H.R.4098 - Secure Federal File Sharing Act111th Congress (2009-2010)
Text: H.R.4098 — 111th Congress (2009-2010)
Referred in Senate (03/25/2010)
Formatting necessary for an accurate reading of this legislative text may be shown by tags (e.g., <DELETED> or <BOLD>) or may be missing from this TXT display. For complete and accurate display of this text, see the PDF or HTML/XML.
[Congressional Bills 111th Congress] [From the U.S. Government Printing Office] [H.R. 4098 Referred in Senate (RFS)] 111th CONGRESS 2d Session H. R. 4098 _______________________________________________________________________ IN THE SENATE OF THE UNITED STATES March 25, 2010 Received; read twice and referred to the Committee on Homeland Security and Governmental Affairs _______________________________________________________________________ AN ACT To require the Director of the Office of Management and Budget to issue guidance on the use of peer-to-peer file sharing software to prohibit the personal use of such software by Government employees, and for other purposes. Be it enacted by the Senate and House of Representatives of the United States of America in Congress assembled, SECTION 1. SHORT TITLE. This Act may be cited as the ``Secure Federal File Sharing Act''. SEC. 2. REQUIREMENTS. (a) Updated Guidance on Use of Certain Software Programs.--Not later than 90 days after the date of the enactment of this Act, the Director of the Office of Management and Budget, after consultation with the Federal Chief Information Officers Council, shall issue guidance on the use of peer-to-peer file sharing software-- (1) to prohibit the download, installation, or use by Government employees and contractors of open-network peer-to- peer file sharing software on all Federal computers, computer systems, and networks, including those operated by contractors on the Government's behalf, unless such software is approved in accordance with procedures under subsection (b); and (2) to address the download, installation, or use by Government employees and contractors of such software on home or personal computers as it relates to telework and remotely accessing Federal computers, computer systems, and networks, including those operated by contractors on the Government's behalf. (b) Approval Process for Certain Software Programs.--Not later than 90 days after the date of the enactment of this Act, the Director of the Office of Management and Budget shall develop a procedure by which the Director, in consultation with the Chief Information Officer, may receive requests from heads of agencies or chief information officers of agencies for approval for use by Government employees and contractors of specific open-network peer-to-peer file sharing software programs that are-- (1) necessary for the day-to-day business operations of the agency; (2) instrumental in completing a particular task or project that directly supports the agency's overall mission; (3) necessary for use between, among, or within Federal, State, or local government agencies in order to perform official agency business; or (4) necessary for use during the course of a law enforcement investigation. (c) Agency Responsibilities.--Not later than 180 days after the date of enactment of this Act, the Director of the Office of Management and Budget shall-- (1) direct agencies to establish or update personal use policies of the agency to be consistent with the guidance issued pursuant to subsection (a); (2) direct agencies to require any contract awarded by the agency to include a requirement that the contractor comply with the guidance issued pursuant to subsection (a) in the performance of the contract; (3) direct agencies to update their information technology security or ethics training policies to ensure that all employees, including those working for contractors on the Government's behalf, are aware of the requirements of the guidance required by subsection (a) and the consequences of engaging in prohibited conduct; and (4) direct agencies to ensure that proper security controls are in place to prevent, detect, and remove file sharing software that is prohibited by the guidance issued pursuant to subsection (a) from all Federal computers, computer systems, and networks, including those operated by contractors on the Government's behalf. SEC. 3. ANNUAL REPORT. Not later than 1 year after the date of the enactment of this Act, and annually thereafter, the Director of the Office of Management and Budget shall submit to the Committee on Oversight and Government Reform of the House of Representatives and the Committee on Homeland Security and Governmental Affairs of the Senate a report on the implementation of this Act, including-- (1) a justification for each open-network peer-to-peer file sharing software program that is approved pursuant to subsection (b); and (2) an inventory of the agencies where such programs are being used. SEC. 4. DEFINITIONS. In this Act: (1) Agency.--The term ``agency'' has the meaning provided the term ``Executive agency'' by section 105 of title 5, United States Code. (2) Open-network.--The term ``open-network'', with respect to software, means a network in which-- (A) access is granted freely, without limitation or restriction; or (B) there are little or no security measures in place. (3) Peer-to-peer file sharing software.--The term ``peer- to-peer file sharing software''-- (A) means a program, application, or software that is commercially marketed or distributed to the public and that enables-- (i) a file or files on the computer on which such program is installed to be designated as available for searching and copying to one or more other computers; (ii) the searching of files on the computer on which such program is installed and the copying of any such file to another computer-- (I) at the initiative of such other computer and without requiring any action by an owner or authorized user of the computer on which such program is installed; and (II) without requiring an owner or authorized user of the computer on which such program is installed to have selected or designated another computer as the recipient of any such file; and (iii) an owner or authorized user of the computer on which such program is installed to search files on one or more other computers using the same or a compatible program, application, or software, and copy such files to such owner or user's computer; and (B) does not include a program, application, or software designed primarily-- (i) to operate as a server that is accessible over the Internet using the Internet Domain Name system; (ii) to transmit or receive email messages, instant messaging, real-time audio or video communications, or real-time voice communications; or (iii) to provide network or computer security (including the detection or prevention of fraudulent activities), network management, maintenance, diagnostics, or technical support or repair. (4) Contractor.--The term ``contractor'' means a prime contractor or a subcontractor, as defined by the Federal Acquisition Regulation. SEC. 5. BUDGETARY EFFECTS OF PAYGO LEGISLATION FOR THIS ACT. The budgetary effects of this Act, for the purpose of complying with the Statutory Pay-As-You-Go Act of 2010, shall be determined by reference to the latest statement titled ``Budgetary Effects of PAYGO Legislation'' for this Act, submitted for printing in the Congressional Record by the Chairman of the House Budget Committee, provided that such statement has been submitted prior to the vote on passage. Passed the House of Representatives March 24, 2010. Attest: LORRAINE C. MILLER, Clerk.