WASHINGTON, D.C. – U.S. Senators Gary Peters (D-MI), Chairman of Homeland Security and Governmental Affairs, Josh Hawley (R-MO), Maggie Hassan (D-NH), and Steve Daines (R-MT) announced they introduced bipartisan legislation to update and make permanent the Federal Risk and Authorization Management Program (FedRAMP), to ensure federal agencies are able to quickly and securely adopt cloud-based technologies that improve government operations and efficiency. The bill will make FedRAMP more accountable to the American people and create private sector jobs in companies that provide cloud services. The legislation comes after an announcement from Microsoft, which provides cloud services to multiple federal agencies, that Russia-backed hackers have been relentlessly targeting cloud service companies and others since this summer.
“Cloud-based systems have already shown they can greatly improve government efficiency and save taxpayer dollars, but we must ensure that the technology is safe from relentless cyber-attacks,” said Senator Peters. “This important bipartisan bill will make sure that agencies can procure cloud-based technology quickly, while ensuring these systems – and the information they store – are secure. It will also help companies that provide these technologies grow and create jobs, and incentivize them to provide innovative products to bolster our nation’s competitiveness in this space.”
“It’s critical that federal agencies have access to the safest and newest cloud-based technology to ensure the government is functioning efficiently and that important information is kept secure,” said Senator Hawley. “This legislation accomplishes those crucial tasks while also creating good-paying private sector jobs.”
“As the government continues to face increasing cybersecurity threats, it is important that we have secure, uniform protocols on what cloud programs federal agencies use,” said Senator Hassan. “This bipartisan bill would streamline the approval process for cloud computing products, which will help speed up our IT modernization efforts and strengthen our overall cybersecurity capabilities. I am glad to be working on this bill with my colleagues on both sides of the aisle, and I will continue to support commonsense reforms to make sure that the United States is at the forefront of cybersecurity.”
“It’s important we modernize our laws to allow us to take advantage of new cloud technologies and bring our government into the 21st century,” said Senator Daines. “Not only will this help create jobs and save taxpayer dollars, but it will ensure that our networks are secure and vital personal and national security information is protected.”
Cloud storage and other technologies are widely used by the federal government. FedRAMP has defined the responsibilities of federal agencies since 2011 to ensure cloud-based information technology is used appropriately. Updating and making this program permanent will ensure it is accountable to Congress and that cloud-based products procured by federal agencies are secure. Under FedRAMP, there are currently are more than 200 Cloud Service Providers serving 183 federal agencies. Thirty percent of these providers are small businesses and investing in this technology will help these companies grow their business and hire new workers. As the COVID-19 pandemic continues pushing agencies to adopt these technologies so federal employees can effectively serve the American people while working remotely – the senators’ bipartisan legislation will help ensure that agencies' processes of moving safely to the cloud are streamlined and efficient.
The Federal Secure Cloud Improvement and Jobs Act makes permanent and updates FedRAMP to ensure that cloud-based information technology can be quickly adopted by the federal government while ensuring that it is secure. The bill modernizes the process by which cloud products are deemed safe and can receive FedRAMP authorization. The legislation also establishes metrics to ensure proper implementation of FedRAMP, and requires the creation of a Federal Secure Cloud Advisory Committee to improve communication between federal agencies who utilize cloud technologies and the companies that provide them. Finally, the legislation authorizes a $20 million investment to operate FedRAMP.