H.R. 2458, E-Government Act of 2002
Selected Portions of Interest to the XML Working Group
Copied on November 26, 2002, from Engrossed Version on Thomas
Signed into Law on December 17, 2002, as P.L. 107-347
Full Text Available in PDF (189 pages) or HTML
SEC. 101. MANAGEMENT AND PROMOTION
OF ELECTRONIC GOVERNMENT SERVICES
(a) IN GENERAL- Title 44, United States Code, is amended by inserting after chapter 35 the following:
CHAPTER 36--MANAGEMENT AND PROMOTION OF ELECTRONIC GOVERNMENT SERVICES
Sec. 3601. Definitions
(3) `electronic Government' means the use by the Government of web-based Internet applications and other information technologies, combined with processes that implement these technologies, to--
(A) enhance the access to and delivery of Government information and services to the public, other agencies, and other Government entities; or
(B) bring about improvements in Government operations that may include effectiveness, efficiency, service quality, or transformation;
Sec. 3602. Office of Electronic Government
(f) Subject to requirements of this chapter, the Administrator shall assist the Director by performing electronic Government functions as follows:
(8) ... in establishing policies which shall set the framework for information technology standards for the Federal Government developed by the National Institute of Standards and Technology ... taking into account ... recommendations of the Chief Information Officers Council, experts, and interested parties from the private and nonprofit sectors and State, local, and tribal governments, and maximizing the use of commercial standards as appropriate, including the following:
(A) Standards and guidelines for interconnectivity and interoperability as described under section 3504.
(B) Consistent with the process under section 207(d) of the E-Government Act of 2002, standards and guidelines for categorizing Federal Government electronic information to enable efficient use of technologies, such as through the use of extensible markup language.
(C) Standards and guidelines for Federal Government computer system efficiency and security.
SEC. 202. FEDERAL AGENCY RESPONSIBILITIES
(b) PERFORMANCE INTEGRATION-
(1) Agencies shall develop performance measures that demonstrate how electronic government enables progress toward agency objectives, strategic goals, and statutory mandates.
(2) In measuring performance under this section, agencies shall rely on existing data collections to the extent practicable.
(3) Areas of performance measurement that agencies should consider include--
(A) customer service;
(B) agency productivity; and
(C) adoption of innovative information technology, including the appropriate use of commercial best practices.
(4) Agencies shall link their performance goals ... to key groups, including citizens, businesses, and other governments, and to internal Federal Government operations.
(5) ... agencies shall work collectively in linking their performance goals to groups identified under paragraph (4) and shall use information technology in delivering Government information and services to those groups.
SEC. 204. FEDERAL INTERNET PORTAL
(a) IN GENERAL-
(1) PUBLIC ACCESS- The Director shall work with the Administrator of the General Services Administration and other agencies to maintain and promote an integrated Internet-based system of providing the public with access to Government information and services.
(2) CRITERIA- To the extent practicable, the integrated system shall be designed and operated according to the following criteria:
(A) The provision of Internet-based Government information and services directed to key groups, including citizens, business, and other governments, and integrated according to function or topic rather than separated according to the boundaries of agency jurisdiction.
(B) An ongoing effort to ensure that Internet-based Government services relevant to a given citizen activity are available from a single point.
(C) Access to Federal Government information and services consolidated ... with Internet-based information and services provided by State, local, and tribal governments.
(D) Access to Federal Government information held by 1 or more agencies shall be made available in a manner that protects privacy, consistent with law.
SEC. 207. ACCESSIBILITY, USABILITY, AND PRESERVATION
OF GOVERNMENT INFORMATION
(a) PURPOSE- The purpose of this section is to improve the methods by which Government information, including information on the Internet, is organized, preserved, and made accessible to the public.
(b) DEFINITIONS- In this section, the term--
(1) `Committee' means the Interagency Committee on Government Information established under subsection (c); and
(2) `directory' means a taxonomy of subjects linked to websites that--
(A) organizes Government information on the Internet according to subject matter; and
(B) may be created with the participation of human editors.
(d) CATEGORIZING OF INFORMATION-
(1) COMMITTEE FUNCTIONS- Not later than 2 years after the date of enactment of this Act, the Committee shall submit recommendations to the Director on--
(A) the adoption of standards, which are open to the maximum extent feasible, to enable the organization and categorization of Government information--
(i) in a way that is searchable electronically, including by searchable identifiers; and
(iii) in ways that are interoperable across agencies;
(B) the definition of categories of Government information which should be classified under the standards; and
(C) determining priorities and developing schedules for the initial implementation of the standards by agencies.
(2) FUNCTIONS OF THE DIRECTOR- Not later than 1 year after the submission of recommendations under paragraph (1), the Director shall issue policies--
(A) requiring that agencies use standards, which are open to the maximum extent feasible, to enable the organization and categorization of Government information--
(i) in a way that is searchable electronically, including by searchable identifiers;
(ii) in ways that are interoperable across agencies; and
(iii) that are, as appropriate, consistent with the provisions under section 3602(f)(8) of title 44, United States Code;
(e) PUBLIC ACCESS TO ELECTRONIC INFORMATION-
(1) COMMITTEE FUNCTIONS- Not later than 2 years after the date of enactment of this Act, the Committee shall submit recommendations to the Director and the Archivist of the United States on--
(A) the adoption by agencies of policies and procedures to ensure that chapters 21, 25, 27, 29, and 31 of title 44, United States Code, are applied effectively and comprehensively to Government information on the Internet and to other electronic records; and
(B) the imposition of timetables for the implementation of the policies and procedures by agencies.
(f) AGENCY WEBSITES-
(1) STANDARDS FOR AGENCY WEBSITES- Not later than 2 years after the effective date of this title, the Director shall promulgate guidance for agency websites that includes--
(A) requirements that websites include direct links to--
(i) descriptions of the mission and statutory authority of the agency;
(ii) information made available to the public under subsections (a)(1) and (b) of section 552 of title 5, United States Code (commonly referred to as the `Freedom of Information Act');
(iii) information about the organizational structure of the agency; and
(iv) the strategic plan of the agency developed under section 306 of title 5, United States Code; and
(B) minimum agency goals to assist public users to navigate agency websites, including--
(i) speed of retrieval of search results;
(ii) the relevance of the results;
(iii) tools to aggregate and disaggregate data; and
(iv) security protocols to protect information.
(2) AGENCY REQUIREMENTS- (A) Not later than 2 years after the date of enactment of this Act, each agency shall--
(i) consult with the Committee and solicit public comment;
(ii) establish a process for determining which Government information the agency intends to make available and accessible to the public on the Internet and by other means;
(iii) develop priorities and schedules for making Government information available and accessible;
(iv) make such final determinations, priorities, and schedules available for public comment;
(v) post such final determinations, priorities, and schedules on the Internet; and
(vi) submit such final determinations, priorities, and schedules to the Director, in the report established under section 202(g).
(B) Each agency shall update determinations, priorities, and schedules of the agency, as needed, after consulting with the Committee and soliciting public comment, if appropriate.
(3) PUBLIC DOMAIN DIRECTORY OF PUBLIC FEDERAL GOVERNMENT WEBSITES-
(A) ESTABLISHMENT- Not later than 2 years after the effective date of this title, the Director and each agency shall--
(i) develop and establish a public domain directory of public Federal Government websites; and
(ii) post the directory on the Internet with a link to the integrated Internet-based system established under section 204.
(B) DEVELOPMENT- With the assistance of each agency, the Director shall--
(i) direct the development of the directory through a collaborative effort, including input from--
(I) agency librarians;
(II) information technology managers;
(III) program managers;
(IV) records managers;
(V) Federal depository librarians; and
(VI) other interested parties; and
(ii) develop a public domain taxonomy of subjects used to review and categorize public Federal Government websites.
(C) UPDATE- With the assistance of each agency, the Administrator of the Office of Electronic Government shall--
(i) update the directory as necessary, but not less than every 6 months; and
(ii) solicit interested persons for improvements to the directory.
SEC. 208. PRIVACY PROVISIONS
(b) PRIVACY IMPACT ASSESSMENTS-
(1) RESPONSIBILITIES OF AGENCIES ...
(B) AGENCY ACTIVITIES- To the extent required under subparagraph (A), each agency shall--
(i) conduct a privacy impact assessment ...
(2) CONTENTS OF A PRIVACY IMPACT ASSESSMENT ...
(B) GUIDANCE- The guidance shall--
(i) ensure that a privacy impact assessment is commensurate with the size of the information system being assessed, the sensitivity of information that is in an identifiable form in that system, and the risk of harm from unauthorized release of that information; and
(ii) require that a privacy impact assessment address--
(I) what information is to be collected;
(II) why the information is being collected;
(III) the intended use of the agency of the information;
(IV) with whom the information will be shared;
(V) what notice or opportunities for consent would be provided to individuals regarding what information is collected and how that information is shared;
(VI) how the information will be secured; and
(VII) whether a system of records is being created under section 552a of title 5, United States Code, (commonly referred to as the `Privacy Act').
(c) PRIVACY PROTECTIONS ON AGENCY WEBSITES ...
(2) PRIVACY POLICIES IN MACHINE-READABLE FORMATS- The Director shall issue guidance requiring agencies to translate privacy policies into a standardized machine-readable format.
SEC. 212. INTEGRATED REPORTING STUDY AND PILOT PROJECTS
(1) IN GENERAL- Not later than 3 years after the date of enactment of this Act, the Director shall oversee a study, in consultation with agencies, the regulated community, public interest organizations, and the public, and submit a report to the Committee on Governmental Affairs of the Senate and the Committee on Government Reform of the House of Representatives on progress toward integrating Federal information systems across agencies.
(2) CONTENTS- The report under this section shall--
(A) address the integration of data elements used in the electronic collection of information within databases established under Federal statute without reducing the quality, accessibility, scope, or utility of the information contained in each database;
(B) address the feasibility of developing, or enabling the development of, software, including Internet-based tools, for use by reporting persons in assembling, documenting, and validating the accuracy of information electronically submitted to agencies under nonvoluntary, statutory, and regulatory requirements;
(C) address the feasibility of developing a distributed information system involving, on a voluntary basis, at least 2 agencies, that--
(i) provides consistent, dependable, and timely public access to the information holdings of 1 or more agencies, or some portion of such holdings, without requiring public users to know which agency holds the information; and
(ii) allows the integration of public information held by the participating agencies;
(D) address the feasibility of incorporating other elements related to the purposes of this section at the discretion of the Director; and
(E) make any recommendations that the Director deems appropriate on the use of integrated reporting and information systems, to reduce the burden on reporting and strengthen public access to databases within and across agencies.
(d) PILOT PROJECTS TO ENCOURAGE INTEGRATED COLLECTION AND MANAGEMENT OF DATA AND INTEROPERABILITY OF FEDERAL INFORMATION SYSTEMS-
(1) IN GENERAL- In order to provide input to the study under subsection (c), the Director shall designate, in consultation with agencies, a series of no more than 5 pilot projects that integrate data elements...
SEC. 302. MANAGEMENT OF INFORMATION TECHNOLOGY
Sec. 11331. Responsibilities for Federal information systems standards
(a) STANDARDS AND GUIDELINES-
(1) AUTHORITY TO PRESCRIBE- ... the Secretary of Commerce shall, on the basis of standards and guidelines developed by the National Institute of Standards and Technology ... prescribe standards and guidelines pertaining to Federal information systems.
(b) MANDATORY REQUIREMENTS-
(1) AUTHORITY TO MAKE MANDATORY- ... the Secretary shall make standards prescribed under subsection (a)(1) compulsory and binding to the extent determined necessary by the Secretary to improve the efficiency of operation or security of Federal information systems.
(2) REQUIRED MANDATORY STANDARDS- (A) Standards prescribed under subsection (a)(1) shall include information security standards that--
(i) provide minimum information security requirements ... and
(ii) are otherwise necessary to improve the security of Federal information and information systems.
SEC. 303. NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY
(a) IN GENERAL- The Institute shall--
(1) have the mission of developing standards, guidelines, and associated methods and techniques for information systems;
(2) develop standards and guidelines, including minimum requirements, for information systems used or operated by an agency or by a contractor of an agency or other organization on behalf of an agency ... and
(3) develop standards and guidelines, including minimum requirements, for providing adequate information security for all agency operations and assets, but such standards and guidelines shall not apply to national security systems.
(b) MINIMUM REQUIREMENTS FOR STANDARDS AND GUIDELINES- The standards and guidelines required by subsection (a) shall include, at a minimum--
(1)(A) standards to be used by all agencies to categorize all information and information systems collected or maintained by or on behalf of each agency based on the objectives of providing appropriate levels of information security according to a range of risk levels;
(B) guidelines recommending the types of information and information systems to be included in each such category; and
(C) minimum information security requirements for information and information systems in each such category;
SEC. 305. TECHNICAL AND CONFORMING AMENDMENTS
(c) PAPERWORK REDUCTION ACT ...
(2) Section 3505 of such title is amended by adding at the end--
`(c) INVENTORY OF MAJOR INFORMATION SYSTEMS- (1) The head of each agency shall develop and maintain an inventory of major information systems (including major national security systems) operated by or under the control of such agency.
(2) The identification of information systems in an inventory under this subsection shall include an identification of the interfaces between each such system and all other systems or networks, including those not operated by or under the control of the agency.
(3) Such inventory shall be ...
(C) used to support information resources management, including--
(i) preparation and maintenance of the inventory of information resources under section 3506(b)(4);
(ii) information technology planning, budgeting, acquisition, and management under section 3506(h), subtitle III of title 40, and related laws and guidance;
(iii) monitoring, testing, and evaluation of information security controls under subchapter II;
(iv) preparation of the index of major information systems required under section 552(g) of title 5, United States Code; and
(v) preparation of information system inventories required for records management under chapters 21, 29, 31, and 33.
[Note: Those chapters are entitled, respectively: National Archives and Records Administration, Records Management by the Archivist of the United States and by the Administrator of General Services, Records Management by Federal Agencies, and Disposal of Records]