AGENCY:

Office of Management and Budget.

ACTION:

Notice of public comment period.

SUMMARY:

The Office of Management and Budget (OMB) is seeking public comment on a proposed memorandum titled, Modernizing the Federal Risk Authorization Management Program (FedRAMP).

DATES:

The public comment period begins on October 27, 2023, and ends November 27, 2023.

ADDRESSES:

The proposed memorandum is available at https://www.cio.gov/​policies-and-priorities/​FedRAMP/​.

Submission of comments is voluntary. Please submit comments via https://www.regulations.gov, a Federal website that allows the public to find, review, and submit comments on documents that agencies have published in the Federal Register and that are open for comment. Simply type “OMB–2023–0021” in the search box, click “Search,” click the “Comment” button underneath “Request for Comments on Proposed Guidance for Modernizing the Federal Risk Authorization Management Program (FedRAMP),” and follow the instructions for submitting comments. All comments received will be posted to https://www.regulations.gov, so commenters should not include information they do not wish to be posted ( e.g., personal or confidential business information). Additionally, the OMB System of Records Notice, OMB Public Input System of Records, OMB/INPUT/01 includes a list of routine uses associated with the collection of this information.

FOR FURTHER INFORMATION CONTACT:

Carol Bales, OMB, at 202.395.9915 or cbales@omb.eop.gov or Eric Mill, at 202.881.7182 or Eric.R.Mill@omb.eop.gov.

SUPPLEMENTARY INFORMATION:

The Office of Management and Budget (OMB) proposes to issue updated guidance to Federal agencies on the Federal Risk Authorization Management Program (FedRAMP). In December 2011, OMB issued Security Authorization of Information Systems in Cloud Computing Environments, establishing the Federal Risk Authorization Management Program to accelerate the secure adoption of cloud services. In 2022, recognizing the value that FedRAMP has provided to Federal agencies and to industry, Congress established FedRAMP in statute through the FedRAMP Authorization Act (“the Act”), 44 U.S.C. 3607–3616, as a program of the General Services Administration (GSA) that is overseen by a Board consisting of technology leaders drawn from Federal agencies.

The Act further provides for OMB to issue guidance to define the categories of cloud products and services within the scope of the FedRAMP program and to describe additional responsibilities of the FedRAMP Program Management Office (PMO) and Board beyond those assigned by the Act. OMB also has a general responsibility under the Act to oversee the effectiveness of FedRAMP and to encourage consistency in agencies' adoption and use of secure cloud services.

The proposed memorandum would support the Biden-Harris Administration's goals for modernizing Federal information technology and has been prepared by the Office of Management and Budget in consultation with key stakeholders.