Coalfire Releases Guidance as President Joe Biden Signs FedRAMP Authorization Act into Law
January 2023 by Coalfire
Today, President Biden signed the National Defense Authorization Act (NDAA) for Fiscal Year 2023, taking a giant step forward in securing the federal government’s cloud-first mission. The FedRAMP (Federal Risk and Authorization Management Program) Authorization Act, outlined in section 5921 of the NDAA, formalizes the cybersecurity certification that cloud service providers (CSPs) must obtain before working with the U.S. government.
Global cybersecurity pioneer Coalfire released guidance for CSPs, government agencies, and commercial businesses on how to interpret the bill and essential key steps to ensure successful deployment and maximize protection for the cloud-first mission.
"The federal government is sending a bold message to agencies and commercial businesses that FedRAMP is here to stay," said Tom McAndrew, chief executive officer of Coalfire, the most experienced FedRAMP assessment and advisory firm working in partnership with all major cloud service providers, including Amazon, Google, and Microsoft. "The passage of the FedRAMP Authorization Act will stimulate innovation and drive agencies to seek ’cloud-first’ technology solutions, making for a safer, more security-conscious country."
The codified FedRAMP imperative will make it easier for commercial cloud and software providers to access multiple agencies across the federal marketplace. The law’s most important feature is the concept of "reciprocity," which enables CSPs to authorize once and then re-use their already-certified FedRAMP status across other agencies. By formalizing reciprocity and the "presumption of adequacy" for government contractors, agencies can more easily certify vendors and access more cyber-secure services.
"With the addition of reciprocity alone, the core business case for gaining FedRAMP authorization just got a lot better," said McAndrew. "Now, commercial cloud and software providers have easier access to multiple agencies across the federal marketplace."
From FISMA (Federal Information Security Management Act) in 2002 to the original FedRAMP in 2011, the FedRAMP Authorization Act accelerates secure cloud adoption for federal agencies. Today’s long-awaited FedRAMP reform is expected to spread into state and local governments and have a major impact on security standards across the commercial economy.