About | HeinOnline Law Journal Library | HeinOnline Law Journal Library | HeinOnline
LOG IN
LOG IN

GAO-22-106195 1 (2022-09-28)

handle is hein.gao/gaonrf0001 and id is 1 raw text is: The Big Picture Federal agencies plan to spend billions of dollars each year to support their IT and cybersecurity efforts, including transitioning IT resources to secure, cost-effective commercial cloud services. Federal agencies can use cloud computing to access IT resources-such as servers that store digital files- through the Internet faster and for less money than it would take to own and maintain such resources. Illustration of a cloud computing environment Servers Applications - - ---Approve/deny cloud access Secure Cloud Storage View/edit files View/share files 4 Sm3?c Source: GAO; images: ST.art/stock.adobe.com. I GAO-22-106195 What GAO's Work Shows Our body of work highlights four main challenges related to the federal government's adoption of cloud services and our recommendations for improvement. Federal agencies have not fully implemented all of the recommendations. 1. Ensuring Cybersecurity In 2011, the Office of Management and Budget (OMB) established the Federal Risk and Authorization Management Program (FedRAMP) to provide a standardized approach for selecting and authorizing the use of cloud services that meet federal security requirements. In December 2019, we reported that, while all 24 major federal agencies were participating in FedRAMP, many of these agencies continued to use cloud services that were not authorized through the program. In addition, the four major agencies we selected for a detailed review did not always: include required information in their cloud system's security plans; summarize security control test results in security assessment reports; and identify required information in remedial action plans that are to list cloud service deficiencies and how they will be mitigated. We found that one cause of these weaknesses was that FedRAMP's requirements and guidance on implementing these control activities were not always clear and the program's process for monitoring the status of security controls over cloud services was limited. > We recommended that OMB hold aencies accountable for authorizing cloud services through FedRAMP. We made an additional 24 recommendations to federal agencies related to improving the implementation of the FedRAMP program, including clarifying guidance on program requirements and responsibilities. 2. Procuring Cloud Services An important part of procuring cloud services is incorporating a service level agreement into the GAO-22-106195 Federal Cloud Computing

What Is HeinOnline?

HeinOnline is a subscription-based resource containing thousands of academic and legal journals from inception; complete coverage of government documents such as U.S. Statutes at Large, U.S. Code, Federal Register, Code of Federal Regulations, U.S. Reports, and much more. Documents are image-based, fully searchable PDFs with the authority of print combined with the accessibility of a user-friendly and powerful database. For more information, request a quote or trial for your organization below.



Contact us for annual subscription options:

Contact Us

Already a HeinOnline Subscriber?

Log In

profiles profiles most