Home / Civilian / GAO: Agencies Must Fully Implement FedRAMP Cloud Authorization Procedures

GAO: Agencies Must Fully Implement FedRAMP Cloud Authorization Procedures

The Government Accountability Office has found that more than half of the 24 agencies it surveyed did not always use the Federal Risk and Authorization Management Program when approving cloud services for government use. In a report released Thursday, GAO said that although FedRAMP authorizations increased by 137 percent to 926 over the past two years, 15 agencies failed to fully implement FedRAMP as well as key procedures under the program.

According to GAO, agencies such as the General Services Administration, Environmental Protection Agency, U.S. Agency for International Development and the Department of Health and Human Services need to fully address FedRAMP focus areas including remedial action plans and security assessment reports.

The watchdog also discovered that the Office of Management and Budget “did not effectively monitor” agency compliance with FedRAMP, and that 31 out of 47 cloud service providers reported agencies' procurement of technologies without FedRAMP certification in fiscal 2017.

Check Also

Navy Chief Adm. Michael Gilday Asks for Higher Budget to Pursue Plans

Adm. Michael Gilday, chief of naval operations, said the U.S. Navy needs a higher budget to comply with the Trump administration's demands, Defense News reported Tuesday. He said at the Surface Navy Association's annual symposium that the service branch's Columbia-class submarine program has been taking too much a percentage of the budget.