Data Management

Are Government Agencies Complying with FedRAMP?

CloudWedge
CloudWedge
2 Min Read

United States Capitol Building, The National Mall, Washington, DC

United States Capitol Building, The National Mall, Washington, DC

FedRAMP is the much politicized cloud initiative in which cloud vendors must satisfy certain requirements in order to be considered for federal cloud projects. CIO.gov mentions that FedRAMP provides a “Standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services.”

Inspector generals at nearly 20 US federal government agencies have concluded that cloud services outside of FedRAMP approved services are being utilized within the government agencies that they audited. This past summer, the US government imposed a deadline for FedRAMP vendor’s approval and many agencies seemed to have overlooked the deadline and went forward with their cloud endeavors anyways. A report a NextGov mentions that the agencies will face little to no consequences for bypassing this deadline.

More Read

ICO and GDPR

Can ICO Data Awareness Campaigns Create More Trust In Crypto?

4 Benefits for the Public Sector when Governments Start Using Big Data
Bigger Data, Better Intelligence for Government
Big Data Success in Government
Big Data Fights Crime: The FBI’s Next Generation Identification

The report filed by an inspector general blasted government agencies for not adhering to FedRAMP saying, “The failure of the cloud system to address and meet FedRAMP security controls increases the risk that federal program data may be compromised, intercepted or lost, which could expose the data to unauthorized parties.” The audit findings show an even bigger problem in government IT. The auditors concluded that the missed deadlines and non-approved systems being used are a direct result of a lack of leadership within the agencies IT departments. The report at NextGov does not begin to name specific agencies and their report concludes that the auditing agency neither “has the authority to enforce FedRAMP compliance within the individual agencies.” The report goes on to say that “there is no discernable penalty for noncompliance and no singular governing body with the authority to enforce compliance.”

The report published by the inspector generals and NextGov is alarming for American citizens. From both an information security perspective as well as a “Bang for your tax dollars” perspective, the auditor’s findings conclude that the risks found also “increases the risk that agencies could misspend or ineffectively use government funds.”

TAGGED:
Share This Article

Follow us on Facebook

Latest News

sobm for ai-driven cybersecurity
Software Bill of Materials is Crucial for AI-Driven Cybersecurity
Security
IT budgeting for data-driven companies
IT Budgeting Practices for Data-Driven Companies
IT
machine,translation
Translating Artificial Intelligence: Learning to Speak Global Languages
Artificial Intelligence
data science upskilling
Upskilling for Emerging Industries Affected by Data Science
Big Data

Stay Connected

Lost your password?