A bill codifying FedRAMP finally makes it to the Senate floor
A bipartisan group of senators touted the Senate Homeland Security Committee’s Wednesday approval of a bill to help agencies more quickly adopt cloud services as “commonsense” cybersecurity reform.
The Federal Secure Cloud Improvement and Jobs Act, which would codify and update the Federal Risk and Authorization Management Program, now heads to the Senate floor.
This is the furthest FedRAMP legislation has ever gotten in the Senate, the Homeland Security Committee having sat on Rep. Gerry Connolly’s, D-Va., FedRAMP Authorization Act the four times it was passed by the House.
“As the government continues to face increasing cybersecurity threats, it is important that we have secure, uniform protocols on what cloud programs federal agencies use,” said Sen. Maggie Hassan, D-N.H., one of the legislation’s sponsors. “This bipartisan bill would streamline the approval process for cloud computing products, which will help speed up our IT modernization efforts and strengthen our overall cybersecurity capabilities.”
The bill, introduced Nov. 2, would require the General Services Administration to automate FedRAMP security assessments and reviews within a year, as well as continuously monitor cloud computing products and services.
Like Connolly’s bill, the legislation would have the FedRAMP Program Management Office track metrics gauging the the time and quality of its assessments and fund the program at $20 million annually.
A FedRAMP board consisting of cloud computing, cyber, and privacy and risk management experts from GSA and the Defense and Homeland Security departments would prioritize security assessments of cloud services. And a Federal Secure Cloud Advisory Committee would be established within 90 days to improve communication between agencies and cloud service providers (CSPs).
Sens. Gary Peters, D-Mich., Josh Hawley, R-Mo., Steve Daines, R-Mont., and Rob Portman, R-Ohio, also sponsored the bill.
For his part, Connolly supported the effort of the Homeland Security Committee, which is chaired by Peters and where Portman is ranking member. The bill’s language aligns with that offered by the House in a National Defense Authorization Act amendment.
“It’s critical that federal agencies have access to the safest and newest cloud-based technology to ensure the government is functioning efficiently and that important information is kept secure,” Hawley said in a statement. “This legislation accomplishes those crucial tasks while also creating good-paying private sector jobs.”