With the year quickly coming to a close, the FedRAMP Authorization Act will be one of Rep. Gerry Connolly’s “big priorities” for legislation, with a markup session expected when the House returns from its August recess, Connolly said during MeriTalk’s Cyber Security Brainstorm today.
Connolly, D-Va., recently introduced the legislation in conjunction with Rep. Mark Meadows, R-N.C., to codify the FedRAMP program into law, and aims to address some of the challenges cloud service providers face in gaining certification.
“[The FedRAMP Authorization Act] came out of MeriTalk. I remember going to my first meeting on FedRAMP with MeriTalk a couple years ago … and a simple question was put to the audience – ‘how many of you think FedRAMP is working the way it’s supposed to?’ And only hands that went up were the Federal employees,” he said. “Apparently, we in the Federal government think things are working great, and nobody else does.”
Connolly emphasized the need for a “presumption of adequacy” among agencies on certification, lower costs to remove barriers for smaller cloud companies, and a streamlined process for certification to remove delay and uncertainty.
However, he acknowledged that getting the bill through Congress may be far from a model of streamlining.
“I will remind you what the late Speaker of the House Sam Rayburn once said about the Senate: he said, ‘The Republicans in the House are the opposition, but the Senate is our enemy.’ Trying to get things through the Senate is remarkable – you would think we lived on different planets sometimes,” he joked. “We’re going to have some missionary work to do in the Senate,” he added.
Connolly also touched on the legislative challenges of funding the Modernizing Government Technology (MGT) Act. With appropriations for the Technology Modernization Fund (TMF) currently sitting at $35 million for fiscal year 2020, Connolly, a cosponsor of the MGT Act, called the funding levels “anemic” and emphasized the need for proper funding and implementation.
With the current funding of $25 million for TMF in fiscal year 2019, the fund has already struggled to make the impact intended, and another year with similar funding would hamper the fund’s ability to make the intended impact.
“[Thirty-five million] is not sufficient to incentivize agencies to replace a multi-billion dollar item over time. Congress has to get serious about appropriations here,” he noted.
While the legislative process may not be the easiest, Connolly noted that on IT issues, the administration and Congress are (mostly) aligned.
“I met with Jared Kushner and Chris Little and others at the White House, and I was impressed that there was a lot of overlap in what they’re seeking to do and what we have been seeking to do. I indicated that if they actually pursued those goals, we would be supportive, and more or less they continue to pursue those goals,” he said.
One bone of contention between the administration and Connolly has been the area of data center consolidations. He stated that while the administration did not mean the updated Data Center Optimization Initiative policy as a retreat from consolidation, Congress would continue oversight and “insist on the FITARA Scorecard that data center consolidation be a front and center score.”
