GAO: Agencies Must Fully Implement FedRAMP Cloud Authorization Procedures

The Government Accountability Office has found that more than half of the 24 agencies it surveyed did not always use the Federal Risk and Authorization Management Program when approving cloud services for government use. In a report released Thursday, GAO said that although FedRAMP authorizations increased by 137 percent to 926 over the past two years, 15 agencies failed to fully implement FedRAMP as well as key procedures under the program.

According to GAO, agencies such as the General Services Administration, Environmental Protection Agency, U.S. Agency for International Development and the Department of Health and Human Services need to fully address FedRAMP focus areas including remedial action plans and security assessment reports.

The watchdog also discovered that the Office of Management and Budget “did not effectively monitor” agency compliance with FedRAMP, and that 31 out of 47 cloud service providers reported agencies' procurement of technologies without FedRAMP certification in fiscal 2017.

Check Also

COVID-19

Rep. Jennifer Wexton, Sen. Mazie Hirono Introduce Bill Mandating Research Into COVID-19 Disinformation

Rep. Jennifer Wexton, D-Va., and Sen. Mazie Hirono, D-Hawaii, have introduced legislation authorizing the National Science Foundation (NSF) and National Academies of Science, Engineering, and Medicine to conduct research into disinformation during the COVID-19 pandemic. Wexton and Hironi will hold a virtual roundtable on Tuesday, Sept. 29th to discuss the legislation.