GAO: Agencies Must Fully Implement FedRAMP Cloud Authorization Procedures

The Government Accountability Office has found that more than half of the 24 agencies it surveyed did not always use the Federal Risk and Authorization Management Program when approving cloud services for government use. In a report released Thursday, GAO said that although FedRAMP authorizations increased by 137 percent to 926 over the past two years, 15 agencies failed to fully implement FedRAMP as well as key procedures under the program.

According to GAO, agencies such as the General Services Administration, Environmental Protection Agency, U.S. Agency for International Development and the Department of Health and Human Services need to fully address FedRAMP focus areas including remedial action plans and security assessment reports.

The watchdog also discovered that the Office of Management and Budget “did not effectively monitor” agency compliance with FedRAMP, and that 31 out of 47 cloud service providers reported agencies' procurement of technologies without FedRAMP certification in fiscal 2017.

Check Also

Air Force

USAF Tests New Tactical Data Link for Air Operations; Lt. Col. Bradley Rueter Quoted

The U.S. Air Force has conducted a test of a new tactical data link designed to boost situational awareness across airmen, C4ISRnet reported Thursday. USAF's Air Mobility Command delivered high bandwidth and accelerated data processing with the data link in a test that took place Sunday.