Cloud Security Bill Passes in House With Senate Path Uncertain

Bloomberg Government subscribers get the stories like this first. Act now and gain unlimited access to everything you need to know. Learn more.

The House on Thursday passed a bill to improve the security of the federal government’s cloud services, but division over a separate cybersecurity bill imperils its chances in the Senate.

The bill, the FedRAMP Authorization Act (H.R. 8956) from Rep. Gerry Connolly (D-Va.), would formally authorize the Federal Risk and Authorization Management Program, which governs risk management and monitoring for government cloud services.

Congress and the Government Accountability Office score agencies on their migration of data and tools to the cloud, work that is primarily performed by contractors. The market for federal agency cloud services was at least $10.5 billion for fiscal 2022 — a figure that will climb higher when full data from Pentagon data is reported in January.

The bill is unlikely to pass in the Senate, where one key lawmaker — Homeland Security and Governmental Affairs ranking member Rob Portman (R-Ohio) — remains committed to attaching it to another bill that would update the Federal Information Security Management Act, two people familiar with the discussions said. House and Senate lawmakers are still negotiating the second bill, a spokesperson for House Oversight and Reform Committee Democrats said.

Portman’s office did not respond to a request for comment.

FISMA proposals in both chambers would require federal agencies to report data breaches in certain circumstances and perform federal cybersecurity risk assessments on a continuous basis. The House Oversight and Reform Committee approved a version (H.R. 6497) in February, while the Senate passed a bill with a similar proposal (S. 3600) in March.

Oversight Chair Carolyn Maloney (D-N.Y.) said she no longer has disagreements with the Senate on FISMA. “We want to pass the bill,” Maloney said. “It’s a national security issue, it makes the country stronger, and we should all be for it.”

If the FedRAMP bill doesn’t pass the Senate as a standalone, lawmakers will push for its inclusion in the annual must-pass National Defense Authorization Act, a House staffer said.

To contact the reporter on this story: Maria Curi in Washington at

To contact the editors responsible for this story: Sarah Babbage at; Amanda H. Allen at

Stay informed with more news like this – from the largest team of reporters on Capitol Hill – subscribe to Bloomberg Government today. Learn more.