FedRAMP Authorization Act
This bill provides statutory authority for the Federal Risk and Authorization Management Program (FedRAMP) within the General Services Administration (GSA).
The GSA must establish a government-wide program that provides the authoritative standardized approach to security assessment and authorization for cloud computing products and services that process unclassified information used by agencies. Agencies must ensure that their cloud computing services meet GSA requirements.
The Government Accountability Office must report to Congress assessing
- the costs incurred by agencies and cloud service providers relating to the issuance of FedRAMP authorizations,
- the extent to which agencies have processes in place to continuously monitor the implementation of cloud computing products and services operating as federal information systems,
- how often and for which categories of products and services agencies use FedRAMP authorizations, and
- the unique costs and potential burdens incurred by cloud computing companies that are small business concerns as a part of the FedRAMP authorization process.
The bill establishes the Federal Secure Cloud Advisory Committee.