Watchdog Finds OMB, GSA Slow to Implement FedRAMP Reforms

The Government Accountability Office has found that the agencies overseeing the Federal Risk and Authorization Management Program have not implemented measures suggested in 2019 to streamline processes and improve enforcement.

A new report reveals that the Office of Management of Budget has not followed the watchdog’s recommendation to monitor federal compliance with FedRAMP when buying cloud services, Nextgov/FCW reported. 

OMB did, however, call on agencies to submit quarterly reports on their use of such services.

According to GAO, at least 11 federal agencies used cloud services not authorized by FedRAMP. The issue could be rooted in a lack of compliance monitoring by OMB, the watchdog said.

Meanwhile, GAO found that the General Services Administration has not followed through on automating aspects of the FedRAMP process. The watchdog noted that the GSA implemented a recommendation to update guidance about program requirements for agencies and cloud providers. 

The report comes after OMB invited the public in late 2023 to comment on draft guidance to reform aspects of FedRAMP.

In December, the FedRAMP project management office released its modernization approach, part of which would establish an architecture to support the automation of stakeholders’ continuous monitoring and documentation submission.