Many agencies still not using FedRAMP for cloud providers, GAO says

Best listening experience is on Chrome, Firefox or Safari. Subscribe to Federal Drive’s daily audio interviews on Apple Podcasts or PodcastOne.

After several years, a consortium of agencies has been working on FedRAMP, a program to certify cybersecurity of cloud computing services providers. The idea is, if a service has a FedRAMP seal, then every agency doesn’t have to test that service itself. But a recent look-see by the Government Accountability Office found that many agencies don’t use FedRAMP when hooking up with cloud providers. For more, Federal Drive with Tom Temin turned to GAO’s director of information security issues, Gregory Wilshusen.