk List of Federal programs in need of major reform since 2015. OMB and Federal agencies have been making progress and displaying leadership commitment to FITARA, though independent watchdogs have also found that OMB and Federal agencies must continue enhancing agencies' capacity for improving IT management, action plan development, monitoring, and demonstrated progress of implementation.\8\ OMB continues to revise agency guidance, update optimization targets, and maintain oversight through tools such as data center consolidation, IT Dashboard, and PortfolioStat to fully implement the goals of FITARA and remove the management of IT acquisitions and operations from GAO's High-Risk List.\9\ Although significant progress has been made, it is unlikely that these goals will be achieved prior to the expiration of portions of FITARA in October 2018.\10\ --------------------------------------------------------------------------- \8\See Gov't Accountability Off., GAO-17-317, High-Risk Series: Progress on Many High-Risk Areas, While Substantial Efforts Needed on Others (2017), https://www.gao.gov/assets/690/682765.pdf. \9\See Off. Of Mgmt. & Budget, Exec. Off. Of the President, OMB Memorandum M-16-19, Data Center Optimization Initiative (DCOI) (Aug. 1, 2016), https://obamawhitehouse.archives.gov/sites/default/files/omb/ memoranda/2016/m-16-19-1.pdf. \10\See Gov't Accountability Off., GAO-17-686T, Information Technology: Sustained Management Attention to the Implementation of FITARA is Needed to Better Manage Acquisitions and Operations (2017), https://www.gao.gov/assets/690/685231.pdf; see also GAO-17-317, supra note 8. --------------------------------------------------------------------------- This bill extends the FITARA provisions on data center consolidation by two years and permanently codifies the IT Dashboard and PortfolioStat reviews. Congress initially established these sunset provisions to allow for Congress to determine the effectiveness of FITARA requirements. The Committee has found that these optimization, review, and transparency mechanisms drive more responsible governance of the Federal IT enterprise, and is encouraged that agencies have reported billions of dollars in cost savings from these initiatives.\11\ This bill's reauthorization of the data center consolidation, IT Dashboard, and PortfolioStat provisions will continue to drive better agency IT acquisition management and cross-government efficiencies into the future. --------------------------------------------------------------------------- \11\See Off. Of Mgmt. & Budget, Exec. Off. of the President, IT Dashboard: Cost Savings, https://itdashboard.gov/drupal/cost-savings (last visited Apr. 12, 2018). --------------------------------------------------------------------------- Data center consolidation OMB reported to GAO that server utilization rates across the Federal Government's estimated 150,000 servers were as low as five percent in 2009.\12\ This presented an opportunity to optimize data center energy, facility, labor, and storage costs through consolidation. Under OMB's leadership, the FDCCI began in 2010 with the goal of closing 40 percent of agency- identified, noncore data centers through consolidation to save or avoid between three and five billion dollars in hardware, software, energy, and real estate costs. Additionally, the shift to modern computing platforms and technologies would increase the overall IT security posture of the Government.\13\ --------------------------------------------------------------------------- \12\See Gov't Accountability Off., GAO-17-448, Data Center Optimization: Agencies Need to Address Challenges and Improve Progress to Achieve Cost Savings Goal (2017), http://www.gao.gov/assets/690/ 686574.pdf. \13\See Off. Of Mgmt. & Budget, Exec. Off. Of the President, OMB Memorandum, Federal Data Center Consolidation Initiative (Feb. 26, 2010), https://obamawhitehouse.archives.gov/sites/default/files/omb/ assets/egov_docs/federal_data_center_consolidation_initiative_02-26- 2010.pdf. --------------------------------------------------------------------------- On August 1, 2016, OMB established the Data Center Optimization Initiative (DCOI) to supersede the FDCCI, emphasizing the optimization of Federal data centers, such as through cost savings, greater efficiencies, and improved security, rather than a single focus on consolidation. DCOI continues to implement the data center requirements set forth in FITARA by requiring agencies to develop and report on their data center strategies; transition to more efficient infrastructure, such as cloud services and inter-agency shared services; leverage technology advancements to optimize infrastructure; and provide quality services for the public good.\14\ --------------------------------------------------------------------------- \14\Off. Of Mgmt. & Budget, Exec. Off. Of the President, M-16-19, supra note 9. --------------------------------------------------------------------------- GAO reported in June 2017 that agencies had closed 4,388 of the 9,995 total Federal data centers. Agencies plan to close a total of 5,597 through fiscal year (FY) 2019, which extends beyond the expiration of FITARA provisions in October 2018.\15\ Congress agrees with GAO that more time is needed for agencies to ``achieve planned IT portfolio and data center consolidation savings'' and ultimately better manage almost $100 billion in annual IT spending.\16\ --------------------------------------------------------------------------- \15\GAO-17-686T, supra note 10. \16\GAO-17-317, supra note 8. --------------------------------------------------------------------------- This bill extends the sunset of the data center consolidation and optimization efforts statutory mandate to October 2020 to continue to drive agency progress in full implementation of data center consolidation plans and reduce duplication and waste across the Federal Government. The Committee will continue oversight of agencies and OMB through the extended sunset period to ensure maximum realization of efficiencies and improved security from the consolidation efforts. IT Dashboard OMB maintains the IT Dashboard on a publicly-accessible website to publish historical data on the goals, costs, schedules, and risks associated with major IT projects. Agency CIOs self-report quantitative and qualitative risk assessment narratives based on cost and schedule variance for IT projects, along with development, maintenance, and services spending costs at each major project milestone, for inclusion on the IT Dashboard.\17\ --------------------------------------------------------------------------- \17\See Off. Of Mgmt. & Budget, Exec. Off. of the President, IT Dashboard, https://itdashboard.gov (last visited Apr. 12, 2018). --------------------------------------------------------------------------- Centralizing common performance metrics supports the oversight efforts of the Committee and provides transparency to the public. However, the ratings and reporting of metrics must improve. Since 2012, GAO has regularly made recommendations on improving the consistency and regularity of the ratings across the agencies as well as the need for improved consistency of metrics reporting, such as in cost savings and functionality delivery rates, across the agencies. In many instances, the CIO-reported ratings were more optimistic in reporting risk for their IT spending compared to the risk assessment conducted by GAO.\18\ Key agency stakeholders and OMB may face serious challenges in making decisions on agency IT spending if the IT Dashboard information is inaccurate or outdated.\19\ --------------------------------------------------------------------------- \18\See Gov't Accountability Off., GAO-16-494, IT Dashboard: Agencies Need to Fully Consider Risks When Rating Their Major Investments (2016), http://www.gao.gov/assets/680/677624.pdf; see also GAO-17-686T, supra note 10. \19\GAO-17-686T, supra note 10. --------------------------------------------------------------------------- This bill would permanently authorize the IT Dashboard and supporting activities. Continued oversight is required to improve the accuracy of the CIO risk assessments and use the ratings with the cost and schedule variances to improve the success of IT projects. PortfolioStat An agency's IT portfolio consists of information on the agency's IT inventory, projects, and capabilities, as well as assessments of such considerations as commodity IT projects, potential areas of duplication across the agency enterprise, and alignment of IT projects to the agency's business functions.\20\ PortfolioStat is a data-driven effort overseen by OMB for agencies to examine their IT portfolios annually to identify common areas of spending with the goal of decreasing duplication and driving down costs.\21\ --------------------------------------------------------------------------- \20\See Chief Info. Officer Council, Portfolio Stat, CIO.gov, https://www.cio.gov/fed-it-topics/sustainability-transparency/ portfoliostat/ (last visited Apr.12, 2018). \21\See Off. Of Mgmt. & Budget, Exec. Off. Of the President, OMB Memorandum M-12-10, Implementing PortfolioStat (Mar. 30, 2012), https:/ /obamawhitehouse.archives.gov/sites/default/files/omb/memoranda/2012/m- 12-10_1.pdf. --------------------------------------------------------------------------- According to OMB, agencies identified more than $2.5 billion in potential savings for FY 2013 through FY 2015 in PortfolioStat reviews.\22\ Since 2012, agencies have reported over $750 million in savings and cost avoidance due to consolidation and renegotiation directly resulting from the PortfolioStat process. These face-to-face, evidence-based project reviews uncovered the need to further empower agency CIOs, strengthen IT portfolio governance, and continue advancements in service delivery that have been codified in FITARA.\23\ --------------------------------------------------------------------------- \22\See Steven Vanroekel, PortfoliloStat 2.0: Driving Better Management and Efficiency in Federal IT, White House Blog (Mar. 27, 2013), https://obamawhitehouse.archives.gov/blog/2013/03/27/ portfoliostat-20-driving-better-management-and-efficiency-federal-it. \23\See Off. Of Mgmt. & Budget, Exec. Off. Of the President, OMB Memorandum M-13-09, Fiscal Year 2013 PortfolioStat Guidance: Strengthening Federal IT Portfolio Management (Mar. 27, 2013), https:// obamawhitehouse.archives.gov/sites/default/files/omb/memoranda/2013/m- 13-09.pdf. --------------------------------------------------------------------------- Though the PortfolioStat process has improved oversight and governance of agency IT enterprise management, its full potential for driving efficiencies has not yet been fully realized. In February 2017, GAO highlighted that only $1.4 billion in savings, 24 percent of the originally-planned $6 billion, had resulted from the PortfolioStat initiative for FY 2012 through FY 2015.\24\ By permanently extending the IT portfolio review provision of FITARA, agencies will continue to work with OMB in reviewing and holding accountable their IT projects to identify opportunities for modernization, optimization, and efficiencies. The Committee will continue oversight of the Federal agencies as they work to mature their visibility and reviews of their IT enterprise. --------------------------------------------------------------------------- \24\GAO-17-317, supra note 8. --------------------------------------------------------------------------- III. LEGISLATIVE HISTORY S. 1867 was introduced by Senator Steve Daines (R-MT) on September 26, 2017. The bill was referred to the Senate Committee on Homeland Security and Governmental Affairs. The Committee considered S. 1867 at a business meeting on October 4, 2017. The Committee favorably reported the bill by voice vote en bloc. Senators present for the vote were Johnson, Lankford, Daines, McCaskill, Tester, Heitkamp, Hassan, and Harris. The legislation was included as subtitle D (831 09837) of title VIII of division A of the FY 2015 NDAA, and enacted into law on December 12, 2017 as Public Law Number 113-291, 831-837, 128 Stat. 3292 (2014) (see 40 U.S.C. 101 note). IV. SECTION-BY-SECTION ANALYSIS OF THE BILL, AS REPORTED Section 1. Short title This section provides the bill's short title as the ``FITARA Enhancement Act of 2017''. Section 2. Elimination of sunset relating to transparency and risk management of major information technology investments This section eliminates the sunset provision originally established in section 11302(c) of title 40, United States Code, relating to risk management and transparency of major information technology projects. Section 3. Elimination of sunset relating to information technology portfolio, program, and resource reviews This section eliminates the sunset provision established in section 11319 of title 40, United States Code, relating to information technology portfolio, program, and resource reviews. Section 4. Extension of sunset relating to federal data center consolidation initiative This section extends the sunset relating to the FDCCI from 2018 to 2020, as established in section 834 of FITARA within the National Defense Authorization Act of 2015. V. EVALUATION OF REGULATORY IMPACT Pursuant to the requirements of paragraph 11(b) of rule XXVI of the Standing Rules of the Senate, the Committee has considered the regulatory impact of this bill and determined that the bill will have no regulatory impact within the meaning of the rules. The Committee agrees with the Congressional Budget Office's statement that the bill contains no intergovernmental or private-sector mandates as defined in the Unfunded Mandates Reform Act and would impose no costs on state, local, or tribal governments. VI. CONGRESSIONAL BUDGET OFFICE COST ESTIMATE October 18, 2017. Hon. Ron Johnson, Chairman, Committee on Homeland Security and Governmental Affairs, U.S. Senate, Washington, DC. Dear Mr. Chairman: The Congressional Budget Office has prepared the enclosed cost estimate for S. 1867, the FITARA Enhancement Act of 2017. If you wish further details on this estimate, we will be pleased to provide them. The CBO staff contact is Matthew Pickford. Sincerely, Keith Hall. Enclosure. S. 1867--FITARA Enhancement Act of 2017 S. 1867 would amend the Federal Information Technology Acquisition Reform Act (FITARA) to permanently extend some expiring provisions. FITARA was enacted as part of the National Defense Authorization Act for Fiscal Year 2015 and concerns how the U.S. government buys and manages computer technology. Specifically, the bill would extend the Federal Data Center Consolidation Initiative (FDCCI), PortfolioStat reviews, and the information technology (IT) dashboard. The FDCCI aims to reduce costs and save energy, PortfolioStat reviews are face-to-face meeting between each agency's IT officers and the Office of Management and Budget (OMB), and the IT dashboard provides online details of federal information technology spending. Information from OMB suggests that implementing those efforts costs a few million dollars annually for agencies to produce the necessary information; however, OMB expects that much of this work would continue regardless of the expiring authority to conduct them. Thus, CBO estimates there would be no significant additional cost or savings to continue those efforts under S. 1867. Enacting the bill could affect direct spending by agencies not funded through annual appropriations; therefore, pay-as- you-go procedures apply. CBO estimates, however, that any net increase in spending by those agencies would not be significant. Enacting S. 1867 would not affect revenues. CBO estimates that enacting S. 1867 would not increase direct spending or on-budget deficits in any of the four consecutive 10-year periods beginning in 2028. S. 1867 contains no intergovernmental or private-sector mandates as defined in the Unfunded Mandates Reform. On September 29, 2017, CBO transmitted a cost estimate for H.R. 3243, the FITARA Enhancement Act of 2017, as ordered reported by the House Committee on Oversight and Government Reform on July 19, 2017. The two pieces of legislation are similar, and CBO's estimates of the budgetary effects are the same. The CBO staff contacts for this estimate is Matthew Pickford. The estimate was approved by H. Samuel Papenfuss, Deputy Assistant Director for Budget Analysis. VII. CHANGES IN EXISTING LAW MADE BY THE BILL, AS REPORTED The provisions of this bill were included as subtitle D (831 09837) of title VIII of division A of the FY 2015 NDAA and enacted into law on December 12, 2017, as Public Law Number 113-291, 831-837, 128 Stat. 3292 (2014). The provisions were codified in Title 40 of the United States Code in section 101 note. Accordingly, this legislation would not make changes in existing law within the meaning of clauses (a) and (b) of paragraph 12 of rule XXVI of the Standing Rules of the Senate. [all]