Today, Rep. Gerald E. Connolly, Chairman of the Subcommittee on Government Operations, released the following statement after the U.S. House of Representatives passed the Chai Suthammanont Healthy Federal Workplaces Act of 2022 and the Federal Risk and Authorization Management Program (FedRAMP) Authorization Act of 2022 with bipartisan support.
“Both of these bills will help ensure that government and the federal workforce are prepared to serve American communities no matter the context,” Chairman Connolly said. “The Chai Suthammanont Act puts employee health and safety at the forefront of government operations during a health emergency and FedRAMP helps agencies adopt cost effective, secure, and nimble cloud technologies so agencies can serve the public anywhere at any time. I am grateful to my colleagues on both sides of the aisle who voted to prioritize the wellbeing of our federal workforce and modernizing our federal information technology systems.”
Chai Suthammanont Healthy Federal Workplaces Act of 2022:
Chai Suthammanont was a federal employee who lost his life after contracting the coronavirus while working as part of the kitchen staff at a Quantico daycare center. He is one of many frontline federal employees whose jobs required them to continue serving the nation in a crowded space during the coronavirus pandemic. This bill was developed in partnership with Christina, Chai’s widow, to ensure that the health and safety of federal workers is prioritized during nationwide public health emergencies declared for infectious disease.
Last year, the Committee on Oversight and Reform approved a previous version of this bill (H.R. 978) that covered the COVID-19 pandemic. This new bill, H.R. 8466, prepares the federal workforce for the potential nationwide public health emergencies of tomorrow. The Committee on Oversight and Reform approved the bill with bipartisan support on September 20, 2022.
Specifically, the Chai Suthammanont Healthy Federal Workplaces Act of 2022 would:
- Require each federal agency to develop and maintain a plan that details public health protocols the agency will take during a declaration. The plan must include guidelines for testing, cleaning, occupancy limits, use of personal protective equipment, notification of individuals who may have been exposed, and protections for employees who travel off-site.
- Require each agency to publish the safety plan on its website and communicate its plan to employees, contractors, and subcontractors.
- Ensure accountability and oversight by requiring the Office of the Inspector General for each agency to report to Congress on plan implementation. The Government Accountability Office would also issue a report on the lessons learned during the COVID-19 pandemic to improve future protocols.
Federal Risk and Authorization Management Program (FedRAMP) Authorization Act of 2022:
In 2011, government partnered with industry to standardize cloud computing security assessments across all federal agencies through an administrative program known asFedRAMP. Before the partnership, each agency had a patchwork of different security requirements for cloud computing services, creating inefficiencies, and making federalgovernment information technology operations more costly and less secure. By providing a common security framework forassessing the security ofcloud computingproducts andservices, FedRAMP enables federal agencies topurchasemodern technologiesthataresecurethrough a process that is more efficient andcost-effective.
Chairman Connolly’s legislation passed the House twice in the 116th Congress and two additional times in the 117th Congress. Chairman Connolly reintroduced the legislation on September 22, 2022 with updated language to incorporate technical input from the Biden Administration.
Specifically, the Federal Risk and Authorization Management Program (FedRAMP) Authorization Act of 2022 would:
- Codify the FedRAMP program and address many of the concerns raised by government and industry stakeholders.
- Reduce duplication of security assessments and other obstacles to agency adoption of cloud products by establishing a “presumption of adequacy” for cloud technologies that have received FedRAMP certification.
- Facilitate use of cloud technologies that have already received an authorization-to-operate by requiring agencies to check a centralized and secure repository and, to the extent practicable, reuse any existing security assessment before conducting their own.
- Require that GSA work toward automating its processes, which will lead to more standard security assessments and continuous monitoring of cloud offerings, and increased efficiency for both providers and agencies.
- Establish a Federal Secure Cloud Advisory Committee to ensure dialogue among GSA, agency cybersecurity and procurement officials, and industry for effective and ongoing coordination in acquisition and adoption of cloud products by the federal government.