Description:
S. 3099 would codify and expand the responsibilities of the Federal Risk and Authorization Management Program (FedRAMP) within the General Services Administration (GSA). The bill would establish a standardized approach to acquiring and using security assessment and cloud-computing products and services. The bill also would establish the Federal Secure Cloud Advisory Committee to examine how the assessment and selection processes could be improved. FedRAMP is currently part of GSA’s Federal Citizens Services Fund which provides funds to federal agencies to build capacity for conducting activities electronically. The fund received $55 million in 2021. Using information from GSA regarding the FedRAMP program as well as the cost of other advisory committees, CBO estimates that implementing S. 3099 would cost about $50 million over the 2022-2026 period, assuming appropriation of the estimated amounts. CBO estimates that most of that cost would be to automate security assessments and to adopt new oversight procedures required under the bill. There would be small costs each year to establish and operate the advisory committee. The costs of the legislation (detailed in Table 1) fall within budget function 800 (general government). CBO expects that the bill will be enacted late in fiscal year 2022 and thus any costs in that year would be insignificant.
