FedRAMP authorization bill passes House
- By Justin Katz
- Jan 05, 2021
The House, with new members from the 2020 elections freshly sworn-in, passed bipartisan legislation aimed at standardizing the processes federal agencies use to on-ramp cloud computing technologies.
The Federal Risk and Authorization Management Program (FedRAMP) Authorization Act of 2021 passed on a voice vote on Jan. 5.
FedRAMP, established in 2011, provides a standard approach for agency security assessments and authorizations to use cloud computing services. Its goal is to make onboarding these technologies quicker by allowing agencies to leverage the same technologies as one another without conducting multiple evaluations.
"Unfortunately, the current state of cloud adoption in the federal government involves various agency-specific processes, making it complicated for agencies to issue an authorization to operate for cloud services, even when a cloud service provider has already been authorized for use at other agencies," said Rep. Gerald Connolly (D-Va.), the bill's chief author.
In addition to codifying the existing program, the bill would authorize $20 million for the General Services Administration to increase the number of secure cloud technologies available for agency adoption.
It would reduce duplicate of security assessments by establishing a “presumption of adequacy” for cloud technologies that have received FedRAMP certification and require agencies, if possible, to reuse any existing security assessment before conducting their own.
Additionally, the FedRAMP Authorization Act would require that GSA automate its processes, contributing to more standard security assessments and increasing the efficiency for both providers and agencies.
The bill would also establish a Federal Secure Cloud Advisory Committee to "ensure dialogue among GSA, agency cybersecurity and procurement officials, and industry for effective and ongoing coordination in acquisition and adoption of cloud products by the federal government," according to Connolly.
The Federal Risk and Authorization Management Program Authorization Act of 2021 is co-sponsored by Reps. James Comer (R-Ky.) and Jody Hice (R-Ga.).
This article was first posted to FCW, a sibling site to GCN.
Justin Katz covers cybersecurity for FCW. Previously he covered the Navy and Marine Corps for Inside Defense, focusing on weapons, vehicle acquisition and congressional oversight of the Pentagon. Prior to reporting for Inside Defense, Katz covered community news in the Baltimore and Washington D.C. areas. Connect with him on Twitter at @JustinSKatz.