FedRAMP Authorization Act

5/11/2023, 3:46 PM

Federal Risk and Authorization Management Program Authorization Act of 2021 or the FedRAMP Authorization Act

This bill provides statutory authority for the Federal Risk and Authorization Management Program (FedRAMP) within the General Services Administration (GSA).

The GSA must establish a government-wide program that provides the authoritative standardized approach to security assessment and authorization for cloud computing products and services that process unclassified information used by agencies. Agencies must ensure that their cloud computing services meet GSA requirements.

The bill establishes the Joint Authorization Board to conduct security assessments of cloud computing services and issue provisional authorizations to operate to cloud service providers that meet FedRAMP security guidelines.

The GSA shall (1) publish a report that includes an assessment of the cost incurred by agencies and cloud service providers related to the issuance of FedRAMP authorizations and provisional authorizations, (2) determine the requirements for certification of independent assessment organizations, and (3) establish the Federal Secure Cloud Advisory Committee.

The FedRAMP Authorization Act, also known as Bill 117 hr 21, is a piece of legislation introduced in the US Congress. The purpose of this bill is to streamline the process for federal agencies to authorize cloud service providers for use in government operations.

The bill aims to improve the Federal Risk and Authorization Management Program (FedRAMP), which is responsible for ensuring that cloud service providers meet the necessary security standards to be used by federal agencies. By streamlining the authorization process, the bill seeks to make it easier for agencies to adopt cloud services while still maintaining high levels of security.

Some key provisions of the FedRAMP Authorization Act include requiring the General Services Administration (GSA) to establish a process for expedited authorization of cloud service providers, as well as mandating regular updates to the FedRAMP security standards to keep pace with evolving technology and threats. Overall, the FedRAMP Authorization Act is aimed at modernizing and improving the security of cloud services used by the federal government, while also making it easier for agencies to adopt these services.
Congress
117
Number
HR - 21
Introduced on
2021-01-04
# Amendments
0
Sponsors
+5
Cosponsors
+5

Variations and Revisions

1/6/2021
Text
PDF
XML

Status of Legislation

Bill Introduced
Introduced to House
Passed in House
Introduced to Senate
Senate to Vote

Purpose and Summary

Federal Risk and Authorization Management Program Authorization Act of 2021 or the FedRAMP Authorization Act

This bill provides statutory authority for the Federal Risk and Authorization Management Program (FedRAMP) within the General Services Administration (GSA).

The GSA must establish a government-wide program that provides the authoritative standardized approach to security assessment and authorization for cloud computing products and services that process unclassified information used by agencies. Agencies must ensure that their cloud computing services meet GSA requirements.

The bill establishes the Joint Authorization Board to conduct security assessments of cloud computing services and issue provisional authorizations to operate to cloud service providers that meet FedRAMP security guidelines.

The GSA shall (1) publish a report that includes an assessment of the cost incurred by agencies and cloud service providers related to the issuance of FedRAMP authorizations and provisional authorizations, (2) determine the requirements for certification of independent assessment organizations, and (3) establish the Federal Secure Cloud Advisory Committee.

The FedRAMP Authorization Act, also known as Bill 117 hr 21, is a piece of legislation introduced in the US Congress. The purpose of this bill is to streamline the process for federal agencies to authorize cloud service providers for use in government operations.

The bill aims to improve the Federal Risk and Authorization Management Program (FedRAMP), which is responsible for ensuring that cloud service providers meet the necessary security standards to be used by federal agencies. By streamlining the authorization process, the bill seeks to make it easier for agencies to adopt cloud services while still maintaining high levels of security.

Some key provisions of the FedRAMP Authorization Act include requiring the General Services Administration (GSA) to establish a process for expedited authorization of cloud service providers, as well as mandating regular updates to the FedRAMP security standards to keep pace with evolving technology and threats. Overall, the FedRAMP Authorization Act is aimed at modernizing and improving the security of cloud services used by the federal government, while also making it easier for agencies to adopt these services.
Alternative Names
Official Title as IntroducedTo enhance the innovation, security, and availability of cloud computing products and services used in the Federal Government by establishing the Federal Risk and Authorization Management Program within the General Services Administration and by establishing a risk management, authorization, and continuous monitoring process to enable the Federal Government to leverage cloud computing products and services using a risk-based approach consistent with the Federal Information Security Modernization Act of 2014 and cloud-based operations, and for other purposes.
Policy Areas
Government Operations and Politics
Potential Impact
Administrative law and regulatory procedures•
Advisory bodies•
Computer security and identity theft•
Computers and information technology•
Congressional oversight•
General Services Administration•
Government employee pay, benefits, personnel management•
Government information and archives•
Government studies and investigations•
Intergovernmental relations•
Internet and video services•
Internet, web applications, social media•
Public participation and lobbying

Comments

Related

Member:  Jody B. Hice
Bill Update Alert:  Federal Secure Cloud Improvement and Jobs Act of 2021
Committee:  Homeland Security and Governmental Affairs
Committee:  Oversight and Accountability

Recent Activity

Latest Summary2/9/2021

Federal Risk and Authorization Management Program Authorization Act of 2021 or the FedRAMP Authorization Act

This bill provides statutory authority for the Federal Risk and Authorization Management Program (FedRAMP) within the Gener...

Latest Action1/6/2021
Received in the Senate and Read twice and referred to the Committee on Homeland Security and Governmental Affairs.