Skip to content

FedRAMP Authorization Act on Definitions

Delegation of Authority to the FedRAMP Director

The GSA Administrator's authority and responsibility for Sec. 3607 - 3616 has been delegated to the FedRAMP Director; therefore any mention of the Administrator in these materials can also be read as the FedRAMP Director.

The Director in the law is not the FedRAMP Director!

The Director in this section of law is the Director of the Office of Management and Budget - not the FedRAMP Director. The authority and responsibility for the Director has been delegated to the Federal Chief Information Officer.

Sec. 3607. Definitions

(a) In General

Except as provided under subsection (b), the definitions under sections 3502 and 3552 apply to this section through section 3616.

(b) Additional Definitions

In this section through section 3616:

  1. Administrator

    The term Administrator means the Administrator of General Services.

  2. Appropriate congressional committees

    The term appropriate congressional committees means the Committee on Homeland Security and Governmental Affairs of the Senate and the Committee on Oversight and Reform of the House of Representatives.

  3. Authorization to operate; federal information

    The terms authorization to operate and Federal information have the meaning given those term in Circular A-130 of the Office of Management and Budget entitled Managing Information as a Strategic Resource, or any successor document.

  4. Cloud computing

    The term cloud computing has the meaning given the term in Special Publication 800-145 of the National Institute of Standards and Technology, or any successor document.

  5. Cloud service provider

    The term cloud service provider means an entity offering cloud computing products or services to agencies.

  6. FedRAMP

    The term FedRAMP means the Federal Risk and Authorization Management Program established under section 3608.

  7. FedRAMP authorization

    The term FedRAMP authorization means a certification that a cloud computing product or service has--

      A. completed a FedRAMP authorization process, as determined by the Administrator; or

      B. received a FedRAMP provisional authorization to operate, as determined by the FedRAMP Board.

  8. FedRAMP authorization package

    The term FedRAMP authorization package means the essential information that can be used by an agency to determine whether to authorize the operation of an information system or the use of a designated set of common controls for all cloud computing products and services authorized by FedRAMP.

  9. FedRAMP board

    The term FedRAMP Board means the board established under section 3610.

  10. Independent assessment service

    The term independent assessment service means a third-party organization accredited by the Administrator to undertake conformity assessments of cloud service providers and the products or services of cloud service providers.

  11. Secretary

    The term Secretary means the Secretary of Homeland Security.