Federal Risk and Authorization Management Program Authorization Act of 2021 or the FedRAMP Authorization Act
This bill provides statutory authority for the Federal Risk and Authorization Management Program (FedRAMP) within the General Services Administration (GSA).
The GSA must establish a government-wide program that provides the authoritative standardized approach to security assessment and authorization for cloud computing products and services that process unclassified information used by agencies. Agencies must ensure that their cloud computing services meet GSA requirements.
The bill establishes the Joint Authorization Board to conduct security assessments of cloud computing services and issue provisional authorizations to operate to cloud service providers that meet FedRAMP security guidelines.
The GSA shall (1) publish a report that includes an assessment of the cost incurred by agencies and cloud service providers related to the issuance of FedRAMP authorizations and provisional authorizations, (2) determine the requirements for certification of independent assessment organizations, and (3) establish the Federal Secure Cloud Advisory Committee.