Rep. Gerry Connolly Introduces Bill to Revamp FedRAMP Certification Process

Gerry Connolly

Rep. Gerry Connolly, D-Va., has introduced a bill that would reform the government’s process for authorizing commercial cloud products and services through the Federal Risk and Authorization Management Program.

Connolly’s office said Friday FedRAMP Reform Act of 2018 would also institute agency compliance measures and create new metrics to properly implement such measures.

He noted the bill seeks to clarify the responsibilities of federal and industry stakeholders, establish a process for Congress to evaluate the program’s progress and provide certainty to customers.

Established five years ago, FedRAMP offers a uniform approach for the government to assess, authorize and monitor cloud offerings.

The legislation seeks to reform this process through six steps. First, it would codify FedRAMP by identifying the responsibilities of each federal agency involved with the program.

The Office of Management and Budget will issue guidance to implement FedRAMP principles while the General Services Administration will be in charge of the actual implementation of FedRAMP principles.

Second, OMB will be tasked with ensuring that agencies are in compliance with any requirements related to FedRAMP.

Third, to monitor if FedRAMP is being properly implemented, the FedRAMP Management Office under the GSA will be required to craft metrics concerning time, cost and quality of the assessments. Also, OMB and GSA will be tasked to submit a yearly report to Congress on the status and performance of the FedRAMP PMO.

Fourth, the FedRAMP PMO would be required to automate its procedures.

Fifth, to fast-track certification processes, a Joint Authorization Board’s issuance of an authorization to operate shall be deemed valid.

Finally, for transparency purposes, when an agency issues an ATO, it is required to furnish a copy of said ATO with the FedRAMP PMO.

You may also be interested in...

Robert Wood

Robert Wood: CMS to Adopt Security-Oriented Standard for Software Bill of Materials

Robert Wood, chief information security officer at the Centers for Medicare and Medicaid Services (CMS), said that the CMS has started to lay the groundwork for how the agency incorporates a security-oriented software bill of materials into information systems, Nextgov reported Friday.

Leave a Reply

Your email address will not be published. Required fields are marked *