On Wednesday January 11th, FedRAMP was excited to announce that the FedRAMP Authorization Act has been signed by President Biden as a part of the FY23 National Defense Authorization Act (NDAA). According to FedRAMP. This will allow the agency to:
- Improve the speed at which new cloud computing products and services can be authorized by implementing automation techniques.
- Continue to enhance the ability of agencies to effectively evaluate FedRAMP authorized cloud products for reuse.
- Continue the public comment process for proposed guidance and other FedRAMP directives that may have a direct impact on cloud service providers and agencies before the issuance of such guidance.
- Provide more robust transparency and dialogue between industry and the federal government to drive stronger adoption of secure cloud capabilities and reduce legacy information technology with the inception of the Federal Secure Cloud Advisory Committee.
Quick review – what is FedRAMP? The Federal Risk and Authorization Management Program was established in 2011 to provide a cost-effective, risk-based approach for the adoption and use of cloud services by the federal government. The mission has always been to empower agencies to use modern cloud technologies with an emphasis on security and protection of federal information. The reuse of FedRAMP authorized cloud products has grown exponentially since FY22, boasting a community that now includes 204 participating agencies, over 280 cloud service providers, and 40 recognized third party assessment organizations.
Operating under the umbrella of the General Services Administration, the passing of this Act positions the FedRAMP program to be considered an authoritative standardization. Page 1056 (sec. 3608) of the NDAA (FY23 National Defense Authorization Act) states:
‘‘There is established within the General Services Administration the Federal Risk and Authorization Management Program. The Administrator, subject to section 3614, shall establish a Government-wide program that provides a standardized, reusable approach to security assessment and authorization for cloud computing products and services that process unclassified information used by agencies.”
A Federal Secure Cloud Advisory Committee will also be formed per the new amendement. Their primary role will be “to ensure effective and ongoing coordination of agency adoption, use, authorization, monitoring, acquisition, and security of cloud computing products and services to enable agency mission and administrative priorities.” (Pg. 1062, sec. 3616)
The agency enables the federal government to accelerate the adoption of cloud computing by creating transparent standards and processes for security authorizations, while also allowing agencies to leverage security authorizations on a government-wide scale. For more information on the benefits and goals of the FedRAMP program, please visit www.fedramp.gov. For compliance inquiries, visit our FedRAMP service page or contact us today!
