An amendment that would codify the Federal Risk and Authorization Management Program, with some major new stipulations, is one of several areas where the next National Defense Authorization Act could shake up technology policy across the federal government and private industry.
Lawmakers again took the opportunity to attach all manner of amendments that affect agencies and programs outside the Defense Department to what is considered must-pass legislation.
Both chambers passed their versions of the annual authorization bill in July, and the House and Senate Armed Services Committees must now work in conference to iron out the differences in the two final bills. The White House already issued a July 21 veto threat for the House version, including an objection to a provision to rename military installations commemorating members of the Confederacy. The Senate version passed with similar language, though the vote came in at 86-14—a veto-proof majority.
Here is a sample of what each side is bringing to the table to govern emerging technology opportunities and challenges now that the dust has settled from the amendment storm.
FedRAMP Reconstruction and Modernization
The House NDAA includes the full text of the FedRAMP Authorization Act, which passed the House in February, as an amendment from Rep. Gerry Connolly, D-Va., chairman of the House Subcommittee on Government Operations.
Through FedRAMP, instituted by the General Services Administration, cloud service providers can obtain certificates of security through a joint authorization board that theoretically pre-approves them to fulfill contracts across the government. But, the streamlining ambition has not been fully realized as individual agencies have their own security review avenues.
The Connolly measure would esta ..
Support the originator by clicking the read the rest link below.
