House Passes Connolly FedRAMP Legislation
First bill to pass 117th Congress
In one of its first actions of the 117th Congress, today the House of Representatives passed Representative Gerald E. Connolly’s Federal Risk and Authorization Management Program (FedRAMP) Authorization Act. The bipartisan legislation was cosponsored by Representatives James Comer (R-KY) and Jody Hice (R-GA). The Federal Risk and Authorization Management Program (FedRAMP) Authorization Act of 2021 would codify the existing FedRAMP Program at the General Services Administration (GSA).
“FedRAMP was established in 2011 to provide a standardized government-wide approach to security assessment, authorization, and continuous monitoring of cloud computing services. The program reduces the redundancies of federal cloud migration for both the federal government and for cloud service providers,” Connolly said. “Unfortunately, the current state of cloud adoption in the federal government involves various agency-specific processes, making it complicated for agencies to issue an authorization to operate for cloud services, even when a cloud service provider has already been authorized for use at other agencies.”
“For nearly four years, I have worked with the Office of Management and Budget, GSA, industry stakeholders, and my friends on the other side of the aisle to ensure that the bill makes needed improvements to the FedRAMP program, and also gives the program flexibility to grow and adopt to myriad future changes in cloud technologies. This bill is essential and will demonstrate a universal commitment to FedRAMP and the accelerated adoption of secure cloud computing technologies, a vital component of the broader federal IT modernization effort,” Connolly added.
FedRAMP is a standardized approach to certifying and assessing in an ongoing manner the security of cloud computing technologies used across the federal government. It seeks to reduce the redundancies of federal cloud migration by creating a “certify once, reuse many times” model for cloud products and services that provide a cost-effective, risk-based approach to cloud adoption. In the first four years of FedRAMP, the program authorized only 20 cloud products. Today, there are 211 FedRAMP Authorized cloud products that federal agencies can use and more than 240 Cloud Service Providers participating in FedRAMP, 30% of which are small businesses. In fiscal year 2020, FedRAMP saw a 50% increase in agencies reusing authorized cloud products.
The FedRAMP Authorization Act would:
Connolly’s bill passed the House with bipartisan support twice in the 116th Congress. Once under suspension by voice vote and again as an amendment to the House National Defense Authorization Act for FY2021.