Bill Overview
Title: Federal Secure Cloud Improvement and Jobs Act of 2021
Description: Secure Cloud Improvement and Jobs Act of 2021 This bill provides statutory authority for the Federal Risk and Authorization Management Program (FedRAMP) within the General Services Administration (GSA). FedRAMP is a government-wide program that provides a standardized, reusable approach to security assessment and authorization for cloud computing products and services that process unclassified information used by agencies. The bill establishes a FedRAMP Board to provide input and recommendations to the GSA regarding the requirements and guidelines for, and the prioritization of, security assessments of cloud computing products and services. The GSA may determine whether FedRAMP may use an independent assessment service to analyze, validate, and attest to the quality and compliance of security assessment materials that pertain to cloud computing products and services. An independent assessment service that performs such work must annually report to GSA about any foreign interest in, influence of, or control of its service. The Government Accountability Office must publish a report that, among other requirements, includes an assessment of the costs incurred by agencies and cloud service providers related to the issuance of FedRAMP authorizations. The bill establishes the Federal Secure Cloud Advisory Committee.
Sponsors: Sen. Peters, Gary C. [D-MI]
Target Audience
Population: People using or employed by cloud service providers working with the US government, plus US government employees using cloud services
Estimated Size: 1200000
- The Federal Secure Cloud Improvement and Jobs Act of 2021 impacts mainly government agencies using cloud services, as it establishes standards and assessments for such services.
- Cloud service providers are directly impacted as they will need to conform to the FedRAMP standards and undergo assessments.
- Employees of such cloud service providers will also be affected as their work processes may change due to new compliance requirements.
- Non-government organizations that work closely with government agencies and utilize cloud computing services may experience indirect impacts due to changes in security requirements.
- The establishment of the Federal Secure Cloud Advisory Committee indicates input from diverse stakeholders, increasing the range of individuals influenced.
- If FedRAMP requirements are made mandatory for all federal agencies, the reach of the bill extends to nearly all sectors engaged with cloud security for governmental purposes.
Reasoning
- The policy heavily affects employees directly involved with cloud services and government-related projects. They will see changes in their work processes which can impact well-being due to heightened standards and requirements.
- For non-governmental employees working with government contracts, compliance changes can add stress or job satisfaction depending on how smoothly these changes are implemented.
- The general population may not be directly aware of policy changes unless they are exposed to cloud computing in their professional environment.
- Given the budgetary allocation, the immediate direct impact is on professionals dealing directly with FedRAMP and government cloud users. It's unlikely to affect the wider employment landscape or significantly change job availability outside these sectors.
- Well-being impacts can range from positive, due to increased job security and clarity, to negative, due to additional red tape and compliance stress.
Simulated Interviews
Cloud Solutions Architect (San Francisco, CA)
Age: 34 | Gender: female
Wellbeing Before Policy: 7
Duration of Impact: 10.0 years
Commonness: 3/20
Statement of Opinion:
- The policy will create more standardized guidelines which is good, but it might slow down project rollouts.
- Secure practices are critical, but I hope they keep the process efficient.
- Less flexibility could be frustrating, but necessary.
Wellbeing Over Time (With vs Without Policy)
| Year | With Policy | Without Policy |
|---|---|---|
| Year 1 | 6 | 7 |
| Year 2 | 7 | 7 |
| Year 3 | 7 | 7 |
| Year 5 | 8 | 7 |
| Year 10 | 9 | 7 |
| Year 20 | 8 | 6 |
Federal IT Manager (Washington, D.C.)
Age: 50 | Gender: male
Wellbeing Before Policy: 6
Duration of Impact: 15.0 years
Commonness: 2/20
Statement of Opinion:
- This will streamline secure cloud implementations and reduce shadow IT.
- The approval timeline needs to be reasonable.
- I see benefits in interoperability and security compliance.
Wellbeing Over Time (With vs Without Policy)
| Year | With Policy | Without Policy |
|---|---|---|
| Year 1 | 6 | 6 |
| Year 2 | 6 | 6 |
| Year 3 | 7 | 6 |
| Year 5 | 7 | 6 |
| Year 10 | 7 | 5 |
| Year 20 | 7 | 4 |
Cloud Security Consultant (Austin, TX)
Age: 27 | Gender: other
Wellbeing Before Policy: 8
Duration of Impact: 10.0 years
Commonness: 5/20
Statement of Opinion:
- We get more business ensuring compliance, which is good for us.
- It may cause some stress with tight deadlines.
- Ultimately, a stronger focus on security is beneficial.
Wellbeing Over Time (With vs Without Policy)
| Year | With Policy | Without Policy |
|---|---|---|
| Year 1 | 7 | 8 |
| Year 2 | 8 | 8 |
| Year 3 | 8 | 8 |
| Year 5 | 9 | 8 |
| Year 10 | 9 | 7 |
| Year 20 | 8 | 6 |
Government Contractor (Chicago, IL)
Age: 45 | Gender: female
Wellbeing Before Policy: 5
Duration of Impact: 5.0 years
Commonness: 3/20
Statement of Opinion:
- We're nervous about new processes, but it ensures secure data management.
- FedRAMP is both a hurdle and a safeguard.
- Expecting this will increase project timelines initially.
Wellbeing Over Time (With vs Without Policy)
| Year | With Policy | Without Policy |
|---|---|---|
| Year 1 | 4 | 5 |
| Year 2 | 5 | 5 |
| Year 3 | 6 | 5 |
| Year 5 | 7 | 5 |
| Year 10 | 7 | 4 |
| Year 20 | 6 | 3 |
Cloud Software Developer (New York, NY)
Age: 38 | Gender: male
Wellbeing Before Policy: 9
Duration of Impact: 7.0 years
Commonness: 4/20
Statement of Opinion:
- Guidelines make development secure but might limit innovation to some degree.
- Positive for career growth in government sector.
- Proud to contribute to safer cloud solutions.
Wellbeing Over Time (With vs Without Policy)
| Year | With Policy | Without Policy |
|---|---|---|
| Year 1 | 9 | 9 |
| Year 2 | 9 | 9 |
| Year 3 | 9 | 9 |
| Year 5 | 9 | 8 |
| Year 10 | 9 | 8 |
| Year 20 | 8 | 7 |
Chief Information Security Officer (Denver, CO)
Age: 55 | Gender: female
Wellbeing Before Policy: 7
Duration of Impact: 5.0 years
Commonness: 4/20
Statement of Opinion:
- It increases our accountability but ensures data integrity.
- We need additional resources for the new compliance checks.
- This could bolster our standard practices.
Wellbeing Over Time (With vs Without Policy)
| Year | With Policy | Without Policy |
|---|---|---|
| Year 1 | 6 | 7 |
| Year 2 | 7 | 6 |
| Year 3 | 8 | 6 |
| Year 5 | 8 | 5 |
| Year 10 | 7 | 5 |
| Year 20 | 6 | 4 |
IT Support Specialist (Seattle, WA)
Age: 30 | Gender: male
Wellbeing Before Policy: 6
Duration of Impact: 3.0 years
Commonness: 6/20
Statement of Opinion:
- FedRAMP isn't a focus for us yet, but it's on the horizon.
- Small firms like ours may face challenges entering the FedRAMP space.
- Adaptation can be challenging, but it's necessary for growth.
Wellbeing Over Time (With vs Without Policy)
| Year | With Policy | Without Policy |
|---|---|---|
| Year 1 | 5 | 6 |
| Year 2 | 6 | 6 |
| Year 3 | 6 | 5 |
| Year 5 | 6 | 5 |
| Year 10 | 5 | 5 |
| Year 20 | 4 | 5 |
Cybersecurity Analyst (Raleigh, NC)
Age: 28 | Gender: female
Wellbeing Before Policy: 7
Duration of Impact: 5.0 years
Commonness: 5/20
Statement of Opinion:
- FedRAMP policies translate to better security for the sector.
- Our work will see indirect effects.
- I'm excited about the potential for new projects to meet compliance.
Wellbeing Over Time (With vs Without Policy)
| Year | With Policy | Without Policy |
|---|---|---|
| Year 1 | 7 | 7 |
| Year 2 | 7 | 7 |
| Year 3 | 8 | 7 |
| Year 5 | 8 | 7 |
| Year 10 | 7 | 6 |
| Year 20 | 6 | 5 |
Federal Contract Auditor (Boston, MA)
Age: 42 | Gender: male
Wellbeing Before Policy: 6
Duration of Impact: 5.0 years
Commonness: 2/20
Statement of Opinion:
- New guidelines are welcome for clearer assessment criteria.
- Could increase audit workloads initially.
- It is good for accountability and transparency.
Wellbeing Over Time (With vs Without Policy)
| Year | With Policy | Without Policy |
|---|---|---|
| Year 1 | 6 | 6 |
| Year 2 | 6 | 6 |
| Year 3 | 7 | 6 |
| Year 5 | 7 | 6 |
| Year 10 | 6 | 5 |
| Year 20 | 5 | 4 |
Legal Advisor (Los Angeles, CA)
Age: 32 | Gender: other
Wellbeing Before Policy: 8
Duration of Impact: 8.0 years
Commonness: 4/20
Statement of Opinion:
- The policy implies more business for us, interpreting legal standards.
- The challenge lies in keeping clients up-to-date with changes.
- Important for risk management strategies.
Wellbeing Over Time (With vs Without Policy)
| Year | With Policy | Without Policy |
|---|---|---|
| Year 1 | 8 | 8 |
| Year 2 | 8 | 8 |
| Year 3 | 9 | 8 |
| Year 5 | 9 | 8 |
| Year 10 | 8 | 7 |
| Year 20 | 7 | 6 |
Cost Estimates
Year 1: $75000000 (Low: $50000000, High: $100000000)
Year 2: $80000000 (Low: $55000000, High: $105000000)
Year 3: $85000000 (Low: $60000000, High: $110000000)
Year 5: $90000000 (Low: $65000000, High: $115000000)
Year 10: $95000000 (Low: $70000000, High: $120000000)
Year 100: $120000000 (Low: $90000000, High: $150000000)
Key Considerations
- The bill focuses on improving security and efficiency of cloud services used by federal agencies, which remains a growing and critical area for government operations and trust.
- Initial costs may be high due to setup and implementation of new committees and verification processes, but long-term benefits include enhanced security and potential operational efficiencies.
- The private sector's role is significant as the compliance and services of large cloud providers will be crucial for the bill's success.