“The Federal Risk and Authorization Management Program, a key vehicle used to certify cloud projects for cybersecurity, experienced some notable growing pains early on in terms of speed and agility, but has seen its usage shoot up over the past three years.”
“According to a survey of 24 federal agencies conducted as part of an audit by the Government Accountability Office, FedRAMP authorizations have jumped from 390 to 926 between June 2017 and June 2019. While that means hundreds of additional government cloud projects are being vetted for cybersecurity every year, the report makes clear that many of those same agencies are still going rogue.”
“Since 2014, the Office of Management and Budget has required executive branch agencies to use FedRAMP, run out of the General Services Administration, for all cloud projects. However, 15 of the 24 agencies surveyed reported that they used cloud services not authorized through FedRAMP.” Read the full article here.
Source: More agencies are using FedRAMP, but some are still going rogue – By Derek B. Johnson, December 13, 2019. FCW.