The Federal Information Security Management Act (FISMA) provides a comprehensive framework to protect the security of federal information systems. S. 2975 would clarify that, under FISMA, federal agencies have the sole and exclusive authority to take appropriate and timely actions to secure their information technology and information systems. CBO estimates that while implementing S. 2975 would clarify Congressional intent, it would have no significant effect on the federal budget because it would not expand the duties of executive agencies. Because enacting the bill could affect direct spending by agencies not funded through annual appropriations, pay-as-you-go procedures apply. CBO estimates, however, that any net change in spending by those agencies would be negligible. Enacting S. 2975 would not affect revenues.
CBO estimates that enacting S. 2975 would not increase direct spending or on-budget deficits in any of the four consecutive 10-year periods beginning in 2027.
S. 2975 contains no intergovernmental or private-sector mandates as defined in the Unfunded Mandates Reform Act and would not affect the budgets of state, local, or tribal governments.
On March 24, 2016, CBO transmitted a cost estimate for H.R. 4361, the Federal Information Systems Safeguards Act of 2016, as ordered reported by the House Committee on Oversight and Government Reform on March 1, 2016. The two bills are similar and CBO’s estimate of their budgetary effects are the same.