House Votes to Include FedRAMP in NDAA

The House of Representatives has voted to codify into law the Federal Risk and Authorization Management Program as part of the 2021 National Defense Authorization Act.

News of the FedRAMP provision was announced by Rep. Herry Connolly, chairman of the House Government Operations Subcommittee and a sponsor of the FedRAMP House bill, MeriTalk reported Tuesday.

"The House fully voted on it last night for inclusion in that act which is a great vehicle for becoming law. In fact, that’s the same vehicle that allowed us to pass FITARA,” Connolly said during Carasoft's GovForward event.

FITARA, or the Federal Information Technology Acquisition Reform Act, is a 2014 law that helps federal agencies buy and manage computer technology.

FedRAMP's inclusion in the NDAA would give it a statutory foundation and formal standing for congressional review. The program was created to standardize approaches to security assessment, authorization and continuous monitoring for cloud products and services. 

The program was launched in 2011 and has since been criticized by lawmakers as being slow in implementing standardized practices and inefficient in its certification process.  

If passed into law, the FedRAMP legislation will “serve to streamline, to make more efficient, and to allow more entry in serving the Federal government in cloud computing services,” Connolly said.

Connolly and former Rep. Mark Meadows introduced FedRAMP legislation in July 2019 aimed at introducing new actions to make the program more efficient.

The proposed NDAA would establish a presumption of adequacy for FedRAMP-authorized cloud services and encourage further automation of the certification process. 

Sign Up Now! Potomac Officers Club provides you with Daily Updates and News Briefings about Popular Voices

Join Us Now