ProPublica's investigation reveals that FedRAMP, the federal government's cloud security authorization program, approved Microsoft's GCC High cloud product in December 2024 despite years of unresolved security concerns. Internal documents show FedRAMP reviewers called the package 'a pile of shit' and concluded they lacked

30m read timeFrom propublica.org
Post cover image
Table of contents
Reporting HighlightsA “Cloud First” WorldMicrosoft’s Missing InformationA Fight Over “Spaghetti Pies”Assessors Back-Channel Cyber ConcernsFedRAMP Ends TalksMicrosoft and the Justice Department Push BackPressure Mounts on FedRAMPAuthorization Despite a “Damning” Assessment“Unknown Unknowns” Persist

Sort: