FedRAMP Authorization Act

5/11/2023, 3:46 PM

FedRAMP Authorization Act

This bill provides statutory authority for the Federal Risk and Authorization Management Program (FedRAMP) within the General Services Administration (GSA).

The GSA must establish a government-wide program that provides the authoritative standardized approach to security assessment and authorization for cloud computing products and services that process unclassified information used by agencies. Agencies must ensure that their cloud computing services meet GSA requirements.

The Government Accountability Office must report to Congress assessing

  • the costs incurred by agencies and cloud service providers relating to the issuance of FedRAMP authorizations,
  • the extent to which agencies have processes in place to continuously monitor the implementation of cloud computing products and services operating as federal information systems,
  • how often and for which categories of products and services agencies use FedRAMP authorizations, and
  • the unique costs and potential burdens incurred by cloud computing companies that are small business concerns as a part of the FedRAMP authorization process.

The bill establishes the Federal Secure Cloud Advisory Committee.

The FedRAMP Authorization Act, also known as Bill 117 hr 8956, is a piece of legislation currently being considered by the US Congress. The purpose of this bill is to streamline and improve the Federal Risk and Authorization Management Program (FedRAMP), which is responsible for ensuring the security of cloud computing services used by federal agencies.

The FedRAMP Authorization Act aims to enhance the efficiency and effectiveness of the FedRAMP process by establishing clear guidelines and deadlines for agencies to follow when authorizing cloud services. This includes requiring agencies to complete security assessments within a certain timeframe and to make decisions on authorizations within 90 days.

Additionally, the bill seeks to improve transparency and accountability within the FedRAMP program by requiring regular reporting on the status of authorizations and the implementation of security controls. It also calls for the establishment of a FedRAMP Advisory Board to provide guidance and oversight to the program. Overall, the FedRAMP Authorization Act is designed to strengthen the security of cloud computing services used by the federal government and to ensure that agencies are able to quickly and efficiently authorize these services while maintaining high standards of security.
Congress
117
Number
HR - 8956
Introduced on
2022-09-22
# Amendments
0
Sponsors
+5
Cosponsors
+5

Variations and Revisions

10/11/2022
Text
PDF
XML

Status of Legislation

Bill Introduced
Introduced to House
Passed in House
Introduced to Senate
Senate to Vote

Purpose and Summary

FedRAMP Authorization Act

This bill provides statutory authority for the Federal Risk and Authorization Management Program (FedRAMP) within the General Services Administration (GSA).

The GSA must establish a government-wide program that provides the authoritative standardized approach to security assessment and authorization for cloud computing products and services that process unclassified information used by agencies. Agencies must ensure that their cloud computing services meet GSA requirements.

The Government Accountability Office must report to Congress assessing

  • the costs incurred by agencies and cloud service providers relating to the issuance of FedRAMP authorizations,
  • the extent to which agencies have processes in place to continuously monitor the implementation of cloud computing products and services operating as federal information systems,
  • how often and for which categories of products and services agencies use FedRAMP authorizations, and
  • the unique costs and potential burdens incurred by cloud computing companies that are small business concerns as a part of the FedRAMP authorization process.

The bill establishes the Federal Secure Cloud Advisory Committee.

The FedRAMP Authorization Act, also known as Bill 117 hr 8956, is a piece of legislation currently being considered by the US Congress. The purpose of this bill is to streamline and improve the Federal Risk and Authorization Management Program (FedRAMP), which is responsible for ensuring the security of cloud computing services used by federal agencies.

The FedRAMP Authorization Act aims to enhance the efficiency and effectiveness of the FedRAMP process by establishing clear guidelines and deadlines for agencies to follow when authorizing cloud services. This includes requiring agencies to complete security assessments within a certain timeframe and to make decisions on authorizations within 90 days.

Additionally, the bill seeks to improve transparency and accountability within the FedRAMP program by requiring regular reporting on the status of authorizations and the implementation of security controls. It also calls for the establishment of a FedRAMP Advisory Board to provide guidance and oversight to the program. Overall, the FedRAMP Authorization Act is designed to strengthen the security of cloud computing services used by the federal government and to ensure that agencies are able to quickly and efficiently authorize these services while maintaining high standards of security.
Alternative Names
Official Title as IntroducedTo amend chapter 36 of title 44, United States Code, to improve the cybersecurity of the Federal Government, and for other purposes.
Policy Areas
Government Operations and Politics
Potential Impact
Advisory bodies•
Computer security and identity theft•
Computers and information technology•
Congressional oversight•
Executive agency funding and structure•
General Services Administration•
Government information and archives•
Government studies and investigations•
Performance measurement•
Public contracts and procurement•
Technology assessment

Comments

Related

Bill Update Alert:  Strengthening American Cybersecurity Act of 2022
Bill Update Alert:  Federal Secure Cloud Improvement and Jobs Act of 2021
Bill Update Alert:  Providing for consideration of the bill (H.R. 3843) to promote antitrust enforcement and protect competition through adjusting premerger filing fees, and increasing antitrust enforcement resources; providing for consideration of the bill (H.R. 7780) to support the behavioral needs of students and youth, invest in the school-based behavioral health workforce, and ensure access to mental health and substance use disorder benefits; providing for consideration of the bill (S. 3969) to amend the Help America Vote Act of 2002 to explicitly authorize distribution of grant funds to the voting accessibility protection and advocacy system of the Commonwealth of the Northern Mariana Islands and the system serving the American Indian consortium, and for other purposes; and for other purposes.
Committee:  Oversight and Accountability
Committee:  Homeland Security and Governmental Affairs

Recent Activity

Latest Summary12/9/2022

FedRAMP Authorization Act

This bill provides statutory authority for the Federal Risk and Authorization Management Program (FedRAMP) within the General Services Administration (GSA).

The GSA must establish a government-wide p...

Latest Action10/11/2022
Received in the Senate and Read twice and referred to the Committee on Homeland Security and Governmental Affairs.