Federal agencies are falling short on following the rules and regulations of cloud security. The Council of Inspectors General looked at 77 different cloud computing contracts at 19 different agencies and found most are not following FedRAMP guidelines and federal best practices.

The total value of all the contracts the IG investigated is about $1.5 billion. More than two thirds aren’t meeting FedRAMP compliance rules: that’s 59 out of the 77 contracts. The Council also says the Joint Authorization Board that’s part of the FedRAMP approval process doesn’t have enough authority to make sure agencies keep complying with the rules. The IG says there aren’t any penalties for agencies that don’t comply and there aren’t laws to enforce compliance, either.

Copyright © 2025 Federal News Network. All rights reserved. This website is not intended for users located within the European Economic Area.