GAO: FedRAMP Lacks Metrics for Communicating Best Practices

GAO has released a study of four e-government projects including the Federal Risk and Authorization Management Program (FedRAMP). 

The GAO report, which included a presentation used for briefing the staff of the Senate Committee on Homeland Security and Governmental Affairs, explained that FedRAMP “has made progress toward developing a governmentwide risk and authorization management program to provide joint security assessment, authorizations, and continuous monitoring of cloud computing services.”

GAO found that FedRAMP had “defined performance metrics addressing the initial adoption of the program by agencies, such as number of customers, but metrics related to goals such as improving consistency and fostering cross-agency knowledge sharing and  communication of best practices had not yet been defined.”

GAO recommended with respect to all of the E-Gov  projects reviewed, that GSA “ensure that performance metrics are developed that align with those project goals, especially those that currently lack such metrics.”

The complete GAO report is attached below.



Leave a Reply

Your email address will not be published.

Please Answer: *