Rep. Gerry Connolly, D.-Va., said today that he’s eager to see Federal agencies – including the Office of Management and Budget (OMB) and the General Services Administration (GSA) – make more progress on implementing the FedRAMP Authorization Act approved by Congress late in 2022.
That law – which was written and shepherded through Congress by the Virginia lawmaker – codified into law the Federal Risk and Authorization Management Program (FedRAMP). The program is overseen by GSA to provide a standardized, government-wide approach to security assessment, authorization, and continuous monitoring for cloud products and services used by Federal agencies.
The 2022 law also features a laundry list of modernization steps for the program aimed to speed up its work and expand its capacity, including through the use of more automation technologies.
Since its passage by Congress, OMB has proposed – but not yet finalized – new guidance to put the law’s provisions into effect and GSA has made some notable changes to the program including replacing its former Joint Authorization Board (JAB) with a new governing board.
Speaking today at a Carahsoft event in Washington, Rep. Connolly said he wants to see more progress on the FedRAMP makeover effort.
“So where are we? Well, there’s been an advisory board, there’s been a draft OMB set of guidance, but we don’t have a director of FedRAMP,” he said.
“GSA wants to abolish the JAB,” he continued. “Now, I’m agnostic about whether you need JAB or not, but if you abolish it, what happens to our gold standard [formerly set by the JAB], what happens to the presumption of adequacy and what replaces it, if anything, and we still don’t know that, and we don’t have final guidance from OMB.”
“So, we’re kind of in limbo right now on FedRAMP, and I think that’s not a good place to be,” the congressman said.
“We want to get on with the implementation of the law we passed,” he said, adding, “We finally were able to get it done in the last Congress and get it into law. So, now we got to make sure it’s implemented and that it achieves the goals we set for it.”
Elsewhere during his remarks today, Rep. Connolly bemoaned the lack of more serious attention in Congress on the modernizing Federal agency technology systems in general, and on appropriating additional money for the Technology Modernization Fund (TMF) to help agencies jumpstart projects to upgrade legacy IT systems.
He said it’s clear that there is Federal agency demand totaling $3-$4 billion for TMF funding, but that any additional funding amounts being discussed in Congress have been “nominal.” He mentioned efforts in recent years to budget a $25 million funding increase for TMF and said “that’s not going to incentivize anyone to upgrade anything.”
“It’s almost an insulting act by an appropriations subcommittee, but also shows you the lack of appreciation of the criticality of these investments, and how really important it is that we make them,” he said.
“Our competitors are making those investments, and many times they’re up to malign purpose,” Rep. Connolly said. “So, protecting the assets within the Federal government – databases, proprietary information, intellectual property – is absolutely in our self-interest.”
“It’s not like there aren’t malign actors trying to penetrate all that, trying to disrupt that, trying to hack into it and use it for purposes that are not in our interest at all, as a country, as a society, as a people,” he said.
“So, we have a moral obligation to protect the assets of the country, and IT is the way we have to it,” the congressman said. “IT platforms must be invested in an upgraded constantly.”