Cybersecurity : selected agencies need to better protect cloud data

(사이버 보안 : 미국 일부 기관의 클라우드 데이터 보호 개선 방향)

목차

Title page 1


Contents 3


Highlights 2


Letter 6


Background 9


Federal Legislation and Guidance on Cloud Service Cybersecurity 9


Modernization of FedRAMP through the FedRAMP 20x Initiative 11


Agencies Can Select from Various Cloud Service Models 14


Guidance on Key Cloud Security Practices 14


Agencies and Providers Share Cybersecurity Responsibilities 16


GAO Has Previously Reported on Agencies' Efforts to Secure Cloud Systems 17


Selected Agencies Have Not Fully Implemented Key Cloud Security Practices 19


Agencies Did Not Fully Implement Continuous Monitoring for Their Selected Systems 21


Three of Four Agencies Did Not Fully Document Incident Response and Recovery Procedures for Their Selected Systems 24


Half of the Agencies' Service Level Agreements Defined Performance Metrics for Both Selected Systems 27


Conclusions 29


Recommendations for Executive Action 30


Agency Comments and Our Evaluation 32


Appendix I: Objective, Scope, and Methodology 34


Appendix II: Comments from the U.S. Department of State 38


Appendix III: Comments from the U.S. Department of Transportation 41


Appendix IV: Comments from the Department of Veteran Affairs 42


Appendix V: GAO Contact and Staff Acknowledgments 46


Table 1. Agency Implementation of Continuous Monitoring Practices 22


Table 2. Agency Documented Procedures for Responding to and Recovering from Security and Privacy Incidents for the Cloud System 25


Table 3. Agency Implementation of a Service Level Agreement (SLA) with Cloud Service Provider That Defined Performance Metrics 28


Table 4. Evaluation Criteria Associated with Key Cloud Security Practices 36


Figure 1. Timeline of Guidance and Future Plans for the Federal Risk and Authorization Management Program (FedRAMP) as of April 2026 13


Figure 2. Shared Responsibilities Between Agencies and Cloud Service Providers Within Key Cloud Security Practices 17


Figure 3. Summary of Selected Agencies' Implementation of Key Cloud Security Practices 20


해시태그

#미국 #미국정부 #미국정부기관 #사이버보안 #클라우드보안

관련자료

AI 요약·번역·분석 서비스

AI를 활용한 보고서 요약·번역과 실시간 질의응답 서비스입니다.

Cybersecurity : selected agencies need to better protect cloud data

(사이버 보안 : 미국 일부 기관의 클라우드 데이터 보호 개선 방향)

번역 PDF 파일의 원문 형태 그대로 번역

국가전략포털에서 실시간 AI 질의응답 서비스를 시작합니다. 4가지 유형의 요약과 번역을 이용해보시고, 보고서에 대해 추가로 알고 싶은 내용이 있으면 채팅창을 통해 자유롭게 AI에게 물어볼 수 있습니다.

※ 제공하는 정보는 참고용이며, 정확한 사실 확인이 필요할 수 있습니다. 민감한 개인정보는 입력하지 마십시오.