Cloud Computing Security: Agencies Increased Their Use of the Federal Authorization Program, but Improved Oversight and Implementation Are Needed

Abstract

Federal agencies use internet-based (cloud) services to fulfill their missions. GSA manages FedRAMP, which provides a standardized approach to ensure that cloud services meet federal security requirements. OMB requires agencies to use FedRAMP to authorize the use of cloud services. GAO was asked to review FedRAMP. The objectives were to determine the extent to which 1) federal agencies used FedRAMP to authorize cloud services, 2) selected agencies addressed key elements of the programs authorization process, and 3) program participants identified FedRAMP benefits and challenges. GAO analyzed survey responses from 24 federal agencies and 47 cloud service providers. GAO also reviewed policies, plans, procedures, and authorization packages for cloud services at four selected federal agencies and interviewed officials from federal agencies, the FedRAMP program office, and OMB.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
Dec 01, 2019
Accession Number
AD1116066

Entities

People

  • Gregory C. Wilshusen

Organizations

  • United States Government Accountability Office

Tags

Communities of Interest

  • Biomedical
  • Cyber

DTIC Thesaurus Topics

  • Application Software
  • Business Administration
  • Commerce
  • Congress
  • Cybersecurity
  • Department Of Defense
  • Department Of Homeland Security
  • Electronic Mail
  • Homeland Security
  • Information Processing
  • Information Systems
  • Personnel Management
  • Reliability
  • Small Business
  • Social Media
  • United States
  • United States Government

Readers

  • Enterprise Information Systems Architecture and Joint Command Capability Interoperability Support.
  • Government and Public Administration Law.

Technology Areas

  • Cyber