GAO: Agencies Must Fully Implement FedRAMP Cloud Authorization Procedures


The Government Accountability Office has found that more than half of the 24 agencies it surveyed did not always use the Federal Risk and Authorization Management Program when approving cloud services for government use. In a report released Thursday, GAO said that although FedRAMP authorizations increased by 137 percent to 926 over the past two years, 15 agencies failed to fully implement FedRAMP as well as key procedures under the program.

According to GAO, agencies such as the General Services Administration, Environmental Protection Agency, U.S. Agency for International Development and the Department of Health and Human Services need to fully address FedRAMP focus areas including remedial action plans and security assessment reports.

The watchdog also discovered that the Office of Management and Budget “did not effectively monitor” agency compliance with FedRAMP, and that 31 out of 47 cloud service providers reported agencies' procurement of technologies without FedRAMP certification in fiscal 2017.

You may also be interested in...

Lt. Gen. Shaun Morris

Lt. Gen. Shaun Morris on AFLCMC’s Push for 5G, Digital Engineering Efforts

 Lt. Gen. Shaun Morris, commander of the Air Force Life Cycle Management Center (AFLCMC), said in a recent address that the center has invested significantly in technologies like 5G to help promote efficiency across military bases. “As an Air Force, I think it is important to capitalize off what we’ve done and not lose sight of these investments,” said Morris.