FedRAMP Authorization Act Codified

Big news—the FedRAMP Authorization Act has been passed! What exactly does this mean?  The FedRAMP Authorization Act is part of the FY23 National Defense Authorization Act (NDAA). The Act codifies the FedRAMP program as the authoritative standardized approach to security assessment and authorization for cloud computing products and services that process unclassified federal information. This recognizes the work FedRAMP and its stakeholders have achieved over the last decade.

Let’s go over some highlights of the FedRAMP Authorization Act, which the FedRAMP team assisted in creating.

FedRAMP Authorization Act Highlights

  • There will be a continued focus on helping agencies effectively evaluate FedRAMP-authorized cloud products for reuse. 
  • Automation techniques i.e. OSCAL that speed up the process of authorization for new cloud computing products and services will be implemented. 
  • The public comment process for proposed FedRAMP guidance that might impact cloud service providers and agencies will continue. 
  • The Federal Secure Cloud Advisory Committee has been created. The committee will provide greater transparency between the industry and federal government, push for wider adoption of secure cloud capabilities, and reduce legacy information technology. 

The Federal Risk and Authorization Management Program (FedRAMP) is a government-wide program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services.

Now that FedRAMP is the official standard for CSPs seeking to do business with the federal government, it’s more critical than ever to achieve or maintain your FedRAMP authorization . With the launch of NIST 800-53 Rev 5, you should be asking yourself if your FedRAMP SSP needs any changes. 

It probably sounds like a lot to review and update, but that’s what we’re here to help with. Rizkly can provide you with: 

  • Guidance on transitioning from NIST 800-53 Rev 4 to Rev 5, along with new official FedRAMP documents
  • Support for one-click generation of OSCAL SSPs
  • A secure cloud or on-premise compliance management software for generating your FedRAMP Rev5 SSP 
  • Streamlining your FedRAMP continuous monitoring efforts
  • And more!

Visit FedRAMP’s website for the latest information on the Federal Secure Cloud Advisory Committee and how the new act will impact you.  If you’d like to learn more about Rizkly, please schedule a consult with us today and see how much easier your FedRAMP authorization efforts can be. 

Rizkly simplifies continuous compliance activities and gradually instills security and compliance acumen into your business. Our Guided Compliance as a Service (GCaaS) lets you demonstrate compliance with less disruption to your core business and regain some peace of mind.