44 U.S.C. § 3614

1. (1)in consultation with the Administrator and the Secretary, issue guidance that—
   1. (A)specifies the categories or characteristics of cloud computing products and services that are within the scope of FedRAMP;
   2. (B)includes requirements for agencies to obtain a FedRAMP authorization when operating a cloud computing product or service described in subparagraph (A) as a Federal information system; and
   3. (C)encompasses, to the greatest extent practicable, all necessary and appropriate cloud computing products and services;
2. (2)issue guidance describing additional responsibilities of FedRAMP and the FedRAMP Board to accelerate the adoption of secure cloud computing products and services by the Federal Government;
3. (3)in consultation with the Administrator, establish a process to periodically review FedRAMP authorization packages to support the secure authorization and reuse of secure cloud products and services;
4. (4)oversee the effectiveness of FedRAMP and the FedRAMP Board, including the compliance by the FedRAMP Board with the duties described in section 3610(d); and
5. (5)to the greatest extent practicable, encourage and promote consistency of the assessment, authorization, adoption, and use of secure cloud computing products and services within and across agencies.