FedRAMP compliance gaps remain despite increasing adoption

While authorizations of cloud services under the Federal Risk and Authorization Management Program have risen by almost 60% from July 2019 to April 2023, numerous agencies continued to leverage services that were not approved under FedRAMP despite the authorization being required by the Office of Management and Budget, FedScoop reports. Inadequate OMB oversight of federal agencies' FedRAMP compliance has contributed to the persistent utilization of services not authorized under the program, indicating the need for additional effort to deal with continued nonadherence, a report from the Government Accountability Office revealed. Such findings have prompted the GAO to urge the OMB to develop new guidance on monitoring FedRAMP authorization sponsorship costs and issue a final version of proposed FedRAMP guidance. On the other hand, the General Services Administration has been recommended by the report to establish guidelines on facilitating Federal Information Processing Standard requirement adherence among cloud service providers.