Last Friday, President Biden signed the National Defense Authorization Act (NDAA) for the Fiscal Year 2023 (FY 2023), steering the federal government closer to its cloud-first mission. Quite significantly, outlined in the NDAA is the Federal Risk and Authorization Management Program (FedRAMP) Authorization Act, which formalizes cybersecurity certification that CSPs are required to obtain prior to working with the United States government. This codifies secure market expansion into law.
Additionally, it features what’s being hailed as a game-changer in reciprocity. With its formalization, agencies can not only more quickly to certify vendors, but will also be able to access more cyber-secure services. Commercial cloud and software providers will now have easier access to multiple agencies across the federal marketplace.
Moreover, the NDAA also mandates the creation of a Secure Cloud Advisory Committee that will coordinate with the existing FedRAMP Joint Authorization Board. This is set to streamline the selection and assessment of processes that shorten the time of what is known as Authority to Operate (ATO).
With the President’s NDAA signing came news and prescient guidance from Coalfire, a global cybersecurity consultancy for CSPs, commercial businesses and government entities. Coalfire provided an in-depth interpretation of the bill and key steps on how to ensure the progress of this cloud-first mission.
Tom McAndrew, Coalfire’s CEO, said that this is the federal government sending a very bold message that FedRAMP is here to stay. “The passage of FedRAMP Authorization Act will stimulate innovation and drive agencies to seek more cloud-first technology solutions, making for a safer, more security-conscious country."
According to Coalfire, it’s time for SaaS (News - Alert) businesses to take fresh looks at the growing FedRAMP market. With federal spend on cloud services expected to surpass $11 billion (and all of this FedRAMP reform language, to boot), more vital framework is now in place to head towards a dramatically improved cloud-centric future.
Edited by Alex Passett