Senate to Vote on FedRAMP Authorization Act

Senate lawmakers are expected to vote on a bill that seeks to reform the Federal Risk and Authorization Management Program.

The FedRAMP Authorization Act was referred to the Senate Committee on Homeland Security and Governmental Affairs earlier in November. If it becomes law, the bill would require FedRAMP to have a board that would oversee efforts to enhance and speed up the program.

FedRAMP would also be required to create a separate cloud advisory committee comprising five representatives from service providers, FedScoop reported.

The bill includes a “presumption of adequacy” clause, which would allow FedRAMP-authorized tools to be used in an agency without additional oversight or verification. According to Dave Powner, executive director of Mitre’s Center for Data-Driven Policy, the clause creates a new standard for cloud risk determination and gives an assurance that FedRAMP authorization can be reused without further oversight and without getting penalized.

Powner believes that the bill could lead to a significant rise in FedRAMP authorizations in the coming years.

The bill also includes provisions that would give small businesses a voice within the cloud advisory committee. The bill would also require the cloud advisory committee to increase authorizations given to cloud offerings from small businesses.

Some technologists in the private sector raised concerns about the bill’s lack of funding and resources. According to one industry association leader, the legislation would be stronger if funds and resources were attached to it.

Nevertheless, the leader said he is excited about the bill and the associated cloud advisory committee and believes that funding will come in over time. The leader said the bill would contribute to the evolution of FedRAMP and would address cost and complexity concerns.

A House version of the measure was approved in 2021.