Cloud Security, Critical Infrastructure Security

GAO: FedRAMP implementation lacking in government agencies

The U.S. Government Accountability Office has found that the Departments of Homeland Security, Labor, Treasury, and Agriculture have not completely implemented Federal Risk and Authorization Management Program requirements, reports FedScoop. While all 15 cloud systems from the departments audited by the GAO were found to be FedRAMP authorized at one point, only four have been found to completely comply with FedRAMP requirements. "Until the agencies fully implement each of the FedRAMP requirements, they will likely not fully identify the security risk of the system, and ensure they are notified by FedRAMP of any changes to the authorization of the CSP. In addition, there is an increased risk that the CSPs used by the agencies will not fully implement FedRAMP requirements," said the GAO. Such findings have prompted FedRAMP legislation author Rep. Gerry Connolly, D-Va., to urge the integration of security measures in agencies' cloud initiatives. "Embracing new technologies cannot sacrifice product quality, cost, or cybersecurity," said Connolly.

Related

LockBit-leaked DC city agency data from third party

Washington, D.C.'s Department of Insurance, Securities and Banking has disclosed that 800GB of data claimed to have been stolen by the LockBit ransomware operation was obtained from an attack against third-party software provider Tyler Technologies following the ransomware gang's threats to expose 1GB of the exfiltrated data to coerce the agency into providing the demanded ransom, reports The Record, a news site by cybersecurity firm Recorded Future.

Related Events

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.