Congress agrees on funding package

After flirting with another shutdown, lawmakers agreed on a bipartisan $1 trillion spending bill to fund the federal government through September.

The bill punts some of the big political footballs to the fiscal 2018 budget, including funding for a planned border wall with Mexico. The 2017 appropriations package provides additional funding for increased border security and the military, as requested by the Trump administration.

The omnibus appropriation will replace a short-term continuing resolution that is set to expire May 5. It still must be approved in both houses of Congress and signed by the president.

"This bipartisan agreement eliminates more than 160 poison pill riders that would have been devastating to the environment, put restrictions on consumer financial protections and attacked the Affordable Care Act," Sen. Pat Leahy (D-Vt.), the vice chairman of the Senate Appropriations committee said in a statement May 1. "Such riders have no place in a must-pass spending bill."

Democrats in general bragged about having held off requests to begin a planned reduction of funding for civilian federal agencies. Republicans, including House Speaker Paul Ryan, touted the deal as a down payment on fulfilling President Donald Trump's pledge to spend more on defense and border security.

The bill "acts on President Trump's commitment to rebuild our military for the 21st century and bolster our nation’s border security to protect our homeland," Ryan said. "Importantly, we have boosted resources for our defense needs without corresponding increases in non-defense spending, as Democrats had insisted upon for years."

The bill also has impacts on IT programs and spending big and small.

One significant change, tucked away in the general government provisions, will try to standardize a governmentwide definition of cybersecurity for budgeting purposes. The change calls for the Office of Management and Budget to consult with the homeland security, budget and appropriations panels in the House and Senate to arrive at a common understanding of what federal activities count as cybersecurity.

The bill also renews an exemption to existing "Buy American" laws to allow for federal agencies to acquire commercial IT that is not made in the U.S. or from U.S. companies. Separately, the bill renews some requirements dating back to 2013 to require some supply chain vetting of IT from firms owned or in part controlled or directed by elements of the Chinese government or military.

The bill taps $100 million for a planned "Countering Russian Influence Fund," to fund civil society groups that work to defend democratic institutions against Russian influence campaigns, including defense against cyberattacks and online propaganda efforts.

The section funding the Office of Personnel Management calls for $11 million to be spent on security the legacy Shell IT environment, which has been plagued with contracting problems and was the subject of a flash audit by the OPM inspector general in the wake of the devastating hack of the agency's personnel data.

The funding package also includes a requirement that federal agencies providing cybersecurity prevention and mitigation tools to the House of Representatives "shall take all necessary steps to ensure the constitutional integrity of the separate branches of government at all stages of providing the assistance." This includes basic data minimization as well as a separate requirement to limit the sharing of privileged information about elected representatives.