FedRAMP Authorization Act on OMB¶
OMB Memorandum M-24-15
The guidance required by this section is published as OMB Memorandum M-24-15.
Sec. 3614. Roles and responsibilities of the Office of Management and Budget¶
The Director shall–
-
in consultation with the Administrator and the Secretary, issue guidance that:
-
(A) specifies the categories or characteristics of cloud computing products and services that are within the scope of FedRAMP;
(B) includes requirements for agencies to obtain a FedRAMP authorization when operating a cloud computing product or service described in subparagraph (A) as a Federal information system; and
(C) encompasses, to the greatest extent practicable, all necessary and appropriate cloud computing products and services;
-
issue guidance describing additional responsibilities of FedRAMP and the FedRAMP Board to accelerate the adoption of secure cloud computing products and services by the Federal Government;
-
in consultation with the Administrator, establish a process to periodically review FedRAMP authorization packages to support the secure authorization and reuse of secure cloud products and services;
-
oversee the effectiveness of FedRAMP and the FedRAMP Board, including the compliance by the FedRAMP Board with the duties described in section 3610(d); and
-
to the greatest extent practicable, encourage and promote consistency of the assessment, authorization, adoption, and use of secure cloud computing products and services within and across agencies.