A lot of the focus on the annual Defense authorization is about the funding levels and policy changes for the Pentagon.
But as anyone who has been in the federal market for at least a year knows, the National Defense Authorization Act is a catch all for legislation and provisions that matter to all agencies. These range from cybersecurity to acquisition to management. Congress passed the 2021 NDAA conference report Dec. 3.
With so many to choose from, here are 10 policy changes that passed and six that failed to make the cut that are among the most interesting and/or significant.
Let’s start off with those that failed because they have some of the more interesting backstories and surprises.
FedRAMP Authorization Act
The House passed the bill as a standalone in February. It passed again as part of its version of the NDAA in July. Among the things the legislation would do is codify the cloud security program known as the Federal Risk Authorization Management Program (FedRAMP) and would require agencies to provide a “presumption of adequacy” to vendors that are already FedRAMP-certified from…