Most Federal Cloud Decision Makers Frustrated With Risk Program

Published
  • May 25 2016, 6:30am EDT

Nearly four out of five U.S. federal government cloud decision makers (79%) are frustrated with the Federal Risk and Authorization Management Program (FedRAMP), most commonly calling the process, “a compliance exercise,” according to a new report from MeriTalk, a public-private partnership focused on improving the outcomes of government IT.

Despite the General Service Administration’s (GSA) push to fix the process, 41% of the 150 decision makers surveyed online in April 2016 are unfamiliar with GSA’s plans to remedy FedRAMP.

The report also found that decision makers are frustrated with the lack of transparency into the FedRAMP process and unsatisfied with its efforts to increase security. More than half (55%) do not think FedRAMP has increased security.

While some think FedRAMP has successfully reduced duplicative efforts, many said the process is still too slow. Federal cloud decision makers remain uncertain about the process, with some ignoring the program entirely even though it is mandatory for federal agency cloud deployments and service models at the low and moderate risk impact levels.

Nearly one in five of those surveyed (17%) said FedRAMP compliance does not factor into their cloud decisions, while 59% would consider a non-FedRAMP-compliant cloud.

“Despite efforts to improve, FedRAMP remains cracked at the foundation,” said Steve O’Keeffe, founder of MeriTalk. “We need a FedRAMP fix,” including improved guidance, simplified process and increased transparency, O’Keeffe said.

Register or login for access to this item and much more

All Information Management content is archived after seven days.

Community members receive:
  • All recent and archived articles
  • Conference offers and updates
  • A full menu of enewsletter options
  • Web seminars, white papers, ebooks

Don't have an account? Register for Free Unlimited Access