FedRAMP is 14 years old – and Feds are still relying on unauthorized cloud services
Some CSPs also moaned that its was “costly and time consuming” to meet FedRAMP’s technical and process requirements...
US government agencies are continuing to use non FedRAMP-compliant cloud services, 14 years after the Office of Budget and Management established the programme to ensure providers met federal security requirements.
Agencies are also paying wildly different amounts to ensure suppliers past muster, with costs ranging from the tens of thousands of dollars, to almost a million.