A study conducted by the Government Accountability Office found that some federal agencies have been using cloud services that were not covered by the Office of Management and Budget’s Federal Risk and Authorization Management Program.
The government watchdog on Thursday recommended that OMB update FedRAMP guidance to help agencies track and reduce the cost of applying for FedRAMP authorization.
Use of FedRAMP increased 60 percent from 2019 to 2023, but some government departments still do not use the process to procure services such as cloud security, GAO wrote. Reports from both federal entities and cloud service providers, or CSPs, cited delays in stakeholder response when they apply for authorization, with some CSPs failing to submit complete documentation.
The challenges have prompted OMB to revise its FedRAMP guidance to improve the efficiency of the program. However, OMB has not implemented the new version, which includes monitoring and reporting agencies’ use and spending on the authorization process.
OMB has so far not expressed its intention to follow GAO recommendations from the report.