As ordered reported by the Senate Committee on Homeland Security and Governmental Affairs on June 25, 2014
S. 2521 would amend the Federal Information Security Management Act of 2002 (FISMA)—the law that governs the security of the federal government’s information technology systems. The legislation would clarify the roles and responsibilities of the Office of Management and Budget (OMB) and the Department of Homeland Security (DHS) for information security. The bill also would update guidelines that federal agencies follow in the event that there is an unauthorized release of data. S. 2521 would require OMB to revise Circular A-130—Management of Federal Information Resources.
CBO estimates that implementing S. 2521 would have no significant net impact on the federal budget over the next five years. The bill could affect direct spending by agencies not funded through annual appropriations; therefore, pay-as-you-go procedures apply. CBO estimates, however, that any net increase in spending by those agencies would not be significant. Enacting S. 2521 would not affect revenues.
Most of the provisions of the bill would codify and expand on current practices of the federal government. OMB has reported that in 2013, federal agencies spent almost $80 billion on information technology and more than $10 billion on related security.
S. 2521 contains no intergovernmental or private-sector mandates as defined in the Unfunded Mandates Reform Act and would impose no costs on state, local, or tribal governments budget.