A pair of House Oversight and Reform Committee lawmakers introduced legislation this week that aims to codify the Federal Risk Authorization Management Program, or FedRAMP, and ultimately speed up federal cloud migration with more funding and a mandate to reuse authorizations.
Rep. Gerry Connolly, D-Va., who chairs the Subcommittee on Government Operations and introduced the FedRAMP Authorization Act of 2019 with ranking member Mark Meadows, R-N.C., said the bill will reduce redundancies and streamline the program to improve agencies’ modernization efforts.
For industry products to be used by federal agencies, vendors must put their systems through a security evaluation to receive an authority to operate in the government. Operating within the General Services Administration, FedRAMP intended to standardize and speed up the certification process and could grant provisional ATOs to be used across federal entities.
But what was only meant to take about six months and cost around $250,000 has some vendors spending much more and waiting years for approval—even after they’ve received certification from other agencies.
“[FedRAMP] continues to suffer from a lack of agency buy-in, a lack of metrics, and duplicative processes that have resulted in a lengthy and costly authorization process for cloud service providers,” Connolly said.To combat that issue, he and Meadows revamped legislation that stalled in 2018. The bill would codify each organization’s role and appropriate $25 million for the FedRAMP program management office and the Joint Authorization Board to “address huge increases in federal cloud IT needs.”
The PMO and JAB are also responsible for developing metrics to evaluate the quality of the security assessments used in FedRAMP authorizations, while the Office of Management and Budget will have to submit an an ..
Support the originator by clicking the read the rest link below.
