Accession Number:

AD1116066

Title:

Cloud Computing Security: Agencies Increased Their Use of the Federal Authorization Program, but Improved Oversight and Implementation Are Needed

Descriptive Note:

Technical Report

Corporate Author:

United States Government Accountability Office Washington United States

Personal Author(s):

Report Date:

2019-12-01

Pagination or Media Count:

87.0

Abstract:

Federal agencies use internet-based cloud services to fulfill their missions. GSA manages FedRAMP, which provides a standardized approach to ensure that cloud services meet federal security requirements. OMB requires agencies to use FedRAMP to authorize the use of cloud services. GAO was asked to review FedRAMP. The objectives were to determine the extent to which 1 federal agencies used FedRAMP to authorize cloud services, 2 selected agencies addressed key elements of the programs authorization process, and 3 program participants identified FedRAMP benefits and challenges. GAO analyzed survey responses from 24 federal agencies and 47 cloud service providers. GAO also reviewed policies, plans, procedures, and authorization packages for cloud services at four selected federal agencies and interviewed officials from federal agencies, the FedRAMP program office, and OMB.

Subject Categories:

  • Computer Systems Management and Standards
  • Information Science

Distribution Statement:

APPROVED FOR PUBLIC RELEASE