Skip to Content

Connolly, Comer, Peters, Portman Applaud House Passage of FedRAMP Authorization Act in FY23 NDAA

Today, the House passed the Federal Risk and Authorization Management Program (FedRAMP) Authorization Act as part of the FY 2023 National Defense Authorization Act (NDAA). The FedRAMP Authorization Act, authored by Congressman Gerry Connolly (D-VA), the Chairman of the House Subcommittee on Government Operations, codifies the FedRAMP program that standardizes cloud computing security assessments across all federal agencies. The legislation passed the House twice in the 116th Congress and twice again in the 117th Congress. Connolly reintroduced the legislation on September 22, 2022 with updated language to incorporate input from the Biden Administration. U.S. Senators Gary Peters (D-MI) and Rob Portman (R-OH), Chairman and Ranking Member of the Senate Homeland Security and Governmental Affairs Committee, led bipartisan companion legislation in the U.S. Senate. 


“I am thrilled that the House has again voted to pass the FedRAMP Authorization Act,” said Connolly. “FedRAMP helps agencies adopt cost effective, secure, and nimble cloud technologies so agencies can serve the public anywhere at any time. I am grateful to Chairman Adam Smith for working with me to ensure this legislation had a place in the FY23 NDAA and to my colleagues on both sides of the aisle who voted in favor of modernizing our federal IT systems, which are the backbone of any successful public policy. I look forward to our continued partnership with Senators Peters and Portman to get this vital legislation over the finish line in the Senate.”


“Smart cybersecurity reforms and technology modernization are fundamental to the efficient, effective, and secure operation of the American government,” said Congressman James Comer (R-KY), Ranking Member of the House Committee on Oversight and Reform. “The FedRAMP Authorization Act will ensure a consistent process for federal agencies to purchase cloud computing services that meet established federal cybersecurity standards. The legislation will also provide better clarity for industry vendors providing modern technology solutions to the government.”


“Cloud-based systems are critical to the federal governments’ efforts to save taxpayer dollars and efficiently deliver services to the American people. I was pleased to work with my colleagues on this bipartisan legislation that will make it easier for agencies to quickly acquire cloud systems, while also ensuring these technologies – which store a tremendous amount of sensitive data – are safe and secure from cyber-attacks,” said Senator Gary Peters (D-MI), Chairman of the Senate Homeland Security and Governmental Affairs Committee. “By helping federal agencies quickly and securely adopt cloud-based systems, this program will also create good-paying jobs, and incentivize cloud companies to create more effective products.”


“Our bipartisan, bicameral legislation builds on the successes of FedRAMP and improves it for the future,” said Senator Rob Portman (R-OH), Ranking Member of the Senate Homeland Security and Governmental Affairs Committee. “Supply chain security experts have warned us about the weaknesses in FedRAMP that leave our cloud systems vulnerable to interference from countries like Russia and China, North Korea, Iran. I am pleased this bill will increase transparency and monitoring of possible foreign influences in FedRAMP approved systems.” 


Federal Risk and Authorization Management Program (FedRAMP) Authorization Act of 2022:


In 2011, government partnered with industry to standardize cloud computing security assessments across all federal agencies through an administrative program known as FedRAMP.  Before the partnership, each agency had a patchwork of different security requirements for cloud computing services, creating inefficiencies, and making federal government information technology operations more costly and less secure.  By providing a common security framework for assessing the security of cloud computing products and services, FedRAMP enables federal agencies to purchase modern technologies that are secure through a process that is more efficient and cost-effective.


Specifically, the Federal Risk and Authorization Management Program (FedRAMP) Authorization Act of 2022 would: 


  • Codify the FedRAMP program and address many of the concerns raised by government and industry stakeholders.
  • Reduce duplication of security assessments and other obstacles to agency adoption of cloud products by establishing a “presumption of adequacy” for cloud technologies that have received FedRAMP certification.
  • Facilitate agency reuse of cloud technologies that have already received an authorization-to-operate by requiring agencies to check a centralized and secure repository and, to the extent practicable, reuse any existing security assessment before conducting their own.
  • Require that GSA work toward automating their processes, which will lead to more standard security assessments and continuous monitoring of cloud offerings, and increase the efficiency for both providers and agencies.
  • Establish a Federal Secure Cloud Advisory Committee to ensure dialogue among GSA, agency cybersecurity and procurement officials, and industry for effective and ongoing coordination in acquisition and adoption of cloud products by the federal government.


Full text of the legislation is available here.

Back to top