Connolly, Comer, Peters, Portman Applaud House Passage of FedRAMP Authorization Act in FY23 NDAA
Washington, December 8, 2022
Today, the House passed the Federal Risk and Authorization Management Program (FedRAMP) Authorization Act as part of the FY 2023 National Defense Authorization Act (NDAA). The FedRAMP Authorization Act, authored by Congressman Gerry Connolly (D-VA), the Chairman of the House Subcommittee on Government Operations, codifies the FedRAMP program that standardizes cloud computing security assessments across all federal agencies. The legislation passed the House twice in the 116th Congress and twice again in the 117th Congress. Connolly reintroduced the legislation on September 22, 2022 with updated language to incorporate input from the Biden Administration. U.S. Senators Gary Peters (D-MI) and Rob Portman (R-OH), Chairman and Ranking Member of the Senate Homeland Security and Governmental Affairs Committee, led bipartisan companion legislation in the U.S. Senate.
“I am thrilled that the House has again voted to pass the FedRAMP Authorization Act,” said Connolly. “FedRAMP helps agencies adopt cost effective, secure, and nimble cloud technologies so agencies can serve the public anywhere at any time. I am grateful to Chairman Adam Smith for working with me to ensure this legislation had a place in the FY23 NDAA and to my colleagues on both sides of the aisle who voted in favor of modernizing our federal IT systems, which are the backbone of any successful public policy. I look forward to our continued partnership with Senators Peters and Portman to get this vital legislation over the finish line in the Senate.”
“Smart cybersecurity reforms and technology modernization are fundamental to the efficient, effective, and secure operation of the American government,” said Congressman James Comer (R-KY), Ranking Member of the House Committee on Oversight and Reform. “The FedRAMP Authorization Act will ensure a consistent process for federal agencies to purchase cloud computing services that meet established federal cybersecurity standards. The legislation will also provide better clarity for industry vendors providing modern technology solutions to the government.”
“Cloud-based systems are critical to the federal governments’ efforts to save taxpayer dollars and efficiently deliver services to the American people. I was pleased to work with my colleagues on this bipartisan legislation that will make it easier for agencies to quickly acquire cloud systems, while also ensuring these technologies – which store a tremendous amount of sensitive data – are safe and secure from cyber-attacks,” said Senator Gary Peters (D-MI), Chairman of the Senate Homeland Security and Governmental Affairs Committee. “By helping federal agencies quickly and securely adopt cloud-based systems, this program will also create good-paying jobs, and incentivize cloud companies to create more effective products.”
“Our bipartisan, bicameral legislation builds on the successes of FedRAMP and improves it for the future,” said Senator Rob Portman (R-OH), Ranking Member of the Senate Homeland Security and Governmental Affairs Committee. “Supply chain security experts have warned us about the weaknesses in FedRAMP that leave our cloud systems vulnerable to interference from countries like Russia and China, North Korea, Iran. I am pleased this bill will increase transparency and monitoring of possible foreign influences in FedRAMP approved systems.”
Federal Risk and Authorization Management Program (FedRAMP) Authorization Act of 2022:
In 2011, government partnered with industry to standardize cloud computing security assessments across all federal agencies through an administrative program known as FedRAMP. Before the partnership, each agency had a patchwork of different security requirements for cloud computing services, creating inefficiencies, and making federal government information technology operations more costly and less secure. By providing a common security framework for assessing the security of cloud computing products and services, FedRAMP enables federal agencies to purchase modern technologies that are secure through a process that is more efficient and cost-effective.
Specifically, the Federal Risk and Authorization Management Program (FedRAMP) Authorization Act of 2022 would:
Full text of the legislation is available here.