PRIA Logo
Title 44Public Printing and DocumentsRelease 119-73not60

§3615 Reports to Congress; Gao Report

Title 44 › Chapter 36— MANAGEMENT AND PROMOTION OF ELECTRONIC GOVERNMENT SERVICES › § 3615

Last updated Apr 5, 2026|Official source

Summary

The Director must send Congress a report no later than 1 year after this law is passed and every year after that. The report must say how well the General Services Administration (under section 3609) and agencies (under section 3613) are helping speed, share, reuse, and secure cloud service authorizations. It must show progress on the metrics in section 3609(d); give FedRAMP data such as average time to approve and counts of submissions, approvals, and denials; describe work to automate FedRAMP processes; list the authorized cloud products and their key features at each agency under guidance in section 3614; and review FedRAMP security steps like geolocation limits, foreign supply-chain and ownership disclosures, and encryption. Not later than 180 days after enactment, the Comptroller General must report to Congress on the costs to agencies and cloud providers for FedRAMP authorizations, whether agencies have continuous monitoring in place, how often and for which types of services agencies use FedRAMP, and any unique costs or burdens on small business cloud companies as defined in section 3(a) of the Small Business Act (15 U.S.C. 632(a)).

Full Legal Text

Title 44, §3615

Public Printing and Documents — Source: USLM XML via OLRC

(a)Not later than 1 year after the date of enactment of this section, and annually thereafter, the Director shall submit to the appropriate congressional committees a report that includes the following:
(1)During the preceding year, the status, efficiency, and effectiveness of the General Services Administration under section 3609 and agencies under section 3613 and in supporting the speed, effectiveness, sharing, reuse, and security of authorizations to operate for secure cloud computing products and services.
(2)Progress towards meeting the metrics required under section 3609(d).
(3)Data on FedRAMP authorizations.
(4)The average length of time to issue FedRAMP authorizations.
(5)The number of FedRAMP authorizations submitted, issued, and denied for the preceding year.
(6)A review of progress made during the preceding year in advancing automation techniques to securely automate FedRAMP processes and to accelerate reporting under this section.
(7)The number and characteristics of authorized cloud computing products and services in use at each agency consistent with guidance provided by the Director under section 3614.
(8)A review of FedRAMP measures to ensure the security of data stored or processed by cloud service providers, which may include—
(A)geolocation restrictions for provided products or services;
(B)disclosures of foreign elements of supply chains of acquired products or services;
(C)continued disclosures of ownership of cloud service providers by foreign entities; and
(D)encryption for data processed, stored, or transmitted by cloud service providers.
(b)Not later than 180 days after the date of enactment of this section, the Comptroller General of the United States shall report to the appropriate congressional committees an assessment of the following:
(1)The costs incurred by agencies and cloud service providers relating to the issuance of FedRAMP authorizations.
(2)The extent to which agencies have processes in place to continuously monitor the implementation of cloud computing products and services operating as Federal information systems.
(3)How often and for which categories of products and services agencies use FedRAMP authorizations.
(4)The unique costs and potential burdens incurred by cloud computing companies that are small business concerns (as defined in section 3(a) of the Small Business Act (15 U.S.C. 632(a)) as a part of the FedRAMP authorization process.

Legislative History

Notes & Related Subsidiaries

Repeal of SectionFor repeal of section by section 5921(d)(1) of Pub. L. 117–263, see

Effective Date

of Repeal note below.

Editorial Notes

References in Text

The date of enactment of this section, referred to in text, is the date of enactment of Pub. L. 117–263, which was approved Dec. 23, 2022.

Statutory Notes and Related Subsidiaries

Effective Date

of Repeal Pub. L. 117–263, div. E, title LIX, § 5921(d)(1), Dec. 23, 2022, 136 Stat. 3458, provided that the repeal of this section is effective on the date that is 5 years after Dec. 23, 2022.

Construction

For rule of

Construction

regarding section 5921 of Pub. L. 117–263, see section 5921(e) of Pub. L. 117–263, set out as a note under section 3607 of this title.

Reference

Citations & Metadata

Citation

44 U.S.C. § 3615

Title 44Public Printing and Documents

Last Updated

Apr 5, 2026

Release point: 119-73not60