FedRAMP Announces the Passing of the FedRAMP Authorization Act!
The Federal Risk and Authorization Management Program (FedRAMP) has great news to share: The President signed the FedRAMP Authorization Act as part of the FY23 National Defense Authorization Act (NDAA) (See Sec. 5921, page 1055). The Act codifies the FedRAMP program as the authoritative standardized approach to security assessment and authorization for cloud computing products and services that process unclassified federal information. This recognizes the work FedRAMP and its stakeholders have achieved over the last decade.
The FedRAMP team provided technical assistance in the creation of the Act, and has been planning for several months. Here are a few things we are excited for:
- Improving the speed at which new cloud computing products and services can be authorized by implementing automation techniques.
- Continuing to enhance the ability of agencies to effectively evaluate FedRAMP authorized cloud products for reuse.
- Continuing the public comment process for proposed guidance and other FedRAMP directives that may have a direct impact on cloud service providers and agencies before the issuance of such guidance.
- Providing more robust transparency and dialogue between industry and the federal government to drive stronger adoption of secure cloud capabilities and reduce legacy information technology with the inception of the Federal Secure Cloud Advisory Committee.
In FY22, FedRAMP authorized cloud products were reused more than 4,500 times across the federal government, a 60% increase in reuse from FY21 and a 132% increase from FY20. The FedRAMP community continues to grow and includes 204 participating agencies, 280+ cloud service providers, and 40 recognized third party assessment organizations.
We will share additional information on how the Act may impact our stakeholders in the near future, including more information on the new Federal Secure Cloud Advisory Committee. Please keep an eye out on all FedRAMP communication channels for any updates on the program.