How To Use the NDAA Pages

Back to NDAA Contents


Subtitle D--Federal Information Technology Acquisition Reform

P. L. 113-291

Explanatory Statement, 12/4/14, H8671


Section 11302(c) of title 40, United States Code, is amended--

(1) by redesignating paragraphs (1) and (2) as paragraphs (2) and (5), respectively;

(2) by inserting before paragraph (2), as so redesignated, the following new paragraph (1):

`(1) DEFINITIONS- In this subsection:

`(A) The term `covered agency' means an agency listed in section 901(b)(1) or 901(b)(2) of title 31.

`(B) The term `major information technology investment' means an investment within a covered agency information technology investment portfolio that is designated by the covered agency as major, in accordance with capital planning guidance issued by the Director.

`(C) The term `national security system' has the meaning provided in section 3542 of title 44.'; and

(3) by inserting after paragraph (2), as so redesignated, the following new paragraphs:


`(A) IN GENERAL- The Director shall make available to the public a list of each major information technology investment, without regard to whether the investments are for new information technology acquisitions or for operations and maintenance of existing information technology, including data on cost, schedule, and performance.


`(i) The Director shall issue guidance to each covered agency for reporting of data required by subparagraph (A) that provides a standardized data template that can be incorporated into existing, required data reporting formats and processes. Such guidance shall integrate the reporting process into current budget reporting that each covered agency provides to the Office of Management and Budget, to minimize additional workload. Such guidance shall also clearly specify that the investment evaluation required under subparagraph (C) adequately reflect the investment's cost and schedule performance and employ incremental development approaches in appropriate cases.

`(ii) The Chief Information Officer of each covered agency shall provide the Director with the information described in subparagraph (A) on at least a semi-annual basis for each major information technology investment, using existing data systems and processes.

`(C) INVESTMENT EVALUATION- For each major information technology investment listed under subparagraph (A), the Chief Information Officer of the covered agency, in consultation with other appropriate agency officials, shall categorize the investment according to risk, in accordance with guidance issued by the Director.

`(D) CONTINUOUS IMPROVEMENT- If either the Director or the Chief Information Officer of a covered agency determines that the information made available from the agency's existing data systems and processes as required by subparagraph (B) is not timely and reliable, the Chief Information Officer, in consultation with the Director and the head of the agency, shall establish a program for the improvement of such data systems and processes.

`(E) WAIVER OR LIMITATION AUTHORITY- The applicability of subparagraph (A) may be waived or the extent of the information may be limited by the Director, if the Director determines that such a waiver or limitation is in the national security interests of the United States.

`(F) ADDITIONAL LIMITATION- The requirements of subparagraph (A) shall not apply to national security systems or to telecommunications or information technology that is fully funded by amounts made available--

`(i) under the National Intelligence Program, defined by section 3(6) of the National Security Act of 1947 (50 U.S.C. 3003(6));

`(ii) under the Military Intelligence Program or any successor program or programs; or

`(iii) jointly under the National Intelligence Program and the Military Intelligence Program (or any successor program or programs).

`(4) RISK MANAGEMENT- For each major information technology investment listed under paragraph (3)(A) that receives a high risk rating, as described in paragraph (3)(C), for 4 consecutive quarters--

`(A) the Chief Information Officer of the covered agency and the program manager of the investment within the covered agency, in consultation with the Administrator of the Office of Electronic Government, shall conduct a review of the investment that shall identify--

`(i) the root causes of the high level of risk of the investment;

`(ii) the extent to which these causes can be addressed; and

`(iii) the probability of future success;

`(B) the Administrator of the Office of Electronic Government shall communicate the results of the review under subparagraph (A) to--

`(i) the Committee on Homeland Security and Governmental Affairs and the Committee on Appropriations of the Senate;

`(ii) the Committee on Oversight and Government Reform and the Committee on Appropriations of the House of Representatives; and

`(iii) the committees of the Senate and the House of Representatives with primary jurisdiction over the agency;

`(C) in the case of a major information technology investment of the Department of Defense, the assessment required by subparagraph (A) may be accomplished in accordance with section 2445c of title 10, provided that the results of the review are provided to the Administrator of the Office of Electronic Government upon request and to the committees identified in subsection (B); and

`(D) for a covered agency other than the Department of Defense, if on the date that is one year after the date of completion of the review required under subsection (A), the investment is rated as high risk under paragraph (3)(C), the Director shall deny any request for additional development, modernization, or enhancement funding for the investment until the date on which the Chief Information Officer of the covered agency determines that the root causes of the high level of risk of the investment have been addressed, and there is sufficient capability to deliver the remaining planned increments within the planned cost and schedule.

`(5) SUNSET OF CERTAIN PROVISIONS- Paragraphs (1), (3), and (4) shall not be in effect on and after the date that is 5 years after the date of the enactment of the Carl Levin and Howard P. `Buck' McKeon National Defense Authorization Act for Fiscal Year 2015.'.

Enhanced transparency and improved risk management in information technology investments (sec. 832)

The House bill contained a provision (sec. 5505) that would enhance transparency in information technology investments.

The Senate committee-reported bill contained no similar provision.

The agreement contains the House provision with a clarifying amendment.

Additional Information

H. Rpt. 113-359 to accompany the Federal Information Technology Acquisition Reform Act

Section 504. Enhanced transparency in information technology investments

Increases the transparency of IT investments by requiring 80 percent of the governmentwide IT spending, and 60 percent of each of the 24 CFO Act agency IT spending be covered by the IT Dashboard. Requires OMB to ensure that the information posted is current, accurate, and reflects the risks associated with each covered IT investment.

The Committee appreciates the transparency IT Dashboard brings and urges OMB to fully utilize its potential. The Committee also notes that OMB in recent years has considerably slowed down the pace of its TechStat reviews of agency IT programs. The Committee urges the OMB to continue to hold a sufficient number of OMB-led TechStat sessions to maintain sufficient independent oversight in assessing and improving the performance of agency IT investments.