FedRAMP Authorizes Microsoft's GCC High Despite Flaws
ProPublica reports that in late 2024 FedRAMP authorized Microsoft's Government Community Cloud High despite persistent gaps in encryption documentation and security evidence. Reviewers found missing diagrams and unresolved doubts dating to 2020, yet authorization proceeded as GCC High was already widely deployed across federal agencies. The findings highlight FedRAMP understaffing, a $10 million annual budget, and risks to federal cloud-security assurance.
Key Points
- 1FedRAMP authorizes GCC High despite missing detailed encryption documentation since 2020
- 2Microsoft's incomplete disclosures and wide deployment pressured reviewers amid prior major cyberattacks
- 3Government agencies and defense sector now rely on potentially unverifiable cloud protections, raising security risks
Scoring Rationale
ProPublica's exclusive reporting using internal memos reveals a significant procedural failure with broad federal impact, giving high novelty, scope, and credibility. The score is boosted by authoritative sourcing and same-day publication; limited technical remediation details prevent a slightly higher score.
Sources
Public references used for this report.
Practice interview problems based on real data
1,625 SQL & Python problems across 15 industry datasets — the exact type of data you work with.
Try 250 free problems