PRIA Logo
Take the PRIA Score
Title 44Public Printing and DocumentsRelease 119-73

§3615 Reports to Congress; GAO report

Title 44 › Chapter CHAPTER 36— - MANAGEMENT AND PROMOTION OF ELECTRONIC GOVERNMENT SERVICES › § 3615

Last updated Apr 6, 2026|Official source

Summary

Within 1 year after this law is passed, and every year after, the Director must send the appropriate congressional committees a report. The report must say how well the General Services Administration and other agencies are helping to speed, share, reuse, and secure approvals for cloud services. It must show progress on the metrics required under section 3609(d); give data on FedRAMP authorizations, including how many were submitted, issued, and denied and the average time to issue them; describe work to automate FedRAMP processes; list how many and what kinds of authorized cloud services each agency uses under the Director’s guidance; and review FedRAMP security measures, which may cover geolocation limits, foreign supply-chain disclosures, foreign ownership disclosures, and data encryption. Within 180 days after this law is passed, the Comptroller General must report to the appropriate congressional committees on: costs to agencies and cloud providers for FedRAMP approvals; whether agencies have continuous monitoring for cloud systems; how often and for which types of products agencies use FedRAMP; and the special costs or burdens faced by small cloud companies.

Full Legal Text

Title 44, §3615

Public Printing and Documents — Source: USLM XML via OLRC

(a)Not later than 1 year after the date of enactment of this section, and annually thereafter, the Director shall submit to the appropriate congressional committees a report that includes the following:
(1)During the preceding year, the status, efficiency, and effectiveness of the General Services Administration under section 3609 and agencies under section 3613 and in supporting the speed, effectiveness, sharing, reuse, and security of authorizations to operate for secure cloud computing products and services.
(2)Progress towards meeting the metrics required under section 3609(d).
(3)Data on FedRAMP authorizations.
(4)The average length of time to issue FedRAMP authorizations.
(5)The number of FedRAMP authorizations submitted, issued, and denied for the preceding year.
(6)A review of progress made during the preceding year in advancing automation techniques to securely automate FedRAMP processes and to accelerate reporting under this section.
(7)The number and characteristics of authorized cloud computing products and services in use at each agency consistent with guidance provided by the Director under section 3614.
(8)A review of FedRAMP measures to ensure the security of data stored or processed by cloud service providers, which may include—
(A)geolocation restrictions for provided products or services;
(B)disclosures of foreign elements of supply chains of acquired products or services;
(C)continued disclosures of ownership of cloud service providers by foreign entities; and
(D)encryption for data processed, stored, or transmitted by cloud service providers.
(b)Not later than 180 days after the date of enactment of this section, the Comptroller General of the United States shall report to the appropriate congressional committees an assessment of the following:
(1)The costs incurred by agencies and cloud service providers relating to the issuance of FedRAMP authorizations.
(2)The extent to which agencies have processes in place to continuously monitor the implementation of cloud computing products and services operating as Federal information systems.
(3)How often and for which categories of products and services agencies use FedRAMP authorizations.
(4)The unique costs and potential burdens incurred by cloud computing companies that are small business concerns (as defined in section 3(a) of the Small Business Act (15 U.S.C. 632(a)) as a part of the FedRAMP authorization process.

Legislative History

Notes & Related Subsidiaries

Repeal of SectionFor repeal of section by section 5921(d)(1) of Pub. L. 117–263, see

Effective Date

of Repeal note below.

Editorial Notes

References in Text

The date of enactment of this section, referred to in text, is the date of enactment of Pub. L. 117–263, which was approved Dec. 23, 2022.

Statutory Notes and Related Subsidiaries

Effective Date

of Repeal Pub. L. 117–263, div. E, title LIX, § 5921(d)(1), Dec. 23, 2022, 136 Stat. 3458, provided that the repeal of this section is effective on the date that is 5 years after Dec. 23, 2022.

Construction

For rule of

Construction

regarding section 5921 of Pub. L. 117–263, see section 5921(e) of Pub. L. 117–263, set out as a note under section 3607 of this title.

Reference

Citations & Metadata

Citation

44 U.S.C. § 3615

Title 44Public Printing and Documents

Last Updated

Apr 6, 2026

Release point: 119-73