United States Congress, NDAA 2018 Sec. 881-886 , September 18, 2017. Unclassified.

366
1 “(6) by procurement for experimental purposes
2 pursuant to section 2373 of this title.”.
3 **Subtitle I—Development and Acqui-**
4 **sition of Software Intensive and**
5 **Digital Products and Services**
6 *SEC. 881. RIGHTS IN TECHNICAL DATA.*
7 (a) *MODIFICATION OF DEFINITION OF TECHNICAL*
8 *DATA.*—*Paragraph (4) of section 2302 of title 10, United*
9 *States Code, is amended to read as follows:*
10 “(4) *The term ‘technical data’—*
11 “(A) *means recorded information (regard-*
12 *less of the form or method of the recording) of a*
13 *scientific or technical nature relating to supplies*
14 *procured by an agency;*
15 “(B) *with respect to software, includes ev-*
16 *erything required to reproduce, build/recompile,*
17 *test, and deploy working system binaries on sys-*
18 *tem hardware, including all source code, revision*
19 *histories, build scripts, build/compilation/modi-*
20 *fication instructions/procedures, documentation,*
21 *test cases, expected test results, compilers, inter-*
22 *preters, test harnesses, specialized build and test*
23 *hardware, connectors, cables, and library de-*
24 *pendencies; and*

† HR 2810 PAP

367 1 “(C) does not include computer software in- 2 cidental to contract administration or financial, 3 administrative, cost or pricing, or management 4 data or other information incidental to contract 5 administration.”. 6 (b) RIGHTS IN TECHNICAL DATA.—Section 2320(a)(2) 7 of title 10, United States Code, is amended by adding at 8 the end the following new subparagraph: 9 “(J) The Secretary of Defense shall require the 10 following with respect to software delivery: 11 “(i) Software shall be delivered in native 12 electronic format. 13 “(ii) Builds must not be dependent upon 14 pre-defined build directories. 15 “(iii) In the case of licensing restrictions 16 that do not allow library dependency inclusion, 17 verified accessible repositories and revision his- 18 tory shall be documented and included. 19 “(iv) Commercial Off-The Shelf/Non-Devel- 20 opment Item (COTS/NDI) shall be delivered on 21 original Licensed Media. If firmware is part of 22 the delivery, then a Firmware Support Manual 23 should be included as an Appendix.”.

† HR 2810 PAP

368 1 SEC. 882. DEFENSE INNOVATION BOARD ANALYSIS OF 2 SOFTWARE ACQUISITION REGULATIONS. 3 (a) STUDY.— 4 (1) IN GENERAL.—Not later than 30 days after 5 the date of the enactment of this Act, the Secretary of 6 Defense shall task the Defense Innovation Board to 7 undertake a study on streamlining software develop- 8 ment and acquisition regulations. 9 (2) MEMBER PARTICIPATION.—The Chairman of 10 the Defense Innovation Board shall select appropriate 11 members from the membership of the Board to par- 12 ticipate in this study, and may recommend addi- 13 tional temporary members or contracted support per- 14 sonnel to the Secretary of Defense for the purposes of 15 this study. In considering additional appointments to 16 the study, the Secretary of Defense shall ensure that 17 members have significant technical, legislative, or reg- 18 ulatory expertise and reflect diverse experiences in the 19 public and private sector. 20 (3) SCOPE.—The study conducted pursuant to 21 paragraph (1) shall— 22 (A) review the acquisition regulations ap- 23 plicable to the Department of Defense with a 24 view toward streamlining and improving the ef- 25 ficiency and effectiveness of software acquisition † HR 2810 PAP

369 1 in order to maintain defense technology advan- 2 tage; 3 (B) produce specific and detailed rec- 4 ommendations for any legislation, including the 5 amendment or repeal of regulations, that the 6 members of the Board conducting the study de- 7 termine necessary to— 8 (i) streamline development and pro- 9 curement of software; 10 (ii) adopt best practices from the pri- 11 vate sector applicable to government use; 12 (iii) promote rapid adoption of new 13 technology; 14 (iv) ensure continuing financial and 15 ethical integrity in procurement; and 16 (v) protect the best interests of the De- 17 partment of Defense; and 18 (C) produce such additional recommenda- 19 tions for legislation as such members consider 20 appropriate. 21 (4) CONSULTATION ON MAJOR PROGRAM RE- 22 ALIGNMENT.—The Secretary of Defense shall consult 23 with the Defense Innovation Board in conducting ac- 24 tivities under the major program realignment pilot 25 program established pursuant to section 873. The Sec- † HR 2810 PAP

370 1 retary shall provide the Board with timely access to 2 all information necessary for the Board to provide 3 such consultation and report on the major program 4 realignment. 5 (5) ACCESS TO INFORMATION.—The Secretary of 6 Defense shall provide the Defense Innovation Board 7 with timely access to appropriate information, data, 8 resources, and analysis so that the Board may con- 9 duct a thorough and independent analysis as required 10 under this subsection. 11 (b) REPORTS.— 12 (1) INTERIM REPORTS.—Not later than 150 days 13 after the date of the enactment of this Act, the Sec- 14 retary of Defense shall submit a report to or brief the 15 congressional defense committees on the interim find- 16 ings of the study conducted pursuant to subsection 17 (a). The Defense Innovation Board shall provide reg- 18 ular updates to the Secretary of Defense and the con- 19 gressional defense committees for purposes of pro- 20 viding the interim report. 21 (2) FINAL REPORT.—Not later than one year 22 after the Secretary of Defense tasks the Defense Advi- 23 sory Board to conduct the study, the Board shall 24 transmit a final report of the study to the Secretary. 25 Not later than 30 days after receiving the final re-

† HR 2810 PAP

371 1 port, the Secretary of Defense shall transmit the final 2 report, together with such comments as the Secretary 3 determines appropriate, to the congressional defense 4 committees. 5 SEC. 883. PILOT TO TAILOR SOFTWARE-INTENSIVE MAJOR 6 PROGRAMS TO USE AGILE METHODS. 7 (a) IN GENERAL.—Not later than 30 days after the 8 date of the enactment of this Act, the Secretary of Defense, 9 in consultation with the Secretaries and Chiefs of the mili- 10 tary services, shall identify one major program per service 11 and one defense-wide program for tailoring into smaller in- 12 crements. The programs shall be selected from among those 13 designated as major defense acquisition programs and those 14 formerly designated as major automated information sys- 15 tems (excluding defense business systems). 16 (b) PROGRAM SELECTION CRITERIA.—In identifying 17 candidate programs, the Secretary shall prioritize pro- 18 grams that— 19 (1) are software intensive; 20 (2) have identified software development as a 21 risk; 22 (3) have experienced cost growth and schedule 23 delay; and 24 (4) did not deliver any operational capability 25 within the prior calendar year. † HR 2810 PAP

372 1 (c) REALIGNMENT PLAN.—The Secretary of Defense 2 shall finalize a realignment plan within 60 days of pro- 3 grams being identified under subsection (a) that provides 4 for the realigned program increments having a cost below 5 the cost threshold for designation as a major acquisition. 6 (d) REALIGNMENT EXECUTION.—Each realigned pro- 7 gram increment shall— 8 (1) be designed to deliver a meaningfully useful 9 capability within the first 180 days following realign- 10 ment; 11 (2) be designed to deliver subsequent meaning- 12 fully useful capabilities on timeframes of less than 13 180 days; 14 (3) incorporate cross-functional teams focused on 15 software production that prioritize user needs and 16 control of total cost of ownership; 17 (4) be staffed with highly qualified technically 18 trained staff and personnel with management and 19 business process expertise in leadership positions to 20 support requirements modification, acquisition strat- 21 egy, and program decisionmaking; 22 (5) ensure that realigned acquisition strategies 23 are broad enough to allow offerors to propose a serv- 24 ice, system, modified business practice, configuration 25 of personnel, or combination thereof as a solution;

† HR 2810 PAP

373 1 (6) include periodic engagement with the user 2 community, as well as representation by the user 3 community in program management and software 4 production activity; 5 (7) ensure realigned acquisition strategies favor 6 outcomes-based requirements definition and capa- 7 bility as a service, including the establishment of tech- 8 nical evaluation criteria as outcomes to be used to 9 drive service-level agreements with vendors; and 10 (8) consider options for termination of the rela- 11 tionship with any vendor unable or unwilling to offer 12 terms that meet the requirements of this section. 13 (e) CONSULTATION.—In conducting the program selec- 14 tion and tailoring under this section, the Secretary shall— 15 (1) use the tools, resources, and expertise of dig- 16 ital and innovation organizations resident in the De- 17 partment, such as the Defense Innovation Board, the 18 Defense Innovation Unit Experimental, the Defense 19 Science Board, the Defense Digital Services, federally 20 funded research and development centers, research 21 laboratories, and other technical, management, and 22 acquisition experts; 23 (2) use the digital development and acquisition 24 expertise of the General Services Administration's 25 Technology Transition Service, Office of 18F; and

† HR 2810 PAP

374 1 (3) leverage the science, technology, and innova- 2 tion activities established pursuant to section 217 of 3 the National Defense Authorization Act for Fiscal 4 Year 2016 (Public Law 114–92; 10 U.S.C. 2445a 5 note). 6 (f) AGILE ACQUISITION DEFINED.—In this section, the 7 term “agile acquisition”— 8 (1) means acquisition pursuant to a methodology 9 for delivering multiple, rapid, incremental capabili- 10 ties to the user for operational use, evaluation, and 11 feedback; and 12 (2) involves— 13 (A) the incremental development and field- 14 ing of capabilities, commonly called “spirals”, 15 “spins”, or “sprints”, which can be measured in 16 a few weeks or months; and 17 (B) continuous participation and collabora- 18 tion by users, testers, and requirements authori- 19 ties. 20 SEC. 884. REVIEW AND REALIGNMENT OF DEFENSE BUSI- 21 NESS SYSTEMS TO EMPHASIZE AGILE METH- 22 ODS. 23 (a) IN GENERAL.—Not later than 30 days after the 24 date of the enactment of this Act, the Secretary of Defense, 25 in consultation with the Chief Information Officers and † HR 2810 PAP

375 1 Chief Management Officers of the military services, shall 2 conduct a comprehensive assessment of investments in de- 3 fense business systems and prioritize no fewer than four and 4 up to eight such systems for realignment and restructuring 5 into smaller increments and the incorporation of agile ac- 6 quisition methods. 7 (b) PROGRAM ASSESSMENT ELEMENTS.—The assess- 8 ment under subsection (a) shall include the following: 9 (1) A comparison of investments in business sys- 10 tems across the Department of Defense within each 11 business system portfolio category, such as personnel 12 and pay systems, accounting and financial systems, 13 and contracting and procurement systems. 14 (2) Identification of opportunities to rationalize 15 requirements across investments within a business 16 system portfolio. 17 (3) Identification of programs within business 18 system portfolio categories that are most closely fol- 19 lowing the best acquisition practices for software in- 20 tensive systems. 21 (c) PROGRAM REALIGNMENT SELECTION CRITERIA.— 22 In identifying programs for potential realignment, the Sec- 23 retary of Defense shall prioritize programs that— 24 (1) did not deliver any operational capability 25 within the prior calendar year;

† HR 2810 PAP

376 1 (2) have experienced cost growth and schedule 2 delay; and 3 (3) have similar user requirements to a better 4 performing program within the same business system 5 portfolio category. 6 (d) REALIGNMENT PLAN.—The Secretary of Defense 7 shall finalize a realignment plan within 60 days of pro- 8 grams being identified under subsection (c). 9 (e) REALIGNMENT EXECUTION.—Each realigned pro- 10 gram increment shall— 11 (1) be designed to deliver a meaningfully useful 12 capability within the first 180 days following realign- 13 ment; 14 (2) be designed to deliver subsequent meaning- 15 fully useful capabilities on timeframes of less than 16 180 days; 17 (3) incorporate cross-functional teams focused on 18 software production that prioritize user needs and 19 control of total cost of ownership; 20 (4) be staffed with highly qualified technically 21 trained staff and personnel with management and 22 business process expertise in leadership positions to 23 support requirements modification, acquisition strat- 24 egy, and program decision making;

† HR 2810 PAP

377 1 (5) ensure that realigned acquisition strategies 2 are broad enough to allow offerors to propose a serv- 3 ice, system, modified business practice, configuration 4 of personnel, or combination thereof as a solution; 5 (6) include periodic engagement with the user 6 community as well as representation by the user com- 7 munity in program management and software pro- 8 duction activity; 9 (7) ensure realigned acquisition strategies favor 10 outcomes-based requirements definition and capa- 11 bility as a service, including the establishment of tech- 12 nical evaluation criteria as outcomes to be used to 13 drive service-level-agreements with vendors; and 14 (8) consider options for termination of the rela- 15 tionship with any vendor unable or unwilling to offer 16 terms that meet the requirements of this section. 17 (f) CONSULTATION.—In conducting the program selec- 18 tion and realignments under this section, the Secretary 19 shall— 20 (1) use the tools, resources, and expertise of dig- 21 ital and innovation organizations resident in the De- 22 partment, such as the Defense Innovation Board, the 23 Defense Innovation Unit Experimental, the Defense 24 Science Board, the Defense Business Board, the De- 25 fense Digital Services, federally funded research and † HR 2810 PAP

378 1 development centers, research laboratories, and other 2 technical, management, and acquisition experts; 3 (2) use the digital development and acquisition 4 expertise of the General Services Administration’s 5 Technology Transition Service, Office of 18F; and 6 (3) leverage the science, technology, and innova- 7 tion activities established pursuant to section 217 of 8 the National Defense Authorization Act for Fiscal 9 Year 2016 (Public Law 114–92; 10 U.S.C. 2445a 10 note). 11 (g) AGILE ACQUISITION DEFINED.—In this section, the 12 term “agile acquisition”— 13 (1) means acquisition pursuant to a methodology 14 for delivering multiple, rapid, incremental capabili- 15 ties to the user for operational use, evaluation, and 16 feedback; and 17 (2) involves— 18 (A) the incremental development and field- 19 ing of capabilities, commonly called “spirals”, 20 “spins”, or “sprints”, which can be measured in 21 a few weeks or months; and 22 (B) continuous participation and collabora- 23 tion by users, testers, and requirements authori- 24 ties.

† HR 2810 PAP

379 1 SEC. 885. SOFTWARE DEVELOPMENT PILOT USING AGILE 2 BEST PRACTICES. 3 (a) IN GENERAL.—Not later than 30 days after the 4 date of the enactment of this Act, the Secretary of Defense 5 shall identify no fewer than four and up to eight software 6 development activities within the Department of Defense or 7 military departments to be developed using modern agile 8 acquisition methods. 9 (b) STREAMLINED PROCESSES.—Software develop- 10 ment activities identified under subsection (a) shall be de- 11 veloped without incorporation of the following contract or 12 transaction requirements: 13 (1) Earned Value Management (EVM) or EVM- 14 like reporting. 15 (2) Development of Integrated Master Schedule. 16 (3) Development of Integrated Master Plan. 17 (4) Development of Technical Requirement Docu- 18 ment. 19 (5) Development of Systems Requirement Docu- 20 ments. 21 (6) Use of Information Technology Infrastructure 22 Library agreements. 23 (7) Use of Software Development Life Cycle 24 (methodology). 25 (c) ROLES AND RESPONSIBILITIES.— † HR 2810 PAP

380 1 (1) IN GENERAL.—Selected activities shall in- 2 clude the following roles and responsibilities: 3 (A) A program manager that is empowered 4 to make all programmatic decisions within the 5 overarching activity objectives, including re- 6 sources, funding, personnel, and contract or 7 transaction termination recommendations. 8 (B) A product owner that reports directly to 9 the program manager and is responsible for the 10 overall design of the product, prioritization of 11 roadmap elements and interpretation of their ac- 12 ceptance criteria, and prioritization of the list of 13 all features desired in the product. 14 (C) An engineering lead that reports di- 15 rectly to the program manager and is responsible 16 for the implementation and operation of the soft- 17 ware. 18 (D) A design lead that reports directly to 19 the program manager and is responsible for 20 identifying, communicating, and visualizing 21 user needs through a human centered design 22 process. 23 (2) QUALIFICATIONS.—The Secretary shall estab- 24 lish qualifications for personnel filling these positions 25 prior to their selection. The qualifications may not † HR 2810 PAP

381 1 include a positive education requirement and must be 2 based on technical expertise or experience in delivery 3 of software products, to include agile concepts. 4 (3) COORDINATION PLAN FOR TESTING AND CER- 5 TIFICATION ORGANIZATIONS.—The program manager 6 shall ensure resources for test and certification orga- 7 nizations support of iterative development processes. 8 (d) PLAN.—The Secretary of Defense or designee shall 9 develop a plan for each selected activity under the pilot to 10 include the following elements: 11 (1) Definition of a product vision, identifying a 12 succinct, clearly defined need the software will ad- 13 dress. 14 (2) Definition of a product road map, outlining 15 a noncontractual plan that identifies short-term and 16 long-term product goals and specific technology solu- 17 tions to help meet those goals and adjusts to mission 18 and user needs at the product owner’s discretion. 19 (3) The use of a Broad Agency Announcement, 20 Other Transaction Authority, or other rapid merit- 21 based solicitation procedure. 22 (4) Identification of, and continuous engagement 23 with, end users.

† HR 2810 PAP

382 1 (5) Frequent and iterative end user validation of 2 features and usability consistent with the principles 3 outlined in the Digital Services Playbook. 4 (6) Use of commercial best practices for ad- 5 vanced computing systems, including, where applica- 6 ble— 7 (A) Automated Testing, Integration, and 8 Deployment; 9 (B) compliance with applicable commercial 10 accessibility standards; 11 (C) capability to support modern versions 12 of multiple, common web browsers; 13 (D) capability to be viewable across com- 14 monly used end user devices, including mobile 15 devices; and 16 (E) built-in application monitoring. 17 (e) PROGRAM SCHEDULE.—The Secretary shall ensure 18 that each selected activity includes— 19 (1) award processes that take no longer than 3 20 months after a requirement is identified; 21 (2) planned frequent and iterative end user vali- 22 dation of implemented features and their usability; 23 (3) delivery of a functional prototype or mini- 24 mally viable product in 3 months or less from award; 25 and

† HR 2810 PAP

383 1 (4) follow-on delivery of iterative development 2 cycles no longer than 4 weeks apart, including secu- 3 rity testing and configuration management as appli- 4 cable. 5 (f) OVERSIGHT METRICS.—The Secretary shall ensure 6 that the selected activities— 7 (1) use a modern tracking tool to execute require- 8 ments backlog tracking; and 9 (2) use agile development metrics that, at a min- 10 imum, track— 11 (A) pace of work accomplishment; 12 (B) completeness of scope of testing activi- 13 ties (such as code coverage, fault tolerance, and 14 boundary testing); 15 (C) product quality attributes (such as 16 major and minor defects and measures of key 17 performance attributes and quality attributes); 18 (D) delivery progress relative to the current 19 product roadmap; and 20 (E) goals for each iteration. 21 (g) DATA RIGHTS.— 22 (1) UNCLASSIFIED SOFTWARE.— 23 (A) DEPARTMENT OF DEFENSE RIGHTS.— 24 The Department of Defense shall obtain suffi- 25 cient data rights for unclassified software so that † HR 2810 PAP

384 1 all custom computer software developed under 2 the pilot activities are managed as open source 3 software. 4 (B) PUBLIC AVAILABILITY.—The contractor 5 shall publicly develop and release the source code 6 for unclassified custom software in a public re- 7 pository with a license through which the copy- 8 right holder provides the rights to use, study, 9 reuse, modify, enhance, and distribute the soft- 10 ware to anyone and for any purpose. 11 (2) OTHER SOFTWARE.—For all other custom 12 software delivered under the pilot activities, the De- 13 partment of Defense shall obtain sufficient data rights 14 to enable a third party, other than the pilot con- 15 tractor, to continue development and maintenance ac- 16 tivities throughout the program lifecycle. 17 (h) RESTRICTIONS.— 18 (1) USE OF FUNDS.—No funds made available 19 for the selected activities may be expended on esti- 20 mation or evaluation using source lines of code meth- 21 odologies. 22 (2) CONTRACT TYPES.—The Secretary of Defense 23 may not use lowest price technically acceptable con- 24 tracting methods or cost plus contracts to carry out 25 selected activities under this section, and shall encour-

† HR 2810 PAP

385 1 age the use of existing streamlined and flexible con- 2 tracting arrangements. 3 (i) CONSULTATION.—In executing the software devel- 4 opment activities under subsection (a), the Secretary 5 shall— 6 (1) use the tools, resources, and expertise of dig- 7 ital and innovation organizations resident in the De- 8 partment, such as the Defense Innovation Board, the 9 Defense Innovation Unit Experimental, the Defense 10 Science Board, the Defense Business Board, the De- 11 fense Digital Services, federally funded research and 12 development centers, research laboratories, and other 13 technical, management, and acquisition experts; and 14 (2) use, as appropriate, the digital development 15 and acquisition expertise of the General Services Ad- 16 ministration. 17 (j) REPORTS.— 18 (1) SOFTWARE DEVELOPMENT ACTIVITY COM- 19 MENCEMENT.— 20 (A) IN GENERAL.—Not later than 30 days 21 before the commencement of a software develop- 22 ment activity under subsection (a), the Secretary 23 shall submit to the congressional defense commit- 24 tees a report on the pilot activity.

† HR 2810 PAP

386
1 (B) ELEMENTS.—The report on a pilot ac-
2 tivity under this paragraph shall set forth a de-
3 scription of the pilot activity, including the fol-
4 lowing information:
5 (i) The purpose of the pilot activity.
6 (ii) The duration of the pilot activity.
7 (iii) The efficiencies and benefits an-
8 ticipated to accrue to the Government under
9 the pilot program.
10 (2) SOFTWARE DEVELOPMENT ACTIVITY COMPLE-
11 TION.—
12 (A) IN GENERAL.—Not later than 60 days
13 after the completion of a pilot activity, the Sec-
14 retary shall submit to the congressional defense
15 committees a report on the pilot activity.
16 (B) ELEMENTS.—The report on a pilot ac-
17 tivity under this paragraph shall include the fol-
18 lowing elements:
19 (i) A description of results of the pilot
20 activity.
21 (ii) Such recommendations for legisla-
22 tive or administrative action as the Sec-
23 retary considers appropriate in light of the
24 pilot activity.

† HR 2810 PAP

387 1 (k) AGILE ACQUISITION DEFINED.—In this section, the 2 term “agile acquisition”— 3 (1) means acquisition pursuant to a methodology 4 for delivering multiple, rapid, incremental capabili- 5 ties to the user for operational use, evaluation, and 6 feedback; and 7 (2) involves— 8 (A) the incremental development and field- 9 ing of capabilities, commonly called “spirals”, 10 “spins”, or “sprints”, which can be measured in 11 a few weeks or months; and 12 (B) continuous participation and collabora- 13 tion by users, testers, and requirements authori- 14 ties. 15 SEC. 886. USE OF OPEN SOURCE SOFTWARE. 16 (a) OPEN SOURCE SOFTWARE.— 17 (1) IN GENERAL.—Chapter 137 of title 10, 18 United States Code, is amended by inserting after sec- 19 tion 2320 the following new section: 20 “§ 2320a. Use of open source software 21 “(a) SOFTWARE DEVELOPMENT.—All unclassified cus- 22 tom-developed computer software and related technical data 23 that is not a defense article regulated pursuant to section 24 38 of the Arms Export Control Act (22 U.S.C. 2778) and 25 that is developed under a contract or other transaction † HR 2810 PAP

388 1 awarded by the Department of Defense on or after the date 2 that is 180 days after the date of the enactment of this sec- 3 tion shall be managed as open source software unless spe- 4 cifically waived by the service acquisition executive. 5 “(b) RELEASE OF SOFTWARE IN PUBLIC REPOSI- 6 TORY.—The Secretary of Defense shall require the con- 7 tractor to release source code and related technical data de- 8 scribed under subsection (a) in a public repository approved 9 by the Department of Defense, subject to a license through 10 which the copyright holder provides the rights to use, study, 11 reuse, modify, enhance, and distribute the software to any- 12 one and for any purpose. 13 “(c) APPLICABILITY TO EXISTING SOFTWARE.—The 14 Secretary of Defense shall, where appropriate— 15 “(1) seek to negotiate open source licenses to ex- 16 isting custom-developed computer software with con- 17 tractors that developed it; and 18 “(2) release related source code and technical 19 data in a public repository location approved by the 20 Department of Defense. 21 “(d) DEFINITIONS.—In this section: 22 “(1) CUSTOM-DEVELOPED COMPUTER SOFT- 23 WARE.—The term ‘custom-developed computer soft- 24 ware’—

† HR 2810 PAP

389 1 “(A) means human-readable source code, in- 2 cluding segregable portions thereof, that is— 3 “(i) first produced in the performance 4 of a Department of Defense contract, grant, 5 cooperative agreement, or other transaction; 6 or 7 “(ii) developed by a contractor or sub- 8 contractor exclusively with Federal funds 9 (other than an item or process developed 10 under a contract or subcontract to which 11 regulations under section 9(j)(2) of the 12 Small Business Act (15 U.S.C. 638(j)(2)) 13 apply); and 14 “(B) does not include Commercial Off-The- 15 Shelf software, or packaged software developed 16 exclusively at private expense, whether delivered 17 as a Cloud Service, in binary form, or by any 18 other means of software delivery. 19 “(2) TECHNICAL DATA.—The term ‘technical 20 data’ has the meaning given the term in section 2302 21 of this title.”. 22 (2) CLERICAL AMENDMENT.—The table of sec- 23 tions at the beginning of such chapter is amended by 24 adding after the item relating to section 2320 the fol- 25 lowing new item: “2320a. Use of open source software.”. † HR 2810 PAP

390 1 (b) PRIZE COMPETITION.—The Secretary of Defense 2 shall create a prize for a research and develop program or 3 other activity for identifying, capturing, and storing exist- 4 ing Department of Defense custom-developed computer soft- 5 ware and related technical data. The Secretary of Defense 6 shall create an additional prize for improving, repurposing, 7 or reusing software to better support the Department of De- 8 fense mission. The prize programs shall be conducted in ac- 9 cordance with section 2374a of title 10, United States Code. 10 (c) REVERSE ENGINEERING.—The Secretary of De- 11 fense shall task the Defense Advanced Research Program 12 Agency with a project to identify methods to locate and re- 13 verse engineer Department of Defense custom-developed 14 computer software and related technical data for which 15 source code is unavailable. 16 (d) DEFINITIONS.—In this section: 17 (1) CUSTOM-DEVELOPED COMPUTER SOFT- 18 WARE.—The term “custom-developed computer soft- 19 ware”— 20 (A) means human-readable source code, in- 21 cluding segregable portions thereof, that is— 22 (i) first produced in the performance of 23 a Department of Defense contract, grant, co- 24 operative agreement, or other transaction; 25 or † HR 2810 PAP

391 1 (ii) developed by a contractor or sub- 2 contractor exclusively with Federal funds 3 (other than an item or process developed 4 under a contract or subcontract to which 5 regulations under section 9(j)(2) of the 6 Small Business Act (15 U.S.C. 638(j)(2)) 7 apply); and 8 (B) does not include Commercial Off-The- 9 Shelf software, or packaged software developed 10 exclusively at private expense, whether delivered 11 as a Cloud Service, in binary form, or by any 12 other means of software delivery. 13 (2) TECHNICAL DATA.—The term “technical 14 data” has the meaning given the term in section 2302 15 of title 10, United States Code. 16 (e) REGULATIONS.—Not later than 180 days after the 17 date of the enactment of this Act, the Secretary of Defense 18 shall amend the Defense Federal Acquisition Regulation 19 Supplement to carry out this section and the amendments 20 made by this section.

† HR 2810 PAP

NATIONAL SECURITY ARCHIVE

National Security Archive, Suite 701, Gelman Library, The George Washington University, 2130 H Street, NW, Washington, D.C., 20037, Phone: 202/994-7000, Fax: 202/994-7005, nsarchiv@gwu.edu