[Senate Report 113-274]
[From the U.S. Government Publishing Office]


113th Congress }                                           {   Report
  2d Session   }                SENATE                     {  113-274
_____________________________________________________________________

                                                        Calendar No. 599
 
             TRANSPORTATION SECURITY ACQUISITION REFORM ACT

                               __________

                              R E P O R T

                                 of the

           COMMITTEE ON COMMERCE, SCIENCE, AND TRANSPORTATION

                                   on

                                S. 1893

                    [GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]


               November 17, 2014.--Ordered to be printed

                                 ----------

                         U.S. GOVERNMENT PRINTING OFFICE

49-010 PDF                       WASHINGTON : 2014


       SENATE COMMITTEE ON COMMERCE, SCIENCE, AND TRANSPORTATION
                    one hundred thirteenth congress
                             second session

             JOHN D. ROCKEFELLER IV, West Virginia, Chairman
 BARBARA BOXER, California            JOHN THUNE, South Dakota
 BILL NELSON, Florida                 ROGER F. WICKER, Mississippi
 MARIA CANTWELL, Washington           ROY BLUNT, Missouri
 MARK PRYOR, Arkansas                 MARCO RUBIO, Florida
 CLAIRE McCASKILL, Missouri           KELLY AYOTTE, New Hampshire
 AMY KLOBUCHAR , Minnesota            DEAN HELLER, Nevada
 MARK BEGICH, Alaska                  DANIEL COATS, Indiana
 RICHARD BLUMENTHAL, Connecticut      TIM SCOTT, South Carolina
 BRIAN SCHATZ, Hawaii                 TED CRUZ, Texas
 ED MARKEY, Massachusetts             DEB FISCHER, Nebraska
 CORY BOOKER, New Jersey              RON JOHNSON, Wisconsin
 JOHN WALSH, Montana
                     Ellen Doneski, Staff Director
                     John Williams, General Counsel
              David Schwietert, Republican Staff Director
              Nick Rossi, Republican Deputy Staff Director
               Rebecca Seidel, Republican General Counsel



                                                       Calendar No. 599

113th Congress  }                                           {  Report
  2d Session    }                 SENATE                    { 113-274

=====================================================================


             TRANSPORTATION SECURITY ACQUISITION REFORM ACT

                                _______


               November 17, 2014.--Ordered to be printed

                                _______


     Mr. Rockefeller, from the Committee on Commerce, Science, and
                Transportation, submitted the following

                              R E P O R T

                         [To accompany S. 1893]

    The Committee on Commerce, Science, and Transportation, to
which was referred the bill (S. 1893) to require the
Transportation Security Administration to implement best
practices and improve transparency with regard to technology
acquisition programs, and for other purposes, having considered
the same, reports favorably thereon with an amendment (in the
nature of a substitute) and recommends that the bill (as
amended) do pass.

                          Purpose of the Bill

    The bill specifies procedures for the Transportation
Security Administration (TSA) to follow when planning,
executing, and evaluating acquisitions of security-related
technology.

                          Background and Needs

    Significant problems have plagued the TSA acquisition
process for much of the agency's existence. For example, in
2004 TSA began purchasing 207 ``puffer'' passenger-screening
portals which were all withdrawn from service due to poor
performance.\1\
---------------------------------------------------------------------------
    \1\TSA Scraps Airport Screening Program, Associated Press, May 22,
2009, available at http://www.nbcnews,com/id/30875442/ns/travel-news/t/
tsa-scraps-airport-screening-program/.
---------------------------------------------------------------------------
    More recent examples demonstrate continued TSA acquisition
problems. The Government Accountability Office (GAO) reported
in January 2012 that TSA did not fully follow Department of
Homeland Security (DHS) acquisition policies when acquiring
advanced imaging technology (AIT), which resulted in DHS
approving nationwide AIT deployment without full knowledge of
TSA's revised specifications.\2\
---------------------------------------------------------------------------
    \2\U.S. Gov't Accountability Office, GAO-13-469T, DHS and TSA
Continue to Face Challenges Developing and Acquiring Screening
Technologies (May 8, 2013), available at http://www.gao.gov/assets/660/
654419.pdf.
---------------------------------------------------------------------------
    In addition, GAO found that the Acquisition Review Board
(ARB) approved TSA for full-scale production without reviewing
a changed key performance parameter. Upon GAO's recommendation,
DHS developed a road map to address the recommendation, but
currently faces challenges implementing it. Additionally, in
September 2012, GAO reported that 42 of DHS's major acquisition
programs experienced cost growth, schedule slips, or delivered
less capability than promised, with 16 of the programs' costs
increasing from $19.7 billion in 2008 to $52.2 billion in
2011.\3\
---------------------------------------------------------------------------
    \3\U.S. Gov't Accountability Office, GAO-12-1024T, 9/11 Anniversary
Observations on TSA's Progress and Challenges in Strengthening Aviation
Security (Sept. 11, 2012), available at http://www.gao.gov/assets/650/
647996.pdf.
---------------------------------------------------------------------------
    GAO also concluded in January 2013 that TSA began deploying
passenger screening canine teams to airport terminals in April
2011 prior to determining the canine teams' operational
effectiveness and before assessing where within the airport the
canine teams would be most effectively utilized.
    In March 2014, GAO found that TSA's acquisition program for
next-generation AIT systems was nine months behind schedule
because of TSA's failures to follow acquisition guidance or
best-practices, identify technical challenges, incorporate
available information from vendors or national laboratories,
and develop a realistic project schedule with achievable
milestones.\4\
---------------------------------------------------------------------------
    \4\Dept. of Homeland Sec., Office of Inspector General, OIG-13-123,
Transportation Security Administration Office of Inspection's Efforts
to Enhance Transportation Security (Sept. 24, 2013), available at
http://www.oig.dhs.gov/assets/Mgmt/2013/OIG_13-123_Sept13.pdf.
---------------------------------------------------------------------------
    Similarly, the DHS Inspector General (IG) reported in
September 2013 that, while TSA created and followed deployment
schedules, TSA did not develop a comprehensive strategy to
ensure all of its AIT units were effectively used for screening
passengers and deployed to align with the overall goals of the
Passenger Screening Program.\5\ Without a documented, approved,
comprehensive plan and accurate data on the use of AIT, TSA
continued to use walk through metal detectors unable to
identify non-metallic objects to screen the majority of
passengers, therefore not taking advantage of the AIT's
security benefits. Additionally, the DHS IG found that TSA may
have used resources inefficiently to purchase and deploy
underused AIT units.
---------------------------------------------------------------------------
    \5\U.S. Gov't Accountability Office, GAO-14-357, Advanced Imaging
Technology: TSA Needs Additional Information before Procuring Next-
Generation Systems (Mar. 31, 2014), available at http://www.gao.gov/
products/gao-14-357.
---------------------------------------------------------------------------
    Further, industry stakeholders have criticized TSA for
failing to accurately communicate technology needs and long-
term investment plans, making it difficult for industry to plan
ahead and invest in innovative research and development.
    TSA's original acquisition strategy focused on acquiring
off-the-shelf systems. However, problems arose when such
systems were neither sufficiently customized nor easily
integrated into existing airport infrastructure. Attempting to
address these issues, the Consolidated Appropriations Act of
2008 (Public Law 110--161), repealed TSA's authority to use the
Federal Aviation Administration's acquisition management
system, making TSA subject to the uniform acquisition process
in the Federal Acquisition Regulation. Since then, TSA has
improved its acquisition analysis and it has shifted to a risk-
based security approach. The agency has also improved its pre-
testing to identify problems before procurements are made. The
bill would reinforce TSA's improved approach by seeking to
codify many of the steps the agency has already taken, and
further improve transparency and accountability in technology
acquisition planning and spending at the agency.

                         Summary of Provisions

    S. 1893 would amend title XVI of the Homeland Security Act
of 2002 (116 Stat. 2312). It would require TSA to develop, in
consultation with certain DHS officials and the aviation
industry stakeholder advisory committee, and submit to Congress
a strategic 5-year technology investment plan, to be updated
every 2 years after its initial submission to Congress, with an
accompanying report. The plan would incorporate private sector
feedback and input to the extent possible.
    The bill would direct the TSA Administrator to analyze
TSA's acquisition of any security-related technology to
determine if it is justified. ``Security-related technology''
would be defined as ``any technology that assists the
Administration in the prevention of, or defense against,
threats to the United States transportation systems, including
threats to people, property, and information.'' The Committee
does not intend for this definition to cover the routine
purchase of laptop computers, training systems, or other
administrative or training technologies that do not have a
primary purpose of operationally protecting transportation
systems.
     Prior to any TSA award of a contract for acquisitions
exceeding $30 million, the bill would require the TSA
Administrator to report to Congress the results of the
acquisition analysis and to certify that the security benefits
justify the contract cost.
    The bill would direct the appropriate DHS acquisition
official to establish certain performance baseline requirements
before any TSA security-related technology acquisition. It
would require that official to review and assess each
acquisition for meeting the baseline requirements and to report
the results to Congress.
    The bill would require the TSA Administrator, before the
procurement of additional quantities of equipment to fulfill a
TSA mission need, to utilize, to the extent practicable, any
existing units in TSA's inventory to meet that need.
    The bill would direct the TSA Administrator to report
annually to Congress on TSA's performance record for meeting
goals for contracting with small and disadvantaged businesses.
    The TSA Administrator would be required to execute the
responsibilities set forth in the Act in a manner consistent
with the Federal Acquisition Regulation and the policies and
directives of DHS.
    The bill would direct GAO to assess TSA's implementation of
GAO recommendations regarding the acquisition of security-
related technology that were made before enactment of the bill.
It would further direct GAO to evaluate TSA's progress in
implementing the bill and to submit a report to Congress which
includes an evaluation of TSA's testing and evaluation
activities related to security-related technology.
     The bill would require TSA to submit a report to Congress
on the feasibility of tracking its security-related technology
through automated information and data capture technologies.

                          Legislative History

    S. 1893 was introduced on December 20, 2013, by Senator
Ayotte. The bill was referred to the Committee on Commerce,
Science, and Transportation. Senators Blunt and Blumenthal are
cosponsors. A TSA oversight hearing was held on April 30, 2014.
On July 23, 2014, the Committee met in open Executive Session
and, by a voice vote, ordered S. 1893 reported favorably with
an amendment in the nature of a substitute. A related bill,
H.R. 2719, is substantially similar. It was introduced by
Representative Richard Hudson on July 18, 2013. On November 21,
2013, H.R. 2719 was reported by the Committee on Homeland
Security of the House of Representatives. On motion to suspend
the rules, the House of Representatives passed the bill on
December 3, 2013. The vote was 416-0.

                            Estimated Costs

    In accordance with paragraph 11(a) of rule XXVI of the
Standing Rules of the Senate and section 403 of the
Congressional Budget Act of 1974, the Committee provides the
following cost estimate, prepared by the Congressional Budget
Office:

S. 1893--Transportation Security Acquisition Reform Act

    Based on information from the Department of Homeland
Security (DHS) and the Government Accountability Office (GAO),
CBO estimates that implementing S. 1893 would have no
significant cost. Enacting S. 1893 would not affect direct
spending or revenues; therefore, pay-as-you-go procedures do
not apply.
    S. 1893 would specify procedures for the Transportation
Security Administration (TSA) to follow when planning, making,
and evaluating acquisitions of security-related technology. The
bill would require the agency to develop a multiyear investment
plan to be transmitted to the Congress and updated every two
years. The bill also would specify analyses and reports that
TSA must complete to justify certain investments, evaluate the
performance of technology acquired under the bill, and enhance
its capacity to monitor and utilize existing inventories of
security-related equipment. In addition, S. 1893 would direct
GAO to review and report on issues related to TSA's policies
for procuring security-related technology.
    According to DHS, the bill's requirements are largely
consistent with existing DHS procurement policies that already
apply to TSA. S. 1893 would not affect TSA's underlying mission
or responsibilities, and CBO estimates that meeting new
procedural requirements specified by the bill would not impose
any significant new costs on the agency. We also estimate that
any increased costs to GAO to complete reports required under
S. 1893 would be negligible. Any such costs would be subject to
the availability of appropriated funds.
    S. 1893 contains no intergovernmental or private-sector
mandates as defined in the Unfunded Mandates Reform Act and
would not affect the budgets of state, local, or tribal
governments.
    On November 21, 2013, CBO transmitted a cost estimate for
H.R. 2719, the Transportation Security Acquisition Reform Act,
as ordered reported by the House Committee on Homeland Security
on October 29, 2013. The two pieces of legislation are similar,
and the CBO cost estimates are the same.
    The CBO staff contact for this estimate is Megan Carroll.
This estimate was approved by Peter H. Fontaine, Assistant
Director for Budget Analysis.

                           Regulatory Impact

    In accordance with paragraph 11(b) of rule XXVI of the
Standing Rules of the Senate, the Committee provides the
following evaluation of the regulatory impact of the
legislation, as reported:

                       number of persons covered

    Because DHS indicates the bill's requirements are largely
consistent with existing procurement policies that already
apply to TSA, the number of persons covered should be
consistent with the current levels of individuals impacted
under the existing acquisition process.

                            economic impact

    S. 1893 is not expected to have an adverse impact on the
Nation's economy. Over time, requiring TSA to conduct a more
thorough assessment of its acquisition needs is anticipated to
have positive economic impacts by ensuring greater efficiency
and eliminating wasteful allocation of resources.

                                privacy

    The bill will not have any adverse impact on the personal
privacy of individuals.

                               paperwork

    The bill would not increase paperwork requirements for
private individuals or businesses. It would impose several
requirements on TSA. Under the bill, TSA would be required to:
           submit to Congress a strategic 5-year
        technology investment plan to be updated every 2 years
        after its initial release;
           prior to any TSA award of a contract for
        acquisitions exceeding $30 million, report to the
        appropriate committees of Congress the results of its
        acquisition analysis and certify that the security
        benefits justify the contract cost;
           establish a test and evaluation plan for all
        new technology acquisitions;
           submit a report to the appropriate
        committees of Congress including the results of any
        assessment that finds that the actual or planned costs
        of an acquisition exceed the baseline costs by more
        than 10 percent, the actual or planned schedule for
        delivery has been delayed by more than 180 days, or
        there is a failure to meet any performance milestone
        that directly impacts security effectiveness;
           submit an annual report to the appropriate
        committees of Congress that includes TSA's performance
        record with respect to meeting its published small-
        business contracting goals during the preceding fiscal
        year; and
           submit a report to Congress on the
        feasibility of tracking security-related technology,
        including software solutions, of TSA through automated
        information and data capture technologies.
    The bill would also require the Comptroller General to:
           submit a report to Congress that contains an
        assessment of TSA's implementation of recommendations
        regarding the acquisition of security-related
        technology that were made by GAO before the date of the
        enactment of the bill;
           evaluate TSA's progress in implementing the
        Act, including any efficiencies, cost savings, or
        delays that have resulted from such implementation; and
           submit a report to Congress that includes an
        evaluation of TSA's testing and evaluation activities
        related to security-related technology.

                   Congressionally Directed Spending

    In compliance with paragraph 4(b) of rule XLIV of the
Standing Rules of the Senate, the Committee provides that no
provisions contained in the bill, as reported, meet the
definition of congressionally directed spending items under the
rule.

                      Section-by-Section Analysis


Section 1. Short title.

     This section would provide that the legislation may be
cited as the ``Transportation Security Acquisition Reform
Act''.

Section 2. Findings.

     This section would identify the findings of Congress as
follows: TSA has not consistently implemented DHS policies and
Government best practices for acquisition and procurement; TSA
has only recently developed a multiyear technology investment
plan, and has underutilized innovation opportunities within the
private sector, including from small businesses; and TSA has
faced challenges in meeting key performance requirements for
several major acquisitions and procurements, resulting in
reduced security effectiveness and wasted expenditures.

Section 3. Transportation Security Administration acquisition reform.

     This section would amend title XVI of the Homeland
Security Act of 2002 (116 Stat. 2312). Several key terms would
be defined under section 1601 of that title.
    Section 1611 of that title would require the TSA
Administrator to develop, in consultation with DHS officials
and the aviation industry stakeholder advisory committee, and
submit to Congress a strategic 5-year technology investment
plan to be updated every 2 years after its initial release. The
plan would incorporate private sector feedback and input to the
extent possible, including in situations where acquisitions may
lead to the removal of equipment from airports so that TSA and
stakeholders may address potential negative impacts of such
removal. It would direct the TSA Administrator to analyze TSA's
acquisition of any security-related technology to determine if
it is justified. Prior to any TSA award of a contract for
acquisitions exceeding $30 million, the TSA Administrator would
be required to report to the appropriate committees of Congress
the results of the analysis and to certify that the security
benefits justify the contract cost.
    Section 1613 of that title would direct the appropriate DHS
acquisition official to establish certain performance baseline
requirements, including cost estimates and performance
milestones, before any TSA security-related technology
acquisition. The feasibility of meeting the performance
milestones would also be assessed. A test and evaluation plan
would be required and established for all new technology
acquisitions.
    The appropriate DHS acquisition official would be required
to utilize independent reviewers to verify and validate the
performance milestones and cost estimates developed for a
security-related technology that has been identified as a high
priority need in the most recent 5-year plan. That official
would also be required to ensure that the use of independent
reviewers does not unduly delay the schedule of any
acquisition.
    Section 1613 of that title would require the TSA
Administrator to establish a streamlined process for an
interested vendor of a security-related technology to request
and receive appropriate access to the baseline requirements and
test and evaluation plans that are necessary for the vendor to
participate in the acquisitions process for that technology.
    An appropriate acquisition official of DHS would be
required to review and assess each implemented acquisition to
determine if the acquisition is meeting the baseline
requirements established under the bill.
    The TSA Administrator would be required to submit a report
to the appropriate committees of Congress, including the
results of any assessment that finds that: the actual or
planned costs of an acquisition exceed the baseline costs by
more than 10 percent; the actual or planned schedule for
delivery has been delayed by more than 180 days; or there is a
failure to meet any performance milestone that directly impacts
security effectiveness. The report would be required to include
the cause for any excessive costs, delay, or failure; and a
plan for corrective action.
    Before the procurement of additional quantities of
equipment to fulfill a mission need, section 1614 of that title
would require the TSA Administrator, to the extent practicable,
to utilize any existing units in TSA's inventory to meet that
need.
    Section 1615 of that title would require the TSA
Administrator to submit to the appropriate committees of
Congress an annual report that includes TSA's performance
record with respect to meeting its published small-business
contracting goals during the preceding fiscal year.
    Finally, section 1616 of that title would direct the TSA
Administrator to execute the responsibilities set forth in the
Act in a manner consistent with, and not duplicative of, the
Federal Acquisition Regulation and the policies and directives
of DHS.

Section 4. Government Accountability Office reports.

    Section 4 of the bill would direct GAO to submit a report
to Congress that contains an assessment of TSA's implementation
of recommendations regarding the acquisition of security-
related technology that were made by GAO before the date of the
enactment of the bill. It would further direct GAO to evaluate
TSA's progress in implementing the bill, including any
efficiencies, cost savings, or delays that have resulted from
such implementation.

Section 5. Report on feasibility of inventory tracking.

    Section 5 of the bill would require the TSA Administrator
to submit a report to Congress on the feasibility of tracking
security-related technology, including software solutions, of
TSA through automated information and data capture
technologies.

Section 6. Government Accountability Office review of TSA's test and
        evaluation process.

    Section 6 of the bill would direct the Comptroller General
to submit a report to Congress that includes an evaluation of
TSA's testing and evaluation activities related to security-
related technology. The report would be required to include
information on the extent to which the execution of such
testing and evaluation activities is aligned with TSA's annual
budget request, acquisition needs, planned procurements, and
acquisitions for technology programs and projects. The
Comptroller General also would be required to report on
security-related technology that has been tested, evaluated,
and certified for use by TSA, but was not procured, including
the reasons the procurement did not occur. Finally, the report
would be required to include recommendations to improve the
efficiency and efficacy of such testing and evaluation
activities and to better align such testing and evaluation with
the acquisitions process.

Section 7. No additional authorization of appropriations.

    Section 7 of the bill would provide that the Act is to be
carried out using amounts otherwise available for such purpose.
No additional funds would be authorized to be appropriated.

                        Changes in Existing Law

    In compliance with paragraph 12 of rule XXVI of the
Standing Rules of the Senate, changes in existing law made by
the bill, as reported, are shown as follows (existing law
proposed to be omitted is enclosed in black brackets, new
material is printed in italic, existing law in which no change
is proposed is shown in roman):

                      HOMELAND SECURITY ACT OF 2002


                         [6 U.S.C. 101 et seq.]

      [TITLE XVI--CORRECTIONS TO EXISTING LAW RELATING TO AIRLINE
                        TRANSPORTATION SECURITY]

[SEC. 1601. RETENTION OF SECURITY SENSITIVE INFORMATION AUTHORITY AT
                    DEPARTMENT OF TRANSPORTATION

  [(a) Section 40119 of title 49, United States Code, is
amended--
          [(1) in subsection (a)--
                  [(A) by inserting ``and the Administrator of
                the Federal Aviation Administration each''
                after ``for Security''; and
                  [(B) by striking ``criminal violence and
                aircraft piracy'' and inserting ``criminal
                violence, aircraft piracy, and terrorism and to
                ensure security''; and
          [(2) in subsection (b)(1)--
                  [(A) by striking ``, the Under Secretary''
                and inserting ``and the establishment of a
                Department of Homeland Security, the Secretary
                of Transportation'';
                  [(B) by striking ``carrying out'' and all
                that follows through ``if the Under Secretary''
                and inserting ``ensuring security under this
                title if the Secretary of Transportation''; and
                  [(C) in subparagraph (C) by striking ``the
                safety of passengers in transportation'' and
                inserting ``transportation safety''.
  [(b) Section 114 of title 49, United States Code, is amended
by adding at the end the following:
  [``(s) Nondisclosure of Security Activities.--
          [``(1) In general.--Notwithstanding section 552 of
        title 5, the Under Secretary shall prescribe
        regulations prohibiting the disclosure of information
        obtained or developed in carrying out security under
        authority of the Aviation and Transportation Security
        Act (Public Law 107-71) or under chapter 449 of this
        title if the Under Secretary decides that disclosing
        the information would--
                  [``(A) be an unwarranted invasion of personal
                privacy;
                  [``(B) reveal a trade secret or privileged or
                confidential commercial or financial
                information; or
                  [``(C) be detrimental to the security of
                transportation.
          [``(2) Availability of information to congress.--
        Paragraph (1) does not authorize information to be
        withheld from a committee of Congress authorized to
        have the information.
          [``(3) Limitation on transferability of duties.--
        Except as otherwise provided by law, the Under
        Secretary may not transfer a duty or power under this
        subsection to another department, agency, or
        instrumentality of the United States.''.]

[SEC. 1602. INCREASE IN CIVIL PENALTIES

  [Section 46301(a) of title 49, United States Code, is amended
by adding at the end the following:
          [``(8) Aviation security violations.--Notwithstanding
        paragraphs (1) and (2) of this subsection, the maximum
        civil penalty for violating chapter 449 or another
        requirement under this title administered by the Under
        Secretary of Transportation for Security shall be
        $10,000; except that the maximum civil penalty shall be
        $25,000 in the case of a person operating an aircraft
        for the transportation of passengers or property for
        compensation (except an individual serving as an
        airman).''.]

[SEC. 1603. ALLOWING UNITED STATES CITIZENS AND UNITED STATES NATIONALS
                    AS SCREENERS

  [Section 44935(e)(2)(A)(ii) of title 49, United States Code,
is amended by striking ``citizen of the United States'' and
inserting ``citizen of the United States or a national of the
United States, as defined in section 1101(a)(22) of the
Immigration and Nationality Act (8 U.S.C. 1101(a)(22))''.]\1\
---------------------------------------------------------------------------
    \1\The amendment to title XVI would not affect any amendment made
by that title as in effect before the date of enactment of the
Transportation Security Acquisition Reform Act.
---------------------------------------------------------------------------

                   TITLE XVI--TRANSPORTATION SECURITY

                     Subtitle A--General Provisions

SEC. 1601. DEFINITIONS.

  In this title:
          (1) Administration.--The term ``Administration''
        means the Transportation Security Administration.
          (2) Administrator.--The term ``Administrator'' means
        the Administrator of the Transportation Security
        Administration.
          (3) Plan.--The term ``Plan'' means the strategic 5-
        year technology investment plan developed by the
        Administrator under section 1611.
          (4) Security-related technology.--The term
        ``security-related technology'' means any technology
        that assists the Administration in the prevention of,
        or defense against, threats to United States
        transportation systems, including threats to people,
        property, and information.

    Subtitle B--Transportation Security Administration Acquisition
                              Improvements

SEC. 1611. 5-YEAR TECHNOLOGY INVESTMENT PLAN.

  (a) In General.--The Administrator shall--
          (1) not later than 180 days after the date of the
        enactment of the Transportation Security Acquisition
        Reform Act, develop and submit to Congress a strategic
        5-year technology investment plan, that may include a
        classified addendum to report sensitive transportation
        security risks, technology vulnerabilities, or other
        sensitive security information; and
          (2) to the extent possible, publish the Plan in an
        unclassified format in the public domain.
  (b) Consultation.--The Administrator shall develop the Plan
in consultation with--
          (1) the Under Secretary for Management;
          (2) the Under Secretary for Science and Technology;
          (3) the Chief Information Officer; and
          (4) the aviation industry stakeholder advisory
        committee established by the Administrator.
  (c) Approval.--The Administrator may not publish the Plan
under subsection (a)(2) until it has been approved by the
Secretary.
  (d) Contents of Plan.--The Plan shall include--
          (1) an analysis of transportation security risks and
        the associated capability gaps that would be best
        addressed by security-related technology, including
        consideration of the most recent Quadrennial Homeland
        Security Review under section 707;
          (2) a set of security-related technology acquisition
        needs that--
                  (A) is prioritized based on risk and
                associated capability gaps identified under
                paragraph (1); and
                  (B) includes planned technology programs and
                projects with defined objectives, goals,
                timelines, and measures;
          (3) an analysis of current and forecast trends in
        domestic and international passenger travel;
          (4) an identification of currently deployed security-
        related technologies that are at or near the end of
        their lifecycles;
          (5) an identification of test, evaluation, modeling,
        and simulation capabilities, including target
        methodologies, rationales, and timelines necessary to
        support the acquisition of the security-related
        technologies expected to meet the needs under paragraph
        (2);
          (6) an identification of opportunities for public-
        private partnerships, small and disadvantaged company
        participation, intragovernment collaboration,
        university centers of excellence, and national
        laboratory technology transfer;
          (7) an identification of the Administration's
        acquisition workforce needs that will be required for
        the management of planned security-related technology
        acquisitions, including consideration of leveraging
        acquisition expertise of other Federal agencies;
          (8) an identification of the security resources,
        including information security resources, that will be
        required to protect security-related technology from
        physical or cyber theft, diversion, sabotage, or
        attack;
          (9) an identification of initiatives to streamline
        the Administration's acquisition process and provide
        greater predictability and clarity to small, medium,
        and large businesses, including the timeline for
        testing and evaluation;
          (10) an assessment of the impact to commercial
        aviation passengers;
          (11) a strategy for consulting airport management,
        airline representatives, and Federal security directors
        whenever an acquisition will lead to the removal of
        equipment at airports, and how the strategy for
        consulting with such officials of the relevant airports
        will address potential negative impacts on commercial
        passengers or airport operations; and
          (12) in consultation with the National Institutes of
        Standards and Technology, an identification of
        security-related technology interface standards, in
        existence or if implemented, that could promote more
        interoperable passenger, baggage, and cargo screening
        systems.
  (e) Leveraging the Private Sector.--To the extent possible,
and in a manner that is consistent with fair and equitable
practices, the Plan shall--
          (1) leverage emerging technology trends and research
        and development investment trends within the public and
        private sectors;
          (2) incorporate private sector input, including from
        the aviation industry stakeholder advisory committee
        established by the Administrator, through requests for
        information, industry days, and other innovative means
        consistent with the Federal Acquisition Regulation; and
          (3) in consultation with the Under Secretary for
        Science and Technology, identify technologies in
        existence or in development that, with or without
        adaptation, are expected to be suitable to meeting
        mission needs.
  (f) Disclosure.--The Administrator shall include with the
Plan a list of nongovernment persons that contributed to the
writing of the Plan.
  (g) Update and Report.--Beginning 2 years after the date the
Plan is submitted to Congress under subsection (a), and
biennially thereafter, the Administrator shall submit to
Congress--
          (1) an update of the Plan; and
          (2) a report on the extent to which each security-
        related technology acquired by the Administration since
        the last issuance or update of the Plan is consistent
        with the planned technology programs and projects
        identified under subsection (d)(2) for that security-
        related technology.

SEC. 1612. ACQUISITION JUSTIFICATION AND REPORTS.

  (a) Acquisition Justification.--Before the Administration
implements any security-related technology acquisition, the
Administrator, in accordance with the Department's policies and
directives, shall determine whether the acquisition is
justified by conducting an analysis that includes--
          (1) an identification of the scenarios and level of
        risk to transportation security from those scenarios
        that would be addressed by the security-related
        technology acquisition;
          (2) an assessment of how the proposed acquisition
        aligns to the Plan;
          (3) a comparison of the total expected lifecycle cost
        against the total expected quantitative and qualitative
        benefits to transportation security;
          (4) an analysis of alternative security solutions,
        including policy or procedure solutions, to determine
        if the proposed security-related technology acquisition
        is the most effective and cost-efficient solution based
        on cost-benefit considerations;
          (5) an assessment of the potential privacy and civil
        liberties implications of the proposed acquisition that
        includes, to the extent practicable, consultation with
        organizations that advocate for the protection of
        privacy and civil liberties;
          (6) a determination that the proposed acquisition is
        consistent with fair information practice principles
        issued by the Privacy Officer of the Department;
          (7) confirmation that there are no significant risks
        to human health or safety posed by the proposed
        acquisition; and
          (8) an estimate of the benefits to commercial
        aviation passengers.
  (b) Reports and Certification to Congress.--
          (1) In general.--Not later than the end of the 30-day
        period preceding the award by the Administration of a
        contract for any security-related technology
        acquisition exceeding $30,000,000, the Administrator
        shall submit to the Committee on Commerce, Science, and
        Transportation of the Senate and the Committee on
        Homeland Security of the House of Representatives--
                  (A) the results of the comprehensive
                acquisition justification under subsection (a);
                and
                  (B) a certification by the Administrator that
                the benefits to transportation security justify
                the contract cost.
          (2) Extension due to imminent terrorist threat.--If
        there is a known or suspected imminent threat to
        transportation security, the Administrator--
                  (A) may reduce the 30-day period under
                paragraph (1) to 5 days to rapidly respond to
                the threat; and
                  (B) shall immediately notify the Committee on
                Commerce, Science, and Transportation of the
                Senate and the Committee on Homeland Security
                of the House of Representatives of the known or
                suspected imminent threat.

SEC. 1613. ACQUISITION BASELINE ESTABLISHMENT AND REPORTS.

  (a) Baseline Requirements.--
          (1) In general.--Before the Administration implements
        any security-related technology acquisition, the
        appropriate acquisition official of the Department
        shall establish and document a set of formal baseline
        requirements.
          (2) Contents.--The baseline requirements under
        paragraph (1) shall--
                  (A) include the estimated costs (including
                lifecycle costs), schedule, and performance
                milestones for the planned duration of the
                acquisition;
                  (B) identify the acquisition risks and a plan
                for mitigating these risks; and
                  (C) assess the personnel necessary to manage
                the acquisition process, manage the ongoing
                program, and support training and other
                operations as necessary.
          (3) Feasibility.--In establishing the performance
        milestones under paragraph (2)(A), the appropriate
        acquisition official of the Department, to the extent
        possible and in consultation with the Under Secretary
        for Science and Technology, shall ensure that achieving
        these milestones is technologically feasible.
          (4) Test and evaluation plan.--The Administrator, in
        consultation with the Under Secretary for Science and
        Technology, shall develop a test and evaluation plan
        that describes--
                  (A) the activities that are expected to be
                required to assess acquired technologies
                against the performance milestones established
                under paragraph (2)(A);
                  (B) the necessary and cost-effective
                combination of laboratory testing, field
                testing, modeling, simulation, and supporting
                analysis to ensure that such technologies meet
                the Administration's mission needs;
                  (C) an efficient planning schedule to ensure
                that test and evaluation activities are
                completed without undue delay; and
                  (D) if commercial aviation passengers are
                expected to interact with the security-related
                technology, methods that could be used to
                measure passenger acceptance of and
                familiarization with the security-related
                technology.
          (5) Verification and validation.--The appropriate
        acquisition official of the Department--
                  (A) subject to subparagraph (B), shall
                utilize independent reviewers to verify and
                validate the performance milestones and cost
                estimates developed under paragraph (2) for a
                security-related technology that pursuant to
                section 1611(d)(2) has been identified as a
                high priority need in the most recent Plan; and
                  (B) shall ensure that the use of independent
                reviewers does not unduly delay the schedule of
                any acquisition.
          (6) Streamlining access for interested vendors.--The
        Administrator shall establish a streamlined process for
        an interested vendor of a security-related technology
        to request and receive appropriate access to the
        baseline requirements and test and evaluation plans
        that are necessary for the vendor to participate in the
        acquisitions process for that technology.
  (b) Review of Baseline Requirements and Deviation; Report to
Congress.--
          (1) Review.--
                  (A) In general.--The appropriate acquisition
                official of the Department shall review and
                assess each implemented acquisition to
                determine if the acquisition is meeting the
                baseline requirements established under
                subsection (a).
                  (B) Test and evaluation assessment.--The
                review shall include an assessment of whether--
                          (i) the planned testing and
                        evaluation activities have been
                        completed; and
                          (ii) the results of that testing and
                        evaluation demonstrate that the
                        performance milestones are
                        technologically feasible.
          (2) Report.--Not later than 30 days after making a
        finding described in clause (i), (ii), or (iii) of
        subparagraph (A), the Administrator shall submit a
        report to the Committee on Commerce, Science, and
        Transportation of the Senate and the Committee on
        Homeland Security of the House of Representatives that
        includes--
                  (A) the results of any assessment that finds
                that--
                          (i) the actual or planned costs
                        exceed the baseline costs by more than
                        10 percent;
                          (ii) the actual or planned schedule
                        for delivery has been delayed by more
                        than 180 days; or
                          (iii) there is a failure to meet any
                        performance milestone that directly
                        impacts security effectiveness;
                  (B) the cause for that excessive costs,
                delay, or failure; and
                  (C) a plan for corrective action.

SEC. 1614. INVENTORY UTILIZATION.

  (a) In General.--Before the procurement of additional
quantities of equipment to fulfill a mission need, the
Administrator, to the extent practicable, shall utilize any
existing units in the Administration's inventory to meet that
need.
  (b) Tracking of Inventory.--
          (1) In general.--The Administrator shall establish a
        process for tracking--
                  (A) the location of security-related
                equipment in the inventory under subsection
                (a);
                  (B) the utilization status of security-
                related technology in the inventory under
                subsection (a); and
                  (C) the quantity of security-related
                equipment in the inventory under subsection
                (a).
          (2) Internal controls.--The Administrator shall
        implement internal controls to ensure up-to-date
        accurate data on security-related technology owned,
        deployed, and in use.
  (c) Logistics Management.--
          (1) In general.--The Administrator shall establish
        logistics principles for managing inventory in an
        effective and efficient manner.
          (2) Limitation on just-in-time logistics.--The
        Administrator may not use just-in-time logistics if
        doing so--
                  (A) would inhibit necessary planning for
                large-scale delivery of equipment to airports
                or other facilities; or
                  (B) would unduly diminish surge capacity for
                response to a terrorist threat.

SEC. 1615. SMALL BUSINESS CONTRACTING GOALS.

  Not later than 90 days after the date of enactment of the
Transportation Security Acquisition Reform Act, and annually
thereafter, the Administrator shall submit a report to the
Committee on Commerce, Science, and Transportation of the
Senate and the Committee on Homeland Security of the House of
Representatives that includes--
          (1) the Administration's performance record with
        respect to meeting its published small-business
        contracting goals during the preceding fiscal year;
          (2) if the goals described in paragraph (1) were not
        met or the Administration's performance was below the
        published small-business contracting goals of the
        Department--
                  (A) a list of challenges, including
                deviations from the Administration's
                subcontracting plans, and factors that
                contributed to the level of performance during
                the preceding fiscal year;
                  (B) an action plan, with benchmarks, for
                addressing each of the challenges identified in
                subparagraph (A), which--
                          (i) was prepared after consultation
                        with the Secretary of Defense and the
                        heads of Federal departments and
                        agencies that achieved their published
                        goals for prime contracting with small
                        and minority owned businesses,
                        including small and disadvantaged
                        businesses, in prior fiscal years; and
                          (ii) identifies policies and
                        procedures that could be incorporated
                        by the Administration in furtherance of
                        achieving the Administration's
                        published goal for such contracting;
                        and
          (3) a status report on the implementation of the
        action plan that was developed in the preceding fiscal
        year in accordance with paragraph (2)(B), if such a
        plan was required.

SEC. 1616. CONSISTENCY WITH THE FEDERAL ACQUISITION REGULATION AND
                    DEPARTMENTAL POLICIES AND DIRECTIVES.

  The Administrator shall execute the responsibilities set
forth in this subtitle in a manner consistent with, and not
duplicative of, the Federal Acquisition Regulation and the
Department's policies and directives.