Two senior House leaders on Federal technology issues said today they are looking for decisive action soon on legislation to update the Federal Information Security Management Act (FISMA), and codify and improve the General Services Administration’s Federal Risk and Authorization Management Program (FedRAMP).
Speaking at the ServiceNow Federal Forum 2022 event, Reps. Gerry Connolly, D-Va., and Jim Langevin, D-R.I., put those two ongoing legislative efforts at the top of their lists of Federal IT issues likely to move in the current session of Congress.
FISMA, FedRAMP Status
Rep. Connolly, who chairs the House Government Operations Subcommittee, is the sponsor of legislation approved by the House in early 2021 to codify into law the FedRAMP program, which certifies the security of cloud technologies for Federal government use. The House-approved legislation would fund the program at $20 million annually, and would create a “presumption of adequacy” for cloud technologies that have already received FedRAMP certification from one Federal agency so that other agencies can easily adopt them as well.
The Senate earlier this month approved a package of cybersecurity-related bills including its own version of FedRAMP reform legislation that aims at the same broad goals of the House-approved bill, but is far from identical in its provisions.
Also featured in the Senate-approved cybersecurity package – dubbed the Strengthening American Cybersecurity Act of 2022 – is an extensive update to the existing FISMA law that tracks broadly with a bill approved by the Senate Homeland Security and Governmental Affairs Committee last October.
The legislation would, among other things: put the Cybersecurity and Infrastructure Security Agency (CISA) more firmly in charge of Federal civilian agency security; wrap the National Cyber Director and the Office of Management and Budget (OMB) more tightly into cybersecurity policy-setting; ensure more timely delivery to key congressional committees of details about major cyberattacks; codify into Federal law some aspects of President Biden’s cybersecurity executive order issued in May 2021; and put into motion penetration testing of Federal civilian networks.
The House Oversight and Reform Committee on last month approved its own version of FISMA reform legislation that also aims in the same direction as Senate legislation, but is not identical.
Speaking at today’s ServiceNow Federal Forum event, Rep. Connolly said the two House bills on FISMA and FedRAMP reform “are still very much alive, and I would expect action on both of them in this second session of the 117th Congress.”
Addressing the need for the FedRAMP legislation, Rep. Connolly said his House-approved bill aims to “streamline that process … we want to make it a lot less cumbersome and less expensive, as it was originally designed to do.”
On the FISMA reform front, he said the House bill “really goes to cyber – how is the Federal government organized, and how well are we doing in terms of resilience in fending off cyberattacks and protecting” government assets. “That’s really an ongoing critical effort.”
Rep. Langevin – who has long been one of the leading voices in Congress on cybersecurity issues and will be retiring next year, said that recent Senate action on both FedRAMP and FISMA reform is “encouraging” for the prospects of getting legislation over the finish line on both.
“I’m confident that we’ll see a final bill on its way to the President’s desk very soon,” he said, adding “fingers crossed – I hope I’m not being overly optimistic.”
Referring to the FISMA portion of the legislation in particular, he said that both Senate Homeland Security Chairman Gary Peters, D-Mich., and House Oversight and Reform Committee Chairwoman Carolyn Maloney, D-N.Y. “are jointly committed to ensuring that our Federal information system security is in as strong a position as it can be.”
“It’s challenging to get important legislation through Congress,” he said, “but I think we have momentum here and I’m optimistic that we’ll see a bill go to the President.
Evidence Act Progress
Also addressing the ServiceNow Federal Forum, Rep. Derek Kilmer, D-Wash., said he is looking for further progress by Federal agencies in implementing the Foundations for Evidence-Based Policymaking Act signed into law in early 2019.
Rep. Kilmer, who chairs the House Select Committee on the Modernization of Congress, explained that the Evidence Act is responsible for the requirements for Federal agencies to hire chief data officers, and undertake “different elements of evaluation and data and statistical policy issues.”
“I think implementation of the Evidence Act is really important,” he continued. “It is requiring agencies to rethink and modernize their systems for collecting data, and making it available in user friendly ways. We’re seeing tremendous opportunities for partnership between the public sector and the private sector” on those activities, he said.
Nichole Francis Reynolds, vice president and head of Global Government Relations at ServiceNow, moderated the congressional panel at today’s event and thanked the members of Congress for “being relentless” about working to make the government’s use of technology more efficient. “What you’re doing is phenomonal,” she said.