FedRAMP Authorization Act passes House for the third time in a year
A bill to codify and fund the program that authorizes and continuously monitors cloud services across government became the first to pass the House in 2021 on Tuesday.
Rep. Gerry Connolly, D-Va., once again put forward The Federal Risk and Authorization Management Program (FedRAMP) Authorization Act, which would also require agencies to reuse authorized cloud services when practical. The bill passed by voice vote.
The legislation has never been taken up by the Senate despite passing the House twice in 2020, first by voice vote in February and again as an amendment to the National Defense Authorization Act of 2021 in July, after which it was spiked in the conference committee on that bill. Tuesday’s passage gives Connolly and his cosponsors another two years to drum up Senate support for the measure.
“For nearly four years, I have worked with the Office of Management and Budget, [General Services Administration], industry stakeholders, and my friends on the other side of the aisle to ensure that the bill makes needed improvements to the FedRAMP program, and also gives the program flexibility to grow and adopt to myriad future changes in cloud technologies,” Connolly said after the bill’s passage. “This bill is essential and will demonstrate a universal commitment to FedRAMP and the accelerated adoption of secure cloud computing technologies, a vital component of the broader federal IT modernization effort.”
FedRAMP has authorized 211 cloud products to date with more than 240 cloud service providers participating and a 50% uptick in agency reuse in fiscal 2020.
And yet the Senate Homeland Security Committee, previously chaired by Sen. Ron Johnson, R-Wis., never held hearings on Connolly’s bill, which was cosponsored by Republican Reps. James Comer of Kentucky, and Jody Hice of Georgia.
The bill would further require GSA to automate FedRAMP assessments and continuous monitoring to speed up the process for government and industry, establish a Federal Secure Cloud Advisory Committee to coordinate acquisition, and put $20 million annually toward the program.