H.R. 7274 would modify the operations of the Federal Acquisition Security Council, an entity that provides guidance, information, and support to federal agencies in procuring secure information communications technology (ICT) systems. The bill would require the council to report annually to the Congress on security vulnerabilities in ICT supply chains. The bill also would expand the council’s membership and direct federal agencies to provide any information on supply chains that the council requests.
The Cybersecurity and Infrastructure Security Agency, the federal agency that currently manages the operations of the council, performs many of the information sharing and procurement support activities that would be required by H.R. 7274. CBO estimates that implementing H.R. 7274 would cost less than $500,000 over the 2026‑2031 period to prepare and deliver the required reports; such spending would be subject to the availability of appropriations.
Satisfying the requirement to provide information on supply chains to the council could affect direct spending by some agencies that are allowed to use fees, receipts from the sale of goods, and other collections to cover operating costs. CBO estimates that any net changes in direct spending by those agencies would be negligible because most of them can adjust amounts collected to reflect changes in operating costs.
The CBO staff contact for this estimate is Aldo Prosperi. The estimate was reviewed by Christina Hawley Anthony, Deputy Director of Budget Analysis.
