United States of America: Passed FedRAMP Authorization Act through incorporation into the National Defense Authorization Act for Fiscal Year 2023

Description

Passed FedRAMP Authorization Act through incorporation into the National Defense Authorization Act for Fiscal Year 2023

On 8 December 2022, the US House of Representatives passed the “National Defense Authorization Act for Fiscal Year 2023”, which, in its compromise form, would include a section that would amend the Federal Risk and Authorization Management Program (FedRAMP), a government program that regulates the cybersecurity certification that cloud service providers are required to obtain to manage US government data. In particular, the Act would allow tools certified by FedRAMP to be used in an agency without additional verification. Further, the Act creates a cloud advisory committee with representatives from cloud services companies.

Original source

Scope

Policy Area
Data governance
Policy Instrument
Cybersecurity regulation
Regulated Economic Activity
infrastructure provider: cloud computing, storage and databases
Implementation Level
national
Government Branch
legislature
Government Body
parliament

Complete timeline of this policy change

Hide details
2021-01-04
under deliberation

The FedRAMP Authorization Act is introduced, aiming to enhance the innovation, security, and availa…

2022-12-08
under deliberation

On 8 December 2022, the US House of Representatives passed the “National Defense Authorization Act …

2022-12-15
adopted

On 15 December 2022, the US Senate adopted the “National Defense Authorization Act for Fiscal Year …

2022-12-23
in grace period

On 23 December 2022, the Authorization Management Program (FedRAMP) entered not force with grace pe…

2027-12-23
in force

On 23 December 2027, the Authorization Management Program (FedRAMP) is implemented, 5 years after i…