117 S3408 IS: Federal Cloud Risk Management Improvements Act
U.S. Senate
2021-12-15
text/xml
EN
Pursuant to Title 17 Section 105 of the United States Code, this file is not subject to copyright protection and is in the public domain.
1.This Act may be cited as the Federal Cloud Risk Management Improvements Act
.2.Reporting regarding security of cloud computing products and services(a)Chapter 36 of title 44, United States Code, is amended by adding at the end the following:3607.Reporting regarding security of cloud computing products and services(a)In this section: (1)The term agency has the meaning given the term in section 3502.(2)The term cloud computing has the meaning given the term in Special Publication 800–145 of the National Institute of Standards and Technology, or any successor document.(3)The term cloud service provider means an entity offering cloud computing products or services to agencies. (b)Not later than 1 year after the date of enactment of this section, and annually thereafter, the Administrator of General Services shall submit to the Committee on Homeland Security and Governmental Affairs of the Senate and the Committee on Oversight and Reform of the House of Representatives a report that includes a review of measures taken under the Federal Risk and Authorization Management Program, or any successor thereto, to ensure the security of data stored or processed by cloud service providers, which may include—(1)geolocation restrictions for provided products or services;(2)disclosures of foreign elements of supply chains of acquired products or services;(3)regular disclosures of ownership of cloud service providers by foreign entities; and(4)encryption requirements for data processed, stored, or transmitted by cloud service providers..(b)The table of sections for chapter 36 of title 44, United States Code, is amended by adding at the end the following:3607. Reporting regarding security of cloud computing products and services..