Federal Secure Cloud Improvement and Jobs Act of 2021
This bill provides statutory authority for the Federal Risk and Authorization Management Program (FedRAMP) within the General Services Administration (GSA).
FedRAMP is a government-wide program that provides a standardized, reusable approach to security assessment and authorization for cloud computing products and services that process unclassified information used by agencies.
The bill establishes a FedRAMP Board to provide input and recommendations to the GSA regarding the requirements and guidelines for, and the prioritization of, security assessments of cloud computing products and services.
The GSA may determine whether FedRAMP may use an independent assessment service to analyze, validate, and attest to the quality and compliance of security assessment materials that pertain to cloud computing products and services. An independent assessment service that performs such work must annually report to GSA about any foreign interest in, influence of, or control of its service.
The Government Accountability Office must publish a report that, among other requirements, includes an assessment of the costs incurred by agencies and cloud service providers related to the issuance of FedRAMP authorizations.
The bill establishes the Federal Secure Cloud Advisory Committee.
Federal Secure Cloud Improvement and Jobs Act of 2021
This bill provides statutory authority for the Federal Risk and Authorization Management Program (FedRAMP) within the General Services Administration (GSA).
FedRAMP is a government-wide program that provides a standardized, reusable approach to security assessment and authorization for cloud computing products and services that process unclassified information used by agencies.
The bill establishes a FedRAMP Board to provide input and recommendations to the GSA regarding the requirements and guidelines for, and the prioritization of, security assessments of cloud computing products and services.
The GSA may determine the requirements for accreditation of a third-party organization to perform independent assessments and other activities that will improve the overall performance of FedRAMP and reduce the cost of FedRAMP authorizations for cloud service providers. Such requirements may include developing or requiring certification programs for individuals employed by the third-party organization seeking accreditation.
The Government Accountability Office must publish a report that, among other requirements, includes an assessment of the costs incurred by agencies and cloud service providers related to the issuance of FedRAMP authorizations.
The bill establishes the Federal Secure Cloud Advisory Committee.
Reported by Senator Peters with an amendment in the nature of a substitute. With written report No. 117-115.
Reported by Senator Peters with an amendment in the nature of a substitute. With written report No. 117-115.
Ordered to be reported with an amendment in the nature of a substitute favorably.
Hearings held. Hearings printed: S.Hrg. 117-581.