The General Services Administration’s Federal Risk Authorization Modernization Program came one step closer to formal, legislative codification Feb. 5, as the House of Representatives voted unanimously to pass the FedRAMP Authorization Act.
The bill ensures that the FedRAMP program, originally established in 2011 by an Office of Management and Budget memorandum, would have a more permanent role, in addition to adding more concrete requirements for agencies to use the program.
“The bill reduces duplication of security assessments and other obstacles to agency adoption of cloud products by establishing … an assumption of adequacy for cloud technologies that have already received FedRAMP certification,” Rep. Gerry Connolly, D-Va., said on the House floor Wednesday.
“The bill also facilitates the reuse of cloud technologies that have already received a reauthorization to operate, by requiring agencies to check a centralized and secure repository and to the extent practicable, reuse any existing security assessment before conducting an independent one of their own.”
A central complaint of the FedRAMP program has been that it’s promised cost and time savings have not been fully realized, as agencies have not treated the authorizations issued for a particular product by another agency as fully viable, making that cloud service provider go through the authorization process all over again.
The bill also calls on GSA to look for even further ways to automate the authorization process, thereby reducing time and costs even further, while actively looking for improvements to the program.
“A significant provision of this bill is the Federal Secure Cloud Advisory Committee. This committee would be tasked with key responsibilities, including providing technical expertise on cloud products and services and identifying ways to reduce costs associated with FedRAMP certification,” said Rep. Carolyn Maloney, D-N.Y.
The FedRAMP process has been heralded as a central component of the White House’s Cloud Smart strategy, which stated that the program has “allowed for a flourishing marketplace of vetted providers to develop.”
The strategy also called for process improvements to the program, increasing the likelihood that the bipartisan legislation will get a sign off from the White House, if it passes the Senate.
Jessie Bur covers federal IT and management.