Policy Visualization

Bill Overview

Title: FedRAMP Authorization Act

Description: This bill provides statutory authority for the Federal Risk and Authorization Management Program (FedRAMP) within the General Services Administration (GSA). The GSA must establish a government-wide program that provides the authoritative standardized approach to security assessment and authorization for cloud computing products and services that process unclassified information used by agencies. Agencies must ensure that their cloud computing services meet GSA requirements. The Government Accountability Office must report to Congress assessing the costs incurred by agencies and cloud service providers relating to the issuance of FedRAMP authorizations, the extent to which agencies have processes in place to continuously monitor the implementation of cloud computing products and services operating as federal information systems, how often and for which categories of products and services agencies use FedRAMP authorizations, and the unique costs and potential burdens incurred by cloud computing companies that are small business concerns as a part of the FedRAMP authorization process. The bill establishes the Federal Secure Cloud Advisory Committee.

Sponsors: Rep. Connolly, Gerald E. [D-VA-11]

Target Audience

Population: People working with or within U.S. government agencies and cloud service providers

Estimated Size: 3000000

This act formalizes the FedRAMP program, which is focused on cloud computing security for federal agencies.
The FedRAMP program impacts all federal agencies using cloud services, which includes a large portion of the federal workforce.
Cloud service providers, particularly those engaged in providing services to the government, will be directly impacted.
Small business cloud providers face unique challenges and costs due to this program, as it assesses them separately.
Employees of cloud service providers involved with the FedRAMP process will be affected.
Overall, individuals working within various U.S. government agencies and related service providers will be impacted.

Reasoning

This policy directly influences employees within federal agencies who manage IT security policies, as their work processes will need to adapt to the FedRAMP standards.
Many cloud service providers are impacted due to compliance costs and adjustments required to meet FedRAMP standards, influencing their employee workload and job satisfaction.
Small business cloud providers may experience financial hardships or opportunities due to the compliance burden and potential for expanded government contracts.
Federal employees responsible for procurement and IT infrastructure will see changes in job role dynamics and workloads due to FedRAMP obligations.
The policy aims to increase security, potentially enhancing personal satisfaction for those prioritizing data security.
Employees of cloud providers might see increased job security due to standardized processes and increased demand from the public sector.

Simulated Interviews

Federal IT Security Manager (Washington, D.C.)

Age: 34 | Gender: female

Wellbeing Before Policy: 6

Duration of Impact: 5.0 years

Commonness: 6/20

Statement of Opinion:

I think the FedRAMP Authorization is crucial for standardizing cloud security,

Wellbeing Over Time (With vs Without Policy)

Year	With Policy	Without Policy
Year 1	7	6
Year 2	7	6
Year 3	6	5
Year 5	6	5
Year 10	6	5
Year 20	6	5

Small Business Cloud Provider CTO (San Francisco, CA)

Age: 45 | Gender: male

Wellbeing Before Policy: 5

Duration of Impact: 10.0 years

Commonness: 7/20

Statement of Opinion:

The FedRAMP process is rigorous and costly, which is worrying for our small firm.

Wellbeing Over Time (With vs Without Policy)

Year	With Policy	Without Policy
Year 1	4	5
Year 2	4	5
Year 3	5	5
Year 5	6	5
Year 10	7	5
Year 20	8	5

Government Contract Specialist (Austin, TX)

Age: 28 | Gender: male

Wellbeing Before Policy: 6

Duration of Impact: 3.0 years

Commonness: 5/20

Statement of Opinion:

This policy might complicate things initially, but it's more about secure services in the long run.

Wellbeing Over Time (With vs Without Policy)

Year	With Policy	Without Policy
Year 1	6	6
Year 2	7	6
Year 3	7	6
Year 5	6	6
Year 10	6	5
Year 20	5	5

Government Cloud Consultant (Chicago, IL)

Age: 53 | Gender: female

Wellbeing Before Policy: 7

Duration of Impact: 10.0 years

Commonness: 3/20

Statement of Opinion:

FedRAMP could increase demand for my services as agencies seek compliance.

Wellbeing Over Time (With vs Without Policy)

Year	With Policy	Without Policy
Year 1	7	7
Year 2	8	7
Year 3	8	7
Year 5	8	7
Year 10	9	7
Year 20	8	7

Federal Agency Procurement Officer (Reston, VA)

Age: 40 | Gender: female

Wellbeing Before Policy: 6

Duration of Impact: 4.0 years

Commonness: 8/20

Statement of Opinion:

This bill adds to our workload but also improves clarity in procurement.

Wellbeing Over Time (With vs Without Policy)

Year	With Policy	Without Policy
Year 1	6	6
Year 2	6	5
Year 3	6	5
Year 5	7	5
Year 10	6	5
Year 20	6	5

IT Graduate Student (New York, NY)

Age: 25 | Gender: other

Wellbeing Before Policy: 5

Duration of Impact: 3.0 years

Commonness: 9/20

Statement of Opinion:

I think FedRAMP could open up new job opportunities for me after graduation.

Wellbeing Over Time (With vs Without Policy)

Year	With Policy	Without Policy
Year 1	6	5
Year 2	6	5
Year 3	6	5
Year 5	5	5
Year 10	5	5
Year 20	5	5

Cloud Security Specialist (Seattle, WA)

Age: 38 | Gender: male

Wellbeing Before Policy: 8

Duration of Impact: 4.0 years

Commonness: 5/20

Statement of Opinion:

The emphasis on security is welcome, but it means continuous monitoring slackens sometimes.

Wellbeing Over Time (With vs Without Policy)

Year	With Policy	Without Policy
Year 1	8	8
Year 2	7	8
Year 3	7	8
Year 5	7	8
Year 10	8	8
Year 20	9	8

Federal IT Systems Analyst (Miami, FL)

Age: 31 | Gender: female

Wellbeing Before Policy: 6

Duration of Impact: 5.0 years

Commonness: 7/20

Statement of Opinion:

FedRAMP formalizes our existing practices, giving a better structure to our work.

Wellbeing Over Time (With vs Without Policy)

Year	With Policy	Without Policy
Year 1	7	6
Year 2	7	6
Year 3	7	6
Year 5	6	6
Year 10	6	6
Year 20	6	6

Cloud Infrastructure Project Manager (Denver, CO)

Age: 29 | Gender: male

Wellbeing Before Policy: 7

Duration of Impact: 4.0 years

Commonness: 6/20

Statement of Opinion:

This policy standardizes the workload and improves professional workflow.

Wellbeing Over Time (With vs Without Policy)

Year	With Policy	Without Policy
Year 1	7	7
Year 2	7	7
Year 3	7	7
Year 5	6	6
Year 10	6	6
Year 20	6	6

Tech Policy Analyst (Boston, MA)

Age: 48 | Gender: female

Wellbeing Before Policy: 7

Duration of Impact: 5.0 years

Commonness: 4/20

Statement of Opinion:

FedRAMP is a significant move in fed initiatives, ensuring better security frameworks.

Wellbeing Over Time (With vs Without Policy)

Year	With Policy	Without Policy
Year 1	7	7
Year 2	8	7
Year 3	8	7
Year 5	8	7
Year 10	7	7
Year 20	6	6

Cost Estimates

Year 1: $15000000 (Low: $12000000, High: $18000000)

Year 2: $13000000 (Low: $10000000, High: $16000000)

Year 3: $12000000 (Low: $9000000, High: $15000000)

Year 5: $9000000 (Low: $7000000, High: $11000000)

Year 10: $9000000 (Low: $7000000, High: $11000000)

Year 100: $9000000 (Low: $7000000, High: $11000000)

Key Considerations

Initial setup costs are significant but taper down as the program stabilizes.
Potential cost savings from reduced duplication of security assessment efforts across agencies.
Importance of maintaining robust security standards within rapidly evolving cloud environments.
Support for small business cloud providers, addressing unique burdens they may face.
Balancing continuous monitoring processes with cost-efficiency for agencies.