The Government Accountability Office has found that more than half of the 24 agencies it surveyed did not always use the Federal Risk and Authorization Management Program when approving cloud services for government use. In a report released Thursday, GAO said that although FedRAMP authorizations increased by 137 percent to 926 over the past two years, 15 agencies failed to fully implement FedRAMPÂ as well as key procedures under the program.
According to GAO, agencies such as the General Services Administration, Environmental Protection Agency, U.S. Agency for International Development and the Department of Health and Human Services need to fully address FedRAMP focus areas including remedial action plans and security assessment reports.
The watchdog also discovered that the Office of Management and Budget âdid not effectively monitorâ agency compliance with FedRAMP, and that 31 out of 47 cloud service providers reported agencies’ procurement of technologies without FedRAMP certification in fiscal 2017.