FedRAMP Codification Bill Added to House NDAA Legislation

The House voted late on July 20 to include in the Fiscal Year 2021 National Defense Authorization Act (NDAA) legislation that would codify into law the FedRAMP program – giving the program a statutory foundation and formal standing for congressional review.

The FedRAMP program provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services.

News of the bill’s inclusion in the NDAA came today from Rep. Gerry Connolly, D-Va., chairman of the House Government Operations Subcommittee and a sponsor of the FedRAMP bill introduced in the House last year.

“I’m pleased to tell you last night I got the entire bill adopted as an amendment in the first block of amendments to the pending Defense Authorization Act,” Rep. Connolly said during Carahsoft’s GovForward event. “And so the House fully voted on it last night for inclusion in that act which is a great vehicle for becoming law. In fact, that’s the same vehicle that allowed us to pass FITARA.”

Connolly said he’s “pretty confident” that FedRAMP legislation will become law and that it will “serve to streamline, to make more efficient, and to allow more entry in serving the Federal government in cloud computing services.”

In July 2019, Reps. Connolly and Mark Meadows, R-N.C., introduced FedRAMP legislation to codify the program into law, along with taking other actions to make the program more efficient. The bill was approved by the House in February,  but as of then had no Senate companion bill. The measure’s inclusion in the FY 2021 NDAA bill – which is widely considered to be must-pass legislation for both the House and Senate – improves its chances of becoming law.

Among other provisions, the bill would:

  • Establish a presumption of adequacy for FedRAMP authorized cloud services;
  • Encourage further automation of the FedRAMP process;
  • Establish a Federal Secure Cloud Advisory Committee;
  • Require the Office of Management and Budget to ensure all agencies get authorizations for cloud services;
  • Relocate the FedRAMP PMO within GSA; and
  • Allocate $20 million annually for FedRAMP’s program management office and the Joint Authorization Board.
Jordan Smith
About Jordan Smith
Jordan Smith is a MeriTalk Staff Reporter covering the intersection of government and technology.

Categories

Recent