A bill cleared by the Senate Homeland Security and Governmental Affairs Committee may require the Government Accountability Office to report on the Federal Risk and Authorization Management Program, which aims to standardize cloud product security, Nextgov reported Monday.
Sen. Rob Portman, R-Ohio, led an amendment that gives the “Federal Secure Cloud Improvement and Jobs Act of 2021” provisions to prevent foreign entities from influencing FedRAMP through third-party assessors or code in the software supply chain.
These provisions would task GSA’s administrator to decide whether a cloud vendor may undergo third-party assessments for verification.
The bill also directs GAO to produce a report about FedRAMP 180 days after the bill’s passage.
Sens. Gary Peters, D-Mich., and Josh Hawley, R-Mo., co-authored the bill with support from Sens. Maggie Hassan, D-N.H., Steve Daines, R-Mont., and Portman.
The legislation would augment and authorize FedRAMP for five-years to accelerate the program’s authorization process.