Federal Risk and Authorization Management Program Authorization Act of 2019 or the FedRAMP Authorization Act
This bill provides statutory authority for the Federal Risk and Authorization Management Program (FedRAMP) within the General Services Administration (GSA).
The GSA must establish a government-wide program that provides the authoritative standardized approach to security assessment and authorization for cloud computing products and services that process unclassified information used by agencies. Agencies must ensure that their cloud computing services meet GSA requirements.
The bill establishes the Joint Authorization Board to conduct security assessments of cloud computing services and issue provisional authorizations to operate to cloud service providers that meet FedRAMP security guidelines.
The GSA shall (1) determine the requirements for certification of independent assessment organizations, and (2) establish the Federal Secure Cloud Advisory Committee.