Throughout 2019, members of Congress introduced numerous IT-related bills to their chamber, but they are scattered across various levels of the legislation process. With the 116th Congress approximately halfway through its two-year session, here’s a status update on where some of the top IT legislation stands:
The Federal Risk Authorization and Management Program (FedRAMP) Authorization Act (H.R. 3941) is set to hit the floor of the House, with the Committee on Oversight and Reform giving its approval to the bill in a voice vote in December. However, the bill must be brought to a vote by Speaker of the House Nancy Pelosi, and it does not have a Senate companion, which means it still needs to find some backers and go through the full process there.
The bill would enshrine FedRAMP into law, take actions to improve the program’s efficiency, and allocate $20 million annually for the program.
The IoT Cybersecurity Improvement Act
In the House, the Internet of Things (IoT) Cybersecurity Improvement Act (H.R. 1668) is currently waiting on the Committee on Science, Space, and Technology to take action on the bill, as the Committee on Oversight and Reform has already approved the bill. In the Senate (S.734), Homeland Security and Governmental Affairs Committee approved the bill, and it is sitting on the Senate Legislative Calendar, waiting for Senate Majority Leader Mitch McConnell to bring it to the floor for a vote.
The bill would use NIST standards as the baseline for cybersecurity of IoT devices acquired by the Federal government.
The Advancing Continuous Diagnostics and Mitigation (CDM) Act is indeed advancing through the House (H.R. 4237), where the Committee on Homeland Security passed the bill through committee in October. The House Oversight and Reform Committee has yet to consider it however, and its Senate companion bill (S. 2318) also has yet to be considered or amended by the Homeland Security and Governmental Affairs Committee.
The bill would put the CDM program into law, require reporting to Congress, and make tools available to state and local governments.
The Cybersecurity Vulnerability Remediation Act
The Cybersecurity Vulnerability Remediation Act (H.R. 3710) made its way through the House relatively quickly, being introduced in July 2019 and passed in September. The bill now sits before the Senate Homeland Security and Governmental Affairs Committee, where it has not yet been marked up.
The bill would allow the Cybersecurity and Infrastructure Security Agency (CISA) to issue protocols to mitigate vulnerabilities, and would allow the Science and Technology Directorate of the Department of Homeland Security to establish an incentive program for remediation solutions.
The Federal CIO Authorization Act
Introduced early in 2019, the Federal CIO Authorization Act (H.R. 247) sailed through the entire House process in just under two weeks, being approved in January 2019. However, the Senate has not taken any action on the legislation, making it unlikely the bill becomes law without a senator to champion its passage.
The bill would rename the IT component of the Office of Management and Budget from the Office of E-Government to the Office of the Federal CIO, and require an OMB report to Congress on shared services and IT.
The Cyber Diplomacy Act (H.R. 739) moved through the House Committee on Foreign Affairs relatively quickly in March, but the bill has not received a vote on the floor of the House. The bill also lacks a Senate companion, leaving a number of steps ahead before becoming law.
The bill would establish the Office of International Cyberspace Policy at the State Department and push for engagement on norms in cyberspace.