Home / News / Report: SEC Failed to Fully Implement 2017 Cloud Strategy

Report: SEC Failed to Fully Implement 2017 Cloud Strategy

The Securities and Exchange Commission’s  Office of Inspector General released a report stating that the agency “did not fully implement its cloud strategy” and failed to execute an enterprise information technology approach to cloud migration.

According to the report, SEC lacked progress in its 2017 cloud strategy and launched only two pilot programs slated for implementation across an enterprise network. The IG also found that SEC’s contracts didn’t include security requirements and that there were incomplete or missing security assessment reports as well as Federal Risk and Authorization Management Program baseline controls.

“The conditions we observed occurred because the Office of IT  had not developed policies and procedures specific to cloud system security, or adequate processes to ensure compliance with FedRAMP baseline controls and enhancements for which the agency is responsible,” the report noted.

“As a result, the SEC has not yet fully realized the potential performance and economic benefits attributed to cloud computing services.”

Check Also

Symantec Exec Jeff Greene Named NCCoE Director

Jeff Greene, vice president of global government affairs and policy at Symantec, has been appointed director of the National Cybersecurity Center of Excellence, Inside Cybersecurity reported Tuesday.