Federal Secure Cloud Improvement and Jobs Act of 2021

Federal Secure Cloud Improvement and Jobs Act of 2021

This bill provides statutory authority for the Federal Risk and Authorization Management Program (FedRAMP) within the General Services Administration (GSA).

FedRAMP is a government-wide program that provides a standardized, reusable approach to security assessment and authorization for cloud computing products and services that process unclassified information used by agencies.

The bill establishes a FedRAMP Board to provide input and recommendations to the GSA regarding the requirements and guidelines for, and the prioritization of, security assessments of cloud computing products and services.

The GSA may determine whether FedRAMP may use an independent assessment service to analyze, validate, and attest to the quality and compliance of security assessment materials that pertain to cloud computing products and services. An independent assessment service that performs such work must annually report to GSA about any foreign interest in, influence of, or control of its service.

The Government Accountability Office must publish a report that, among other requirements, includes an assessment of the costs incurred by agencies and cloud service providers related to the issuance of FedRAMP authorizations.

The bill establishes the Federal Secure Cloud Advisory Committee.