United States of America: Entry into force with grace period of FedRAMP Authorization Act through incorporation into the National Defense Authorization Act for Fiscal Year 2023

Description

Entry into force with grace period of FedRAMP Authorization Act through incorporation into the National Defense Authorization Act for Fiscal Year 2023

On 23 December 2022, the Authorization Management Program (FedRAMP) entered not force with grace period after it was signed into law by the US President Joe Biden on the same day. The Act was incorporated into the National Defense Authorization Act for Fiscal Year 2023 (H.R.7776). The FedRAMP represents a government program that regulates the cybersecurity certification that cloud service providers are required to obtain to manage US government data. In particular, the Act allows tools certified by FedRAMP to be used in an agency without additional verification. Further, the Act creates a cloud advisory committee with representatives from cloud services companies.

Original source

Scope

Policy Area
Data governance
Policy Instrument
Cybersecurity regulation
Regulated Economic Activity
infrastructure provider: cloud computing, storage and databases
Implementation Level
national
Government Branch
legislature
Government Body
parliament

Complete timeline of this policy change

Hide details
2021-01-04
under deliberation

The FedRAMP Authorization Act is introduced, aiming to enhance the innovation, security, and availa…

2022-12-08
under deliberation

On 8 December 2022, the US House of Representatives passed the “National Defense Authorization Act …

2022-12-15
adopted

On 15 December 2022, the US Senate adopted the “National Defense Authorization Act for Fiscal Year …

2022-12-23
in grace period

On 23 December 2022, the Authorization Management Program (FedRAMP) entered not force with grace pe…

2027-12-23
in force

On 23 December 2027, the Authorization Management Program (FedRAMP) is implemented, 5 years after i…