본문 바로가기 주메뉴 바로가기
국회도서관 홈으로 정보검색 소장정보 검색

결과 내 검색

동의어 포함

목차보기

Title page 1

Contents 3

Highlights 2

Letter 6

Background 9

Federal Legislation and Guidance on Cloud Service Cybersecurity 9

Modernization of FedRAMP through the FedRAMP 20x Initiative 11

Agencies Can Select from Various Cloud Service Models 14

Guidance on Key Cloud Security Practices 14

Agencies and Providers Share Cybersecurity Responsibilities 16

GAO Has Previously Reported on Agencies' Efforts to Secure Cloud Systems 17

Selected Agencies Have Not Fully Implemented Key Cloud Security Practices 19

Agencies Did Not Fully Implement Continuous Monitoring for Their Selected Systems 21

Three of Four Agencies Did Not Fully Document Incident Response and Recovery Procedures for Their Selected Systems 24

Half of the Agencies' Service Level Agreements Defined Performance Metrics for Both Selected Systems 27

Conclusions 29

Recommendations for Executive Action 30

Agency Comments and Our Evaluation 32

Appendix I: Objective, Scope, and Methodology 34

Appendix II: Comments from the U.S. Department of State 38

Appendix III: Comments from the U.S. Department of Transportation 41

Appendix IV: Comments from the Department of Veteran Affairs 42

Appendix V: GAO Contact and Staff Acknowledgments 46

Tables 3

Table 1. Agency Implementation of Continuous Monitoring Practices 22

Table 2. Agency Documented Procedures for Responding to and Recovering from Security and Privacy Incidents for the Cloud System 25

Table 3. Agency Implementation of a Service Level Agreement (SLA) with Cloud Service Provider That Defined Performance Metrics 28

Table 4. Evaluation Criteria Associated with Key Cloud Security Practices 36

Figures 4

Figure 1. Timeline of Guidance and Future Plans for the Federal Risk and Authorization Management Program (FedRAMP) as of April 2026 13

Figure 2. Shared Responsibilities Between Agencies and Cloud Service Providers Within Key Cloud Security Practices 17

Figure 3. Summary of Selected Agencies' Implementation of Key Cloud Security Practices 20