Federal cyber experts called Microsoft’s cloud a "pile of shit," approved it anyway
Summary
The article details a ProPublica investigation into FedRAMP's authorization of Microsoft GCC High despite missing security documentation and ongoing concerns about encryption and data flow. It traces years of review, back-and-forth among FedRAMP, the Justice Department, and third-party assessors, and highlights political and organizational factors that allowed a cloud service with unresolved security issues to obtain federal approval. The piece raises questions about oversight, security theater, and how such approvals affect government and contractor risk.