- GAO has reported that outdated regulations and policy gaps continue to complicate federal cloud acquisitions
- Agencies have identified cloud cost management as one of the most common challenges in adopting cloud services
- Conflicting guidance from federal oversight organizations has created uncertainty around software and cloud procurement decisions
The Government Accountability Office has urged Congress and federal agencies to address regulatory and operational barriers affecting cloud service acquisitions in government, citing outdated acquisition rules and ongoing implementation challenges.
The Potomac Officers Club’s 2026 FedCiv Summit on Oct. 29 will bring together government and industry leaders to discuss AI adoption, cybersecurity, infrastructure modernization and other priorities shaping the federal civilian market. Sign up now.
What Challenges Did Agencies Report?
In a report published Tuesday, GAO said that, in its review of 24 Chief Financial Officers Act agencies, officials primarily relied on historical procurement data when making cloud acquisition decisions. The agencies also identified several recurring obstacles to cloud adoption.
Seventeen agencies reported challenges controlling cloud costs, while an equal number cited confusion stemming from conflicting software guidance issued by the Office of Management and Budget and the National Institute of Standards and Technology. Fifteen agencies said outdated Federal Acquisition Regulation provisions hindered cloud procurements, and another 15 reported difficulties obtaining authorized cloud offerings.
What Issues Remain Unresolved?
According to GAO, agencies have taken steps to address cloud cost management, staffing limitations and access to authorized cloud services. However, challenges involving conflicting software guidance, outdated acquisition regulations and multi-vendor cloud environments remain.
The watchdog noted that the FAR lacks a definition of cloud computing and relies on IT definitions that have not kept pace with current technology and acquisition practices.
What Recommendations Did GAO Make?
GAO recommended that Congress consider updating statutory definitions related to commercial products, commercial services, IT and cloud computing. The office also issued recommendations to the General Services Administration, the Department of Homeland Security and the Federal CIO Council.
Among the recommendations, GAO called for broader adoption of financial operations practices, additional software bill of materials implementation guidance from the Cybersecurity and Infrastructure Security Agency and the sharing of leading practices for managing multi-vendor cloud environments among federal agencies.
