The U.S. Department of Agriculture (USDA), the Department of Homeland Security (DHS), the Department of Labor (DoL), and the Department of Treasury have not fully applied cloud security practices, according to a new report from the Government Accountability Office (GAO).
The report, which was released on May 18, finds that USDA, DHS, Labor, and Treasury varied in their efforts to implement the six key cloud security practices. Those are defined security responsibilities; documented identity, credential, and access management (ICAM) policies and procedures; implemented continuous monitoring; defined security metrics; addressed Federal Risk and Authorization Management Program (FedRAMP) requirements; and documented procedures for incident response and recovery.