GSA IG dings FedRAMP on goals and objectives
The Federal Risk and Authorization Management Program needs to clarify its mission, goals and objectives to better measure its effectiveness in helping agencies adopt cloud services, according to an audit by the General Services Administration's inspector general.
The governmentwide FedRAMP program works with agencies, cloud service providers and third-party assessment organizations to provide a standardized, cost-effective approach for agencies deploying cloud products and services.
In its March 21 report, GSA's watchdog found that the FedRAMP program management office's goals and objectives are not clear and concise enough to assess if it is effectively accomplishing its mission. Rather than following the form recommended by the Office of Management and Budget for mission statements, for example, FedRAMP's version is not "focused or easily communicated, creating confusion as to its central purpose and vision of what needs to be accomplished," the IG said.
Likewise, FedRAMP's objectives lack the specifics and metrics that would help it clarify its goals and better communicate results. The IG's third finding calls out misalignment in FedRAMP's mission, goals, and objectives, which also limits its ability to assess effectiveness.
The Federal Acquisition Service commissioner agreed with the audit recommendations.
Connect with the GCN staff on Twitter @GCNtech.