GAO has released a study of four e-government projects including the Federal Risk and Authorization Management Program (FedRAMP).
The GAO report, which included a presentation used for briefing the staff of the Senate Committee on Homeland Security and Governmental Affairs, explained that FedRAMP “has made progress toward developing a governmentwide risk and authorization management program to provide joint security assessment, authorizations, and continuous monitoring of cloud computing services.”
GAO found that FedRAMP had “defined performance metrics addressing the initial adoption of the program by agencies, such as number of customers, but metrics related to goals such as improving consistency and fostering cross-agency knowledge sharing and communication of best practices had not yet been defined.”