NDAA includes bill backing new data center standards

Gorodenkoff/Getty Images

The measure would require the General Services Administration to set new resiliency, cybersecurity, availability and sustainability expectations for federal data centers.

A proposal to tee up new requirements for federal data centers is tucked inside the conference text of the annual defense policy bill released last week. 

The Federal Data Center Enhancement Act would tap the General Services Administration with setting up minimum requirements for federal data centers on resiliency, cybersecurity, availability and sustainability.

Sens. Jacky Rosen, D-Nev., Gary Peters, D-Mich., and John Cornyn, R-Texas first introduced the bill in the last Congress before reintroducing it in March.

The trio says that the bill builds on governmentwide efforts to consolidate data centers, which has already resulted in over 6,000 federal data centers being consolidated so far and yielded $5.8 billion in cost savings and avoidance. The statutory authorization for that Federal Data Center Optimization Initiative expired at the end of fiscal year 2022, although the proposal included in the National Defense Authorization Act would extend it through 2026.

Specifically, the bill would task GSA with setting up minimum requirements for data centers on the use of sustainable energy sources, information security protections and protections against power failures and natural disasters, as well as requirements for the availability of new data centers and uptime percentage. 

If passed, the proposal would also add new requirements for agencies to report to GSA and Congress on certain data center management and financial decisions, and GSA would have to maintain a public website on agency compliance with the requirements. The Government Accountability Office would also be required to report on compliance with the new requirements.

“This bipartisan bill will enact a new set of security and resiliency standards to keep our data safe,” said Rosen in a statement when the bill was first introduced. “With the increasing threat of cyberattacks and natural disasters, we must ensure the integrity of our nation’s critical information by protecting data centers.”