While authorizations of cloud services under the Federal Risk and Authorization Management Program have risen by almost 60% from July 2019 to April 2023, numerous agencies continued to leverage services that were not approved under FedRAMP despite the authorization being required by the Office of Management and Budget, FedScoop reports.
Inadequate OMB oversight of federal agencies' FedRAMP compliance has contributed to the persistent utilization of services not authorized under the program, indicating the need for additional effort to deal with continued nonadherence, a report from the Government Accountability Office revealed. Such findings have prompted the GAO to urge the OMB to develop new guidance on monitoring FedRAMP authorization sponsorship costs and issue a final version of proposed FedRAMP guidance.
On the other hand, the General Services Administration has been recommended by the report to establish guidelines on facilitating Federal Information Processing Standard requirement adherence among cloud service providers.
Several new features have been added by DevOps security firm Cycode to its application security posture management platform led by the inclusion of generative artificial intelligence into its Risk Intelligence Graph, reports SiliconAngle.
Incident response firm BreachQuest has been purchased for an undisclosed amount by cyber risk management provider Resilience to facilitate more efficient cyber incident response efforts, SiliconAngle reports.