2022 in review: FedRAMP reform enacted, SAMOSA Act progresses

Over the course of 2022, Congress progressed several bills that represent a major step forward for federal IT policy across areas including software licensing, cybersecurity in the cloud and semiconductor development.

The executive branch also issued a foundational document intended to guide the use and regulation of artificial intelligence technology, and federal government agencies launched initiatives to acquire IT and cybersecurity talent.

Some of the most consequential policymaking this year included: the SAMOSA Act software transparency bill, the AI Bill of Rights, the $280 billion CHIPS and Science Act, the FedRAMP reform bill, and Biden administration’s cyber job creation sprints.

FedRAMP cybersecurity certification reform

New legislation that will significantly reform the FedRAMP cybersecurity authorization program for cloud vendors by allowing FedRAMP-authorized tools to be used in any federal agency without additional oversight or verification became law earlier this month.

FedRAMP is a crucial cybersecurity certification that cloud service providers must obtain prior to working with U.S. government data.

One of the most consequential aspects of the FedRamp reform language is a “presumption of adequacy” clause, which would allow FedRAMP-authorized tools to be used by any federal agency without further checks.

The latest iteration of the Federal Risk and Authorization Management Program (FedRAMP) bill became law in late December as part of the NDAA after an uphill battle for almost six years led by Rep. Gerry Connolly, D-Va and Sen. Gary Peters, D-Mich.

SAMOSA Act

Congress introduced bipartisan legislation earlier this year that would mandate the consolidation of federal agency software licenses and force agencies to take a more transparent approach to software purchasing.

The Strengthening Agency Management and Oversight of Software Assets Act (SAMOSA), ​​which was first reported by FedScoop, would require government departments to purchase unlimited software contracts and require greater software interoperability from services they procure from Big Tech companies.

The legislation was introduced in the Senate in September by Sens. Gary Peters, D-MI, and Bill Cassidy, R-LA, and by Rep. Matt Cartwright, D-PA in the House.

The SAMOSA Act passed the Senate Homeland Security and Governmental Affairs Committee (HSGAC) committee in September and is expected to get a full Senate vote in the coming months. 

CHIPS and Science Act

Bipartisan legislation known as the “CHIPS and Science Act,” pumped approximately $280 billion of new funding intended to boost domestic semiconductor manufacturing and help the U.S. compete with China in the development of cutting edge technologies.

The bill which became law in August includes approximately $52 billion in government subsidies for U.S. semiconductor production. It also includes $24 billion in investment tax credits for chip plants and other funding to spur innovation and research of other key U.S. technologies.

The IT industry and those that rely on it are expected to benefit significantly from the bill thanks to the increased investments and future growth. For example, IT giants and major federal government contractors like IBM are anticipating using funds from the legislation to boost growth in the sector from semiconductors.

The $1.7 trillion omnibus government spending package signed by President Joe Biden on Thursday ​​fell short of providing the maximum funding authorized under the CHIPS Act but nevertheless authorized large funding increases for NIST, the National Science Foundation (NSF), and the Department of Energy’s (DOE) Office of Science.

AI ‘Bill of Rights‘

The Biden administration in October issued a long-awaited blueprint document that is intended to provide guardrails for the use of artificial intelligence technology within the federal government.

The AI Bill of Rights consists of five key principles for the regulation of the technology: safe and effective systems, algorithmic discrimination protections, data privacy, notice and explanation and human alternatives, consideration and fallback.

It was created by the Office of Science and Technology Policy and is intended to address concerns that unfettered use of AI in certain scenarios may cause discrimination against minority groups and further systemic inequality.

Cyber job creation sprint

A 120-day cybersecurity apprenticeship sprint coordinated by the White House and the Department of Labor created 194 new registered programs, the Biden administration announced in November.

In total, the sprint resulted in more than 7,000 cyber apprentices getting hired, of which over one-third were female and 42% were people of color. Out of the cyber apprentices hired, 1,000 were from the private sector.

The sprint was launched in July in a bid to alleviate a shortage in cyber employees. There have been massive challenges in hiring cybersecurity employees within the government due to a tight labor market and a severe shortage of skilled cyber engineers and analysts and the problem continues to get worse. 

CyberSeek, a recruiting website for cybersecurity jobs in the U.S., funded by the Commerce Department, says that in the public sector or the government, there are 47,114 vacant cyber jobs and 72,599 cybersecurity experts currently employed.