CHAPTER 36 —MANAGEMENT AND PROMOTION OF ELECTRONIC GOVERNMENT SERVICES
Amendment of Analysis
Editorial Notes
Amendments
2022—
Statutory Notes and Related Subsidiaries
Effective Date of 2022 Amendment
§3601. Definitions
In this chapter, the definitions under section 3502 shall apply, and the term—
(1) "Administrator" means the Administrator of the Office of Electronic Government established under section 3602;
(2) "Council" means the Chief Information Officers Council established under section 3603;
(3) "electronic Government" means the use by the Government of web-based Internet applications and other information technologies, combined with processes that implement these technologies, to—
(A) enhance the access to and delivery of Government information and services to the public, other agencies, and other Government entities; or
(B) bring about improvements in Government operations that may include effectiveness, efficiency, service quality, or transformation;
(4) "enterprise architecture"—
(A) means—
(i) a strategic information asset base, which defines the mission;
(ii) the information necessary to perform the mission;
(iii) the technologies necessary to perform the mission; and
(iv) the transitional processes for implementing new technologies in response to changing mission needs; and
(B) includes—
(i) a baseline architecture;
(ii) a target architecture; and
(iii) a sequencing plan;
(5) "Fund" means the E-Government Fund established under section 3604;
(6) "interoperability" means the ability of different operating and software systems, applications, and services to communicate and exchange data in an accurate, effective, and consistent manner;
(7) "integrated service delivery" means the provision of Internet-based Federal Government information or services integrated according to function or topic rather than separated according to the boundaries of agency jurisdiction; and
(8) "tribal government" means—
(A) the governing body of any Indian tribe, band, nation, or other organized group or community located in the continental United States (excluding the State of Alaska) that is recognized as eligible for the special programs and services provided by the United States to Indians because of their status as Indians, and
(B) any Alaska Native regional or village corporation established pursuant to the Alaska Native Claims Settlement Act (
(Added
Editorial Notes
References in Text
The Alaska Native Claims Settlement Act, referred to in par. (8)(B), is
Statutory Notes and Related Subsidiaries
Effective Date
"(1)
"(2)
Federal Data Center Consolidation Initiative
"(a)
"(1) The statutory authorization for the Federal Data Center Optimization Initiative under section 834 of the Carl Levin and Howard P. 'Buck' McKeon National Defense Authorization Act for Fiscal Year 2015 (
"(2) The expiration of the authorization described in paragraph (1) presents Congress with an opportunity to review the objectives of the Federal Data Center Optimization Initiative to ensure that the initiative is meeting the current needs of the Federal Government.
"(3) The initial focus of the Federal Data Center Optimization Initiative, which was to consolidate data centers and create new efficiencies, has resulted in, since 2010—
"(A) the consolidation of more than 6,000 Federal data centers; and
"(B) cost savings and avoidance of $5,800,000,000.
"(4) The need of the Federal Government for access to data and data processing systems has evolved since the date of enactment in 2014 of subtitle D of title VIII of the Carl Levin and Howard P. 'Buck' McKeon National Defense Authorization Act for Fiscal Year 2015 [
"(5) Federal agencies and employees involved in mission critical functions increasingly need reliable access to secure, reliable, and protected facilities to house mission critical data and data operations to meet the immediate needs of the people of the United States.
"(6) As of the date of enactment of this title [Dec. 22, 2023], there is a growing need for Federal agencies to use data centers and cloud applications that meet high standards for cybersecurity, resiliency, and availability."
"(a)
"(1)
"(2)
"(A) Department of Agriculture.
"(B) Department of Commerce.
"(C) Department of Defense.
"(D) Department of Education.
"(E) Department of Energy.
"(F) Department of Health and Human Services.
"(G) Department of Homeland Security.
"(H) Department of Housing and Urban Development.
"(I) Department of the Interior.
"(J) Department of Justice.
"(K) Department of Labor.
"(L) Department of State.
"(M) Department of Transportation.
"(N) Department of Treasury.
"(O) Department of Veterans Affairs.
"(P) Environmental Protection Agency.
"(Q) General Services Administration.
"(R) National Aeronautics and Space Administration.
"(S) National Science Foundation.
"(T) Nuclear Regulatory Commission.
"(U) Office of Personnel Management.
"(V) Small Business Administration.
"(W) Social Security Administration.
"(X) United States Agency for International Development.
"(3)
"(A)(i) a data center or a portion thereof that is owned, operated, or maintained by a covered agency; or
"(ii) to the extent practicable, a data center or portion thereof—
"(I) that is owned, operated, or maintained by a contractor on behalf of a covered agency on the date on which the contract between the covered agency and the contractor expires; and
"(II) with respect to which the covered agency extends the contract, or enters into a new contract, with the contractor; and
"(B) on or after the date that is 180 days after the date of enactment of the Federal Data Center Enhancement Act of 2023 [title LIII of div. E of
"(i) established; or
"(ii) substantially upgraded or expanded.
"(b)
"(1)
"(2)
"(A)
"(i) the availability of new data centers;
"(ii) the use of new data centers, including costs related to the facility, energy consumption, and related infrastructure;
"(iii) uptime percentage;
"(iv) protections against power failures, including on-site energy generation and access to multiple transmission paths;
"(v) protections against physical intrusions and natural disasters;
"(vi) information security protections required by subchapter II of
"(vii) any other requirements the Administrator determines appropriate.
"(B)
"(3)
"(4)
"(5)
"(A) notify—
"(i) the Administrator;
"(ii) [the] Committee on Homeland Security and Governmental Affairs of the Senate; and
"(iii) [the] Committee on Oversight and Accountability of the House of Representatives; and
"(B) describe in the notification with sufficient detail how the covered agency intends to comply with the minimum requirements established under paragraph (1).
"(6)
"(A) regularly assess the application portfolio of the covered agency and ensure that each at-risk legacy application is updated, replaced, or modernized, as appropriate, to take advantage of modern technologies; and
"(B) prioritize and, to the greatest extent possible, leverage commercial data center solutions, including hybrid cloud, multi-cloud, co-location, interconnection, or cloud computing (as defined in
"(7)
"(A)
"(B)
"(i) ensure covered agencies regularly, and not less frequently than biannually, update the information, data, and explanatory statements posed on the website, pursuant to guidance issued by the Administrator, relating to any new data centers and, as appropriate, each existing data center of the covered agency; and
"(ii) ensure that all information, data, and explanatory statements on the website are maintained as open Government data assets.
"(c)
"(1)
"(A) information security standards and guidelines promulgated by the Director of the National Institute of Standards and Technology;
"(B) applicable requirements and guidance issued by the Director of the Office of Management and Budget pursuant to
"(C) directives issued by the Secretary of Homeland Security under
"(2)
"(d)
"(e)
[Amendment by section 5302(c) of
[
E-Government Initiatives Funding
"(a) For fiscal year 2008, no funds shall be available for transfers or reimbursements to the E-Government initiatives sponsored by the Office of Management and Budget prior to 15 days following submission of a report to the Committees on Appropriations by the Director of the Office of Management and Budget and receipt of approval to transfer funds by the House and Senate Committees on Appropriations.
"(b) Hereafter, any funding request for a new or ongoing E-Government initiative by any agency or agencies managing the development of an initiative shall include in justification materials submitted to the House and Senate Committees on Appropriations the information in subsection (d).
"(c) Hereafter, any funding request by any agency or agencies participating in the development of an E-Government initiative and contributing funding for the initiative shall include in justification materials submitted to the House and Senate Committees on Appropriations—
"(1) the amount of funding contributed to each initiative by program office, bureau, or activity, as appropriate; and
"(2) the relevance of that use to that department or agency and each bureau or office within, which is contributing funds.
"(d) The report in (a) and justification materials in (b) shall include at a minimum—
"(1) a description of each initiative including but not limited to its objectives, benefits, development status, risks, cost effectiveness (including estimated net costs or savings to the government), and the estimated date of full operational capability;
"(2) the total development cost of each initiative by fiscal year including costs to date, the estimated costs to complete its development to full operational capability, and estimated annual operations and maintenance costs; and
"(3) the sources and distribution of funding by fiscal year and by agency and bureau for each initiative including agency contributions to date and estimated future contributions by agency.
"(e) No funds shall be available for obligation or expenditure for new E-Government initiatives without the explicit approval of the House and Senate Committees on Appropriations."
[Provisions similar to subsecs. (a), (d), and (e) of section 737 of
Findings and Purposes
"(a)
"(1) The use of computers and the Internet is rapidly transforming societal interactions and the relationships among citizens, private businesses, and the Government.
"(2) The Federal Government has had uneven success in applying advances in information technology to enhance governmental functions and services, achieve more efficient performance, increase access to Government information, and increase citizen participation in Government.
"(3) Most Internet-based services of the Federal Government are developed and presented separately, according to the jurisdictional boundaries of an individual department or agency, rather than being integrated cooperatively according to function or topic.
"(4) Internet-based Government services involving interagency cooperation are especially difficult to develop and promote, in part because of a lack of sufficient funding mechanisms to support such interagency cooperation.
"(5) Electronic Government has its impact through improved Government performance and outcomes within and across agencies.
"(6) Electronic Government is a critical element in the management of Government, to be implemented as part of a management framework that also addresses finance, procurement, human capital, and other challenges to improve the performance of Government.
"(7) To take full advantage of the improved Government performance that can be achieved through the use of Internet-based technology requires strong leadership, better organization, improved interagency collaboration, and more focused oversight of agency compliance with statutes related to information resource management.
"(b)
"(1) To provide effective leadership of Federal Government efforts to develop and promote electronic Government services and processes by establishing an Administrator of a new Office of Electronic Government within the Office of Management and Budget.
"(2) To promote use of the Internet and other information technologies to provide increased opportunities for citizen participation in Government.
"(3) To promote interagency collaboration in providing electronic Government services, where this collaboration would improve the service to citizens by integrating related functions, and in the use of internal electronic Government processes, where this collaboration would improve the efficiency and effectiveness of the processes.
"(4) To improve the ability of the Government to achieve agency missions and program performance goals.
"(5) To promote the use of the Internet and emerging technologies within and across Government agencies to provide citizen-centric Government information and services.
"(6) To reduce costs and burdens for businesses and other Government entities.
"(7) To promote better informed decisionmaking by policy makers.
"(8) To promote access to high quality Government information and services across multiple channels.
"(9) To make the Federal Government more transparent and accountable.
"(10) To transform agency operations by utilizing, where appropriate, best practices from public and private sector organizations.
"(11) To provide enhanced access to Government information and services in a manner consistent with laws regarding protection of personal privacy, national security, records retention, access for persons with disabilities, and other relevant laws."
Executive Documents
Building a 21st Century Digital Government
Memorandum of President of the United States, May 23, 2012, 77 F.R. 32391, provided:
Memorandum for the Heads of Executive Departments and Agencies
The innovative use of technology is fundamentally transforming how the American people do business and live their daily lives. Exponential increases in computing power, the rise of high-speed networks, and the growing mobile revolution have put the Internet at our fingertips, encouraging innovations that are giving rise to new industries and reshaping existing ones.
Innovators in the private sector and the Federal Government have used these technological advances to fundamentally change how they serve their customers. However, it is time for the Federal Government to do more. For far too long, the American people have been forced to navigate a labyrinth of information across different Government programs in order to find the services they need. In addition, at a time when Americans increasingly pay bills and buy tickets on mobile devices, Government services often are not optimized for smartphones or tablets, assuming the services are even available online.
On April 27, 2011, I issued Executive Order 13571 (Streamlining Service Delivery and Improving Customer Service), requiring executive departments and agencies (agencies) to, among other things, identify ways to use innovative technologies to streamline their delivery of services to lower costs, decrease service delivery times, and improve the customer experience. As the next step toward modernizing the way Government works, I charged my Federal Chief Information Officer (CIO) with developing a comprehensive Government-wide strategy to build a 21st century digital Government that delivers better digital services to the American people.
Today, the CIO is releasing that strategy, entitled "Digital Government: Building a 21st Century Platform to Better Serve the American People" (Strategy), which provides agencies with a 12-month roadmap that focuses on several priority areas. The Strategy will enable more efficient and coordinated digital service delivery by requiring agencies to establish specific, measurable goals for delivering better digital services; encouraging agencies to deliver information in new ways that fully utilize the power and potential of mobile and web-based technologies; ensuring the safe and secure delivery and use of digital services to protect information and privacy; requiring agencies to establish central online resources for outside developers and to adopt new standards for making applicable Government information open and machine-readable by default; aggregating agencies' online resource pages for developers in a centralized catalogue on www.Data.gov; and requiring agencies to use web performance analytics and customer satisfaction measurement tools on all ".gov" websites.
Ultimately, this Strategy will ensure that agencies use emerging technologies to serve the public as effectively as possible. As a Government, and as a trusted provider of services, we must never forget who our customers are—the American people.
In order to ensure that agencies make the best use of emerging technologies in serving the public, I hereby direct each agency to take the following actions:
(1) implement the requirements of the Strategy within 12 months of the date of this memorandum and comply with the timeframes for specific actions specified therein; and
(2) within 90 days of the date of this memorandum, create a page on its website, located at www.[agency].gov/digitalstrategy, to publicly report progress in meeting the requirements of the Strategy in a machine-readable format.
This memorandum shall be implemented consistent with applicable law and subject to the availability of appropriations, and with appropriate protections for privacy and civil liberties.
The Director of the Office of Management and Budget is authorized and directed to publish this memorandum in the Federal Register.
Barack Obama.
§3602. Office of Electronic Government
(a) There is established in the Office of Management and Budget an Office of Electronic Government.
(b) There shall be at the head of the Office an Administrator who shall be appointed by the President.
(c) The Administrator shall assist the Director in carrying out—
(1) all functions under this chapter;
(2) all of the functions assigned to the Director under title II of the E-Government Act of 2002; and
(3) other electronic government initiatives, consistent with other statutes.
(d) The Administrator shall assist the Director and the Deputy Director for Management and work with the Administrator of the Office of Information and Regulatory Affairs in setting strategic direction for implementing electronic Government, under relevant statutes, including—
(1)
(2) subtitle III of
(3)
(4) the Government Paperwork Elimination Act (
(5) the Federal Information Security Management Act of 2002.
(e) The Administrator shall work with the Administrator of the Office of Information and Regulatory Affairs and with other offices within the Office of Management and Budget to oversee implementation of electronic Government under this chapter,
(1) capital planning and investment control for information technology;
(2) the development of enterprise architectures;
(3) information security;
(4) privacy;
(5) access to, dissemination of, and preservation of Government information;
(6) accessibility of information technology for persons with disabilities; and
(7) other areas of electronic Government.
(f) Subject to requirements of this chapter, the Administrator shall assist the Director by performing electronic Government functions as follows:
(1) Advise the Director on the resources required to develop and effectively administer electronic Government initiatives.
(2) Recommend to the Director changes relating to Governmentwide strategies and priorities for electronic Government.
(3) Provide overall leadership and direction to the executive branch on electronic Government.
(4) Promote innovative uses of information technology by agencies, particularly initiatives involving multiagency collaboration, through support of pilot projects, research, experimentation, and the use of innovative technologies.
(5) Oversee the distribution of funds from, and ensure appropriate administration and coordination of, the E-Government Fund established under section 3604.
(6) Coordinate with the Administrator of General Services regarding programs undertaken by the General Services Administration to promote electronic government and the efficient use of information technologies by agencies.
(7) Lead the activities of the Chief Information Officers Council established under section 3603 on behalf of the Deputy Director for Management, who shall chair the council.
(8) Assist the Director in establishing policies which shall set the framework for information technology standards for the Federal Government developed by the National Institute of Standards and Technology and promulgated by the Secretary of Commerce under
(A) Standards and guidelines for interconnectivity and interoperability as described under section 3504.
(B) Consistent with the process under section 207(d) of the E-Government Act of 2002, standards and guidelines for categorizing Federal Government electronic information to enable efficient use of technologies, such as through the use of extensible markup language.
(C) Standards and guidelines for Federal Government computer system efficiency and security.
(9) Sponsor ongoing dialogue that—
(A) shall be conducted among Federal, State, local, and tribal government leaders on electronic Government in the executive, legislative, and judicial branches, as well as leaders in the private and nonprofit sectors, to encourage collaboration and enhance understanding of best practices and innovative approaches in acquiring, using, and managing information resources;
(B) is intended to improve the performance of governments in collaborating on the use of information technology to improve the delivery of Government information and services; and
(C) may include—
(i) development of innovative models—
(I) for electronic Government management and Government information technology contracts; and
(II) that may be developed through focused discussions or using separately sponsored research;
(ii) identification of opportunities for public-private collaboration in using Internet-based technology to increase the efficiency of Government-to-business transactions;
(iii) identification of mechanisms for providing incentives to program managers and other Government employees to develop and implement innovative uses of information technologies; and
(iv) identification of opportunities for public, private, and intergovernmental collaboration in addressing the disparities in access to the Internet and information technology.
(10) Sponsor activities to engage the general public in the development and implementation of policies and programs, particularly activities aimed at fulfilling the goal of using the most effective citizen-centered strategies and those activities which engage multiple agencies providing similar or related information and services.
(11) Oversee the work of the General Services Administration and other agencies in developing the integrated Internet-based system under section 204 of the E-Government Act of 2002.
(12) Coordinate with the Administrator for Federal Procurement Policy to ensure effective implementation of electronic procurement initiatives.
(13) Assist Federal agencies, including the General Services Administration, the Department of Justice, and the United States Access Board in—
(A) implementing accessibility standards under section 508 of the Rehabilitation Act of 1973 (
(B) ensuring compliance with those standards through the budget review process and other means.
(14) Oversee the development of enterprise architectures within and across agencies.
(15) Assist the Director and the Deputy Director for Management in overseeing agency efforts to ensure that electronic Government activities incorporate adequate, risk-based, and cost-effective security compatible with business processes.
(16) Administer the Office of Electronic Government established under this section.
(17) Assist the Director in preparing the E-Government report established under section 3606.
(g) The Director shall ensure that the Office of Management and Budget, including the Office of Electronic Government, the Office of Information and Regulatory Affairs, and other relevant offices, have adequate staff and resources to properly fulfill all functions under the E-Government Act of 2002.
(Added
Editorial Notes
References in Text
The E-Government Act of 2002, referred to in text, is
The Government Paperwork Elimination Act, referred to in subsec. (d)(4), is title XVII of
The Federal Information Security Management Act of 2002, referred to in subsec. (d)(5), probably means title III of
Statutory Notes and Related Subsidiaries
Effective Date
Section effective 120 days after Dec. 17, 2002, see section 402(a) of
§3603. Chief Information Officers Council
(a) There is established in the executive branch a Chief Information Officers Council.
(b) The members of the Council shall be as follows:
(1) The Deputy Director for Management of the Office of Management and Budget, who shall act as chairperson of the Council.
(2) The Administrator of the Office of Electronic Government.
(3) The Administrator of the Office of Information and Regulatory Affairs.
(4) The chief information officer of each agency described under
(5) The chief information officer of the Central Intelligence Agency.
(6) The chief information officer of the Department of the Army, the Department of the Navy, and the Department of the Air Force, if chief information officers have been designated for such departments under section 3506(a)(2)(B).
(7) Any other officer or employee of the United States designated by the chairperson.
(c)(1) The Administrator of the Office of Electronic Government shall lead the activities of the Council on behalf of the Deputy Director for Management.
(2)(A) The Vice Chairman of the Council shall be selected by the Council from among its members.
(B) The Vice Chairman shall serve a 1-year term, and may serve multiple terms.
(3) The Administrator of General Services shall provide administrative and other support for the Council.
(d) The Council is designated the principal interagency forum for improving agency practices related to the design, acquisition, development, modernization, use, operation, sharing, and performance of Federal Government information resources.
(e) In performing its duties, the Council shall consult regularly with representatives of State, local, and tribal governments.
(f) The Council shall perform functions that include the following:
(1) Develop recommendations for the Director on Government information resources management policies and requirements.
(2) Share experiences, ideas, best practices, and innovative approaches related to information resources management.
(3) Assist the Administrator in the identification, development, and coordination of multiagency projects and other innovative initiatives to improve Government performance through the use of information technology.
(4) Promote the development and use of common performance measures for agency information resources management under this chapter and title II of the E-Government Act of 2002.
(5) Work as appropriate with the National Institute of Standards and Technology and the Administrator to develop recommendations on information technology standards developed under section 20 of the National Institute of Standards and Technology Act (
(A) Standards and guidelines for interconnectivity and interoperability as described under section 3504.
(B) Consistent with the process under section 207(d) of the E-Government Act of 2002, standards and guidelines for categorizing Federal Government electronic information to enable efficient use of technologies, such as through the use of extensible markup language.
(C) Standards and guidelines for Federal Government computer system efficiency and security.
(6) Work with the Office of Personnel Management to assess and address the hiring, training, classification, and professional development needs of the Government related to information resources management.
(7) Work with the Archivist of the United States to assess how the Federal Records Act can be addressed effectively by Federal information resources management activities.
(Added
Editorial Notes
References in Text
The E-Government Act of 2002, referred to in subsec. (f)(4), is
No act with the name the "Federal Records Act", referred to in subsec. (f)(7), has been enacted. The Federal Records Act of 1950, which has a similar name, was title V of act June 30, 1949, ch. 288, as added Sept. 5, 1950, ch. 849, §6(d),
Statutory Notes and Related Subsidiaries
Effective Date
Section effective 120 days after Dec. 17, 2002, see section 402(a) of
§3604. E-Government Fund
(a)(1) There is established in the Treasury of the United States the E-Government Fund.
(2) The Fund shall be administered by the Administrator of the General Services Administration to support projects approved by the Director, assisted by the Administrator of the Office of Electronic Government, that enable the Federal Government to expand its ability, through the development and implementation of innovative uses of the Internet or other electronic methods, to conduct activities electronically.
(3) Projects under this subsection may include efforts to—
(A) make Federal Government information and services more readily available to members of the public (including individuals, businesses, grantees, and State and local governments);
(B) make it easier for the public to apply for benefits, receive services, pursue business opportunities, submit information, and otherwise conduct transactions with the Federal Government; and
(C) enable Federal agencies to take advantage of information technology in sharing information and conducting transactions with each other and with State and local governments.
(b)(1) The Administrator shall—
(A) establish procedures for accepting and reviewing proposals for funding;
(B) consult with interagency councils, including the Chief Information Officers Council, the Chief Financial Officers Council, and other interagency management councils, in establishing procedures and reviewing proposals; and
(C) assist the Director in coordinating resources that agencies receive from the Fund with other resources available to agencies for similar purposes.
(2) When reviewing proposals and managing the Fund, the Administrator shall observe and incorporate the following procedures:
(A) A project requiring substantial involvement or funding from an agency shall be approved by a senior official with agencywide authority on behalf of the head of the agency, who shall report directly to the head of the agency.
(B) Projects shall adhere to fundamental capital planning and investment control processes.
(C) Agencies shall identify in their proposals resource commitments from the agencies involved and how these resources would be coordinated with support from the Fund, and include plans for potential continuation of projects after all funds made available from the Fund are expended.
(D) After considering the recommendations of the interagency councils, the Director, assisted by the Administrator, shall have final authority to determine which of the candidate projects shall be funded from the Fund.
(E) Agencies shall assess the results of funded projects.
(c) In determining which proposals to recommend for funding, the Administrator—
(1) shall consider criteria that include whether a proposal—
(A) identifies the group to be served, including citizens, businesses, the Federal Government, or other governments;
(B) indicates what service or information the project will provide that meets needs of groups identified under subparagraph (A);
(C) ensures proper security and protects privacy;
(D) is interagency in scope, including projects implemented by a primary or single agency that—
(i) could confer benefits on multiple agencies; and
(ii) have the support of other agencies; and
(E) has performance objectives that tie to agency missions and strategic goals, and interim results that relate to the objectives; and
(2) may also rank proposals based on criteria that include whether a proposal—
(A) has Governmentwide application or implications;
(B) has demonstrated support by the public to be served;
(C) integrates Federal with State, local, or tribal approaches to service delivery;
(D) identifies resource commitments from nongovernmental sectors;
(E) identifies resource commitments from the agencies involved;
(F) uses web-based technologies to achieve objectives;
(G) identifies records management and records access strategies;
(H) supports more effective citizen participation in and interaction with agency activities that further progress toward a more citizen-centered Government;
(I) directly delivers Government information and services to the public or provides the infrastructure for delivery;
(J) supports integrated service delivery;
(K) describes how business processes across agencies will reflect appropriate transformation simultaneous to technology implementation; and
(L) is new or innovative and does not supplant existing funding streams within agencies.
(d) The Fund may be used to fund the integrated Internet-based system under section 204 of the E-Government Act of 2002.
(e) None of the funds provided from the Fund may be transferred to any agency until 15 days after the Administrator of the General Services Administration has submitted to the Committees on Appropriations of the Senate and the House of Representatives, the Committee on Governmental Affairs of the Senate, the Committee on Government Reform of the House of Representatives, and the appropriate authorizing committees of the Senate and the House of Representatives, a notification and description of how the funds are to be allocated and how the expenditure will further the purposes of this chapter.
(f)(1) The Director shall report annually to Congress on the operation of the Fund, through the report established under section 3606.
(2) The report under paragraph (1) shall describe—
(A) all projects which the Director has approved for funding from the Fund; and
(B) the results that have been achieved to date for these funded projects.
(g)(1) There are authorized to be appropriated to the Fund—
(A) $45,000,000 for fiscal year 2003;
(B) $50,000,000 for fiscal year 2004;
(C) $100,000,000 for fiscal year 2005;
(D) $150,000,000 for fiscal year 2006; and
(E) such sums as are necessary for fiscal year 2007.
(2) Funds appropriated under this subsection shall remain available until expended.
(Added
Editorial Notes
References in Text
Section 204 of the E-Government Act of 2002, referred to in subsec. (d), is section 204 of
Statutory Notes and Related Subsidiaries
Change of Name
Committee on Government Reform of House of Representatives changed to Committee on Oversight and Government Reform of House of Representatives by House Resolution No. 6, One Hundred Tenth Congress, Jan. 5, 2007. Committee on Oversight and Government Reform of House of Representatives changed to Committee on Oversight and Reform of House of Representatives by House Resolution No. 6, One Hundred Sixteenth Congress, Jan. 9, 2019. Committee on Oversight and Reform of House of Representatives changed to Committee on Oversight and Accountability of House of Representatives by House Resolution No. 5, One Hundred Eighteenth Congress, Jan. 9, 2023.
Committee on Governmental Affairs of Senate changed to Committee on Homeland Security and Governmental Affairs of Senate, effective Jan. 4, 2005, by Senate Resolution No. 445, One Hundred Eighth Congress, Oct. 9, 2004.
Effective Date
Section effective 120 days after Dec. 17, 2002, see section 402(a) of
§3605. Program to encourage innovative solutions to enhance electronic Government services and processes
(a)
(b)
(c)
(2) The technical assistance team shall—
(A) assess the feasibility, scientific and technical merits, and estimated cost of each proposal; and
(B) submit each proposal, and the assessment of the proposal, to the Administrator.
(3) The technical assistance team shall not consider or evaluate proposals submitted in response to a solicitation for offers for a pending procurement or for a specific agency requirement.
(4) After receiving proposals and assessments from the technical assistance team, the Administrator shall consider recommending appropriate proposals for funding under the E-Government Fund established under section 3604 or, if appropriate, forward the proposal and the assessment of it to the executive agency whose mission most coincides with the subject matter of the proposal.
(Added
Statutory Notes and Related Subsidiaries
Effective Date
Section effective 120 days after Dec. 17, 2002, see section 402(a) of
§3606. E-Government report
(a) Not later than March 1 of each year, the Director shall submit an E-Government status report to the Committee on Governmental Affairs of the Senate and the Committee on Government Reform of the House of Representatives.
(b) The report under subsection (a) shall contain—
(1) a summary of the information reported by agencies under section 202(f) 1 of the E-Government Act of 2002;
(2) the information required to be reported by section 3604(f); and
(3) a description of compliance by the Federal Government with other goals and provisions of the E-Government Act of 2002.
(Added
Editorial Notes
References in Text
The E-Government Act of 2002, referred to in subsec. (b)(3), is
Statutory Notes and Related Subsidiaries
Change of Name
Committee on Government Reform of House of Representatives changed to Committee on Oversight and Government Reform of House of Representatives by House Resolution No. 6, One Hundred Tenth Congress, Jan. 5, 2007. Committee on Oversight and Government Reform of House of Representatives changed to Committee on Oversight and Reform of House of Representatives by House Resolution No. 6, One Hundred Sixteenth Congress, Jan. 9, 2019. Committee on Oversight and Reform of House of Representatives changed to Committee on Oversight and Accountability of House of Representatives by House Resolution No. 5, One Hundred Eighteenth Congress, Jan. 9, 2023.
Committee on Governmental Affairs of Senate changed to Committee on Homeland Security and Governmental Affairs of Senate, effective Jan. 4, 2005, by Senate Resolution No. 445, One Hundred Eighth Congress, Oct. 9, 2004.
Effective Date
Section effective 120 days after Dec. 17, 2002, see section 402(a) of
1 So in original. Probably should be "section 202(g)".
§3607. Definitions
(a)
(b)
(1)
(2)
(3)
(4)
(5)
(6)
(7)
(A) completed a FedRAMP authorization process, as determined by the Administrator; or
(B) received a FedRAMP provisional authorization to operate, as determined by the FedRAMP Board.
(8)
(9)
(10)
(11)
(Added
Repeal of Section
For repeal of section by section 5921(d)(1) of
Statutory Notes and Related Subsidiaries
Change of Name
Committee on Oversight and Reform of House of Representatives changed to Committee on Oversight and Accountability of House of Representatives by House Resolution No. 5, One Hundred Eighteenth Congress, Jan. 9, 2023.
Effective Date of Repeal
Construction
1 So in original. Probably should be "terms".
§3608. Federal risk and authorization management program
There is established within the General Services Administration the Federal Risk and Authorization Management Program. The Administrator, subject to section 3614, shall establish a Government-wide program that provides a standardized, reusable approach to security assessment and authorization for cloud computing products and services that process unclassified information used by agencies.
(Added
Repeal of Section
For repeal of section by section 5921(d)(1) of
Statutory Notes and Related Subsidiaries
Effective Date of Repeal
Construction
For rule of construction regarding section 5921 of
§3609. Roles and responsibilities of the General Services Administration
(a)
(1) in consultation with the Secretary, develop, coordinate, and implement a process to support agency review, reuse, and standardization, where appropriate, of security assessments of cloud computing products and services, including, as appropriate, oversight of continuous monitoring of cloud computing products and services, pursuant to guidance issued by the Director pursuant to section 3614;
(2) establish processes and identify criteria consistent with guidance issued by the Director under section 3614 to make a cloud computing product or service eligible for a FedRAMP authorization and validate whether a cloud computing product or service has a FedRAMP authorization;
(3) develop and publish templates, best practices, technical assistance, and other materials to support the authorization of cloud computing products and services and increase the speed, effectiveness, and transparency of the authorization process, consistent with standards and guidelines established by the Director of the National Institute of Standards and Technology and relevant statutes;
(4) establish and update guidance on the boundaries of FedRAMP authorization packages to enhance the security and protection of Federal information and promote transparency for agencies and users as to which services are included in the scope of a FedRAMP authorization;
(5) grant FedRAMP authorizations to cloud computing products and services consistent with the guidance and direction of the FedRAMP Board;
(6) establish and maintain a public comment process for proposed guidance and other FedRAMP directives that may have a direct impact on cloud service providers and agencies before the issuance of such guidance or other FedRAMP directives;
(7) coordinate with the FedRAMP Board, the Director of the Cybersecurity and Infrastructure Security Agency, and other entities identified by the Administrator, with the concurrence of the Director and the Secretary, to establish and regularly update a framework for continuous monitoring under section 3553;
(8) provide a secure mechanism for storing and sharing necessary data, including FedRAMP authorization packages, to enable better reuse of such packages across agencies, including making available any information and data necessary for agencies to fulfill the requirements of section 3613;
(9) provide regular updates to applicant cloud service providers on the status of any cloud computing product or service during an assessment process;
(10) regularly review, in consultation with the FedRAMP Board—
(A) the costs associated with the independent assessment services described in section 3611; and
(B) the information relating to foreign interests submitted pursuant to section 3612;
(11) in coordination with the Director, the Secretary, and other stakeholders, as appropriate, determine the sufficiency of underlying requirements to identify and assess the provenance of the software in cloud services and products;
(12) support the Federal Secure Cloud Advisory Committee established pursuant to section 3616; and
(13) take such other actions as the Administrator may determine necessary to carry out FedRAMP.
(b)
(1)
(2)
(c)
(1)
(2)
(d)
(Added
Repeal of Section
For repeal of section by section 5921(d)(1) of
Editorial Notes
References in Text
The date of enactment of this section, referred to in subsec. (c)(2), is the date of enactment of
Statutory Notes and Related Subsidiaries
Effective Date of Repeal
Construction
For rule of construction regarding section 5921 of
§3610. FedRAMP Board
(a)
(b)
(1) The Department of Defense.
(2) The Department of Homeland Security.
(3) The General Services Administration.
(4) Such other agencies as determined by the Director, in consultation with the Administrator.
(c)
(1) cloud computing;
(2) cybersecurity;
(3) privacy;
(4) risk management; and
(5) other competencies identified by the Director to support the secure authorization of cloud services and products.
(d)
(1) in consultation with the Administrator, serve as a resource for best practices to accelerate the process for obtaining a FedRAMP authorization;
(2) establish and regularly update requirements and guidelines for security authorizations of cloud computing products and services, consistent with standards and guidelines established by the Director of the National Institute of Standards and Technology, to be used in the determination of FedRAMP authorizations;
(3) monitor and oversee, to the greatest extent practicable, the processes and procedures by which agencies determine and validate requirements for a FedRAMP authorization, including periodic review of the agency determinations described in section 3613(b);
(4) ensure consistency and transparency between agencies and cloud service providers in a manner that minimizes confusion and engenders trust; and
(5) perform such other roles and responsibilities as the Director may assign, with concurrence from the Administrator.
(e)
(Added
Repeal of Section
For repeal of section by section 5921(d)(1) of
Statutory Notes and Related Subsidiaries
Effective Date of Repeal
Construction
For rule of construction regarding section 5921 of
§3611. Independent assessment
The Administrator may determine whether FedRAMP may use an independent assessment service to analyze, validate, and attest to the quality and compliance of security assessment materials provided by cloud service providers during the course of a determination of whether to use a cloud computing product or service.
(Added
Repeal of Section
For repeal of section by section 5921(d)(1) of
Statutory Notes and Related Subsidiaries
Effective Date of Repeal
Construction
For rule of construction regarding section 5921 of
§3612. Declaration of foreign interests
(a)
(b)
(c)
(Added
Repeal of Section
For repeal of section by section 5921(d)(1) of
Statutory Notes and Related Subsidiaries
Effective Date of Repeal
Construction
For rule of construction regarding section 5921 of
§3613. Roles and responsibilities of agencies
(a)
(1) promote the use of cloud computing products and services that meet FedRAMP security requirements and other risk-based performance requirements as determined by the Director, in consultation with the Secretary;
(2) confirm whether there is a FedRAMP authorization in the secure mechanism provided under section 3609(a)(8) before beginning the process of granting a FedRAMP authorization for a cloud computing product or service;
(3) to the extent practicable, for any cloud computing product or service the agency seeks to authorize that has received a FedRAMP authorization, use the existing assessments of security controls and materials within any FedRAMP authorization package for that cloud computing product or service; and
(4) provide to the Director data and information required by the Director pursuant to section 3614 to determine how agencies are meeting metrics established by the Administrator.
(b)
(c)
(d)
(e)
(1)
(2)
(A) the responsibility of any agency to ensure compliance with subchapter II of
(B) the authority of the head of any agency to make a determination that there is a demonstrable need for additional security requirements beyond the security requirements included in a FedRAMP authorization for a particular control implementation.
(Added
Repeal of Section
For repeal of section by section 5921(d)(1) of
Statutory Notes and Related Subsidiaries
Effective Date of Repeal
Construction
For rule of construction regarding section 5921 of
§3614. Roles and responsibilities of the Office of Management and Budget
The Director shall—
(1) in consultation with the Administrator and the Secretary, issue guidance that—
(A) specifies the categories or characteristics of cloud computing products and services that are within the scope of FedRAMP;
(B) includes requirements for agencies to obtain a FedRAMP authorization when operating a cloud computing product or service described in subparagraph (A) as a Federal information system; and
(C) encompasses, to the greatest extent practicable, all necessary and appropriate cloud computing products and services;
(2) issue guidance describing additional responsibilities of FedRAMP and the FedRAMP Board to accelerate the adoption of secure cloud computing products and services by the Federal Government;
(3) in consultation with the Administrator, establish a process to periodically review FedRAMP authorization packages to support the secure authorization and reuse of secure cloud products and services;
(4) oversee the effectiveness of FedRAMP and the FedRAMP Board, including the compliance by the FedRAMP Board with the duties described in section 3610(d); and
(5) to the greatest extent practicable, encourage and promote consistency of the assessment, authorization, adoption, and use of secure cloud computing products and services within and across agencies.
(Added
Repeal of Section
For repeal of section by section 5921(d)(1) of
Statutory Notes and Related Subsidiaries
Effective Date of Repeal
Construction
For rule of construction regarding section 5921 of
§3615. Reports to Congress; GAO report
(a)
(1) During the preceding year, the status, efficiency, and effectiveness of the General Services Administration under section 3609 and agencies under section 3613 and in supporting the speed, effectiveness, sharing, reuse, and security of authorizations to operate for secure cloud computing products and services.
(2) Progress towards meeting the metrics required under section 3609(d).
(3) Data on FedRAMP authorizations.
(4) The average length of time to issue FedRAMP authorizations.
(5) The number of FedRAMP authorizations submitted, issued, and denied for the preceding year.
(6) A review of progress made during the preceding year in advancing automation techniques to securely automate FedRAMP processes and to accelerate reporting under this section.
(7) The number and characteristics of authorized cloud computing products and services in use at each agency consistent with guidance provided by the Director under section 3614.
(8) A review of FedRAMP measures to ensure the security of data stored or processed by cloud service providers, which may include—
(A) geolocation restrictions for provided products or services;
(B) disclosures of foreign elements of supply chains of acquired products or services;
(C) continued disclosures of ownership of cloud service providers by foreign entities; and
(D) encryption for data processed, stored, or transmitted by cloud service providers.
(b)
(1) The costs incurred by agencies and cloud service providers relating to the issuance of FedRAMP authorizations.
(2) The extent to which agencies have processes in place to continuously monitor the implementation of cloud computing products and services operating as Federal information systems.
(3) How often and for which categories of products and services agencies use FedRAMP authorizations.
(4) The unique costs and potential burdens incurred by cloud computing companies that are small business concerns (as defined in section 3(a) of the Small Business Act (
(Added
Repeal of Section
For repeal of section by section 5921(d)(1) of
Editorial Notes
References in Text
The date of enactment of this section, referred to in text, is the date of enactment of
Statutory Notes and Related Subsidiaries
Effective Date of Repeal
Construction
For rule of construction regarding section 5921 of
§3616. Federal Secure Cloud Advisory Committee
(a)
(1)
(2)
(A) To examine the operations of FedRAMP and determine ways that authorization processes can continuously be improved, including the following:
(i) Measures to increase agency reuse of FedRAMP authorizations.
(ii) Proposed actions that can be adopted to reduce the burden, confusion, and cost associated with FedRAMP authorizations for cloud service providers.
(iii) Measures to increase the number of FedRAMP authorizations for cloud computing products and services offered by small businesses concerns (as defined by section 3(a) of the Small Business Act (
(iv) Proposed actions that can be adopted to reduce the burden and cost of FedRAMP authorizations for agencies.
(B) Collect information and feedback on agency compliance with and implementation of FedRAMP requirements.
(C) Serve as a forum that facilitates communication and collaboration among the FedRAMP stakeholder community.
(3)
(b)
(1)
(A) The Administrator or the Administrator's designee, who shall be the Chair of the Committee.
(B) At least 1 representative each from the Cybersecurity and Infrastructure Security Agency and the National Institute of Standards and Technology.
(C) At least 2 officials who serve as the Chief Information Security Officer within an agency, who shall be required to maintain such a position throughout the duration of their service on the Committee.
(D) At least 1 official serving as Chief Procurement Officer (or equivalent) in an agency, who shall be required to maintain such a position throughout the duration of their service on the Committee.
(E) At least 1 individual representing an independent assessment service.
(F) At least 5 representatives from unique businesses that primarily provide cloud computing services or products, including at least 2 representatives from a small business concern (as defined by section 3(a) of the Small Business Act (
(G) At least 2 other representatives of the Federal Government as the Administrator determines necessary to provide sufficient balance, insights, or expertise to the Committee.
(2)
(3)
(A)
(B)
(c)
(1)
(2)
(3)
(d)
(1)
(2)
(e)
(f)
(g)
(h)
(1)
(2)
(Added
Repeal of Section
For repeal of section by section 5921(d)(1) of
Editorial Notes
References in Text
The date of enactment of this section, referred to in subsecs. (b)(2), (c)(2), and (h)(2), is the date of enactment of
Section 14 of the Federal Advisory Committee Act, referred to in subsec. (e), is section 14 of
Statutory Notes and Related Subsidiaries
Effective Date of Repeal
Construction
For rule of construction regarding section 5921 of