GAO: FedRAMP implementation lacking in government agencies

The U.S. Government Accountability Office has found that the Departments of Homeland Security, Labor, Treasury, and Agriculture have not completely implemented Federal Risk and Authorization Management Program requirements, reports FedScoop. While all 15 cloud systems from the departments audited by the GAO were found to be FedRAMP authorized at one point, only four have been found to completely comply with FedRAMP requirements. "Until the agencies fully implement each of the FedRAMP requirements, they will likely not fully identify the security risk of the system, and ensure they are notified by FedRAMP of any changes to the authorization of the CSP. In addition, there is an increased risk that the CSPs used by the agencies will not fully implement FedRAMP requirements," said the GAO. Such findings have prompted FedRAMP legislation author Rep. Gerry Connolly, D-Va., to urge the integration of security measures in agencies' cloud initiatives. "Embracing new technologies cannot sacrifice product quality, cost, or cybersecurity," said Connolly.