RE: https://mastodon.social/@arstechnica/116251396219143666

Microsoft is actively hiding and suppressing this article from Bing search results. Try searching for "fedramp microsoft site:arstechnica.com" (without quotes!). This also impacts search engines such as DuckDuckGo.

Copilot also seems to be blocking anything related to "Microsoft" "FedRAMP" and "certification", although this could be an issue on my end with failing Cloudflare bot checks.

#Microsoft #Bing #FedRAMP #DuckDuckGo #InfoSec

Federal Cyber Experts Thought Microsoft’s Cloud Was “A Pile Of Shit.” They Approved It Anyway.

https://fed.brid.gy/r/https://www.techdirt.com/2026/04/01/federal-cyber-experts-thought-microsofts-cloud-was-a-pile-of-shit-they-approved-it-anyway/

FedRAMP is moving faster than ever. With the new "FedRAMP 20x" initiative and the shift toward Rev 5, the days of manual spreadsheets and quarterly reviews are gone.
If you're managing containerized workloads, the 30-day scanning window isn't just a suggestion—it's a requirement for your ATO.

Are you prepared for the new pace of federal compliance?

We've compiled the most common questions into our FedR... https://anchore.com/fedramp/fedramp-overview/
#FedRAMP #DevSecOps #SBOM #NIST #Cybersecurity #PublicSectorIT

I teach cybersecurity. And I genuinely don't know what to tell my students after this one. Federal reviewers spent years trying to get basic encryption documentation from Microsoft for its GCC High government cloud. They couldn't get it. One reviewer called the system a "pile of spaghetti pies," with data traveling from point A to point B the way you'd get from Chicago to New York: a bus to St. Louis, a ferry to Pittsburgh, and a flight to Newark. Each leg is a potential hijacking. They knew this. They said this out loud in writing. Then they approved it anyway in December 2024, because too many agencies were already using it. 🔐 That's not a security review. That's a hostage negotiation. Two things in this story should make every CISO and CIO uncomfortable:

🧩 Microsoft built its federal cloud on top of decades of legacy code that it apparently can't fully document itself
👮 "Digital escorts" often ex-military with minimal software engineering backgrounds are the firewall between Chinese engineers working on the system and classified U.S. networks 🤦🏻‍♂️

The scariest line in the whole ProPublica investigation isn't the "pile of shit" quote. It's this: FedRAMP determined that refusing authorization wasn't feasible because agencies were already using the product. Read that again. The security review process reached a conclusion based on sunk cost, not risk. Ex Post Facto Fallacy

If that logic holds, the compliance framework is just documentation theater. And right now, CISA is being hollowed out, so there are fewer people left to even run the theater.

https://arstechnica.com/information-technology/2026/03/federal-cyber-experts-called-microsofts-cloud-a-pile-of-shit-approved-it-anyway/
#Cybersecurity #Microsoft #FedRAMP #Leadership #RiskManagement #security #privacy #cloud #infosec

I find myself at a point where I'm encountering irreconcilable differences between my moral, ethical, and technical objections to the use of LLMs, and my employer's leadership's desire to force the use of LLMs into every aspect of day to day operations. As a result, I find myself #OpenToWork .

I have decades of experience in the #SysAdmin / #SRE / #DevOps / #CICD / #CloudComputing range of skills. Currently acting as a subject matter expert on #Kubernetes , #Terraform , and #Observability . Mostly supporting #GCP platforms these days, but I am comfortable pivoting to other #cloud platforms like #AWS or even #OnPrem . Can do #ProjectManagement and #TeamLeadership. Experienced in #DevSecOps and #FedRAMP processes.

I would strongly prefer to deal with no LLM tooling at all, but will settle for having to use it less than in the current environment.

Location: #Canada (remote), #WaterlooRegion (Ontario) (hybrid).

#FediHire #FediHired #GetFediHired

"For years, reviewers said, Microsoft had tried and failed to fully explain how it protects sensitive information in the cloud as it hops from server to server across the digital terrain. Given that and other unknowns, government experts couldn’t vouch for the technology’s security.

Such judgments would be damning for any company seeking to sell its wares to the U.S. government, but it should have been particularly devastating for Microsoft. The tech giant’s products had been at the heart of two major cybersecurity attacks against the U.S. in three years. In one, Russian hackers exploited a weakness to steal sensitive data from a number of federal agencies, including the National Nuclear Security Administration. In the other, Chinese hackers infiltrated the email accounts of a Cabinet member and other senior government officials.

The federal government could be further exposed if it couldn’t verify the cybersecurity of Microsoft’s Government Community Cloud High, a suite of cloud-based services intended to safeguard some of the nation’s most sensitive information.

Yet, in a highly unusual move that still reverberates across Washington, the Federal Risk and Authorization Management Program, or FedRAMP, authorized the product anyway, bestowing what amounts to the federal government’s cybersecurity seal of approval. FedRAMP’s ruling — which included a kind of “buyer beware” notice to any federal agency considering GCC High — helped Microsoft expand a government business empire worth billions of dollars."

https://www.propublica.org/article/microsoft-cloud-fedramp-cybersecurity-government

#Microsoft #FedRAMP #USA #Trump #CyberSecurity #Cloud #CloudComputing

IT-Security-Leute der US-Regierung sollten die MS-Cloud auf Tauglichkeit für geheime Daten prüfen. Wertung:

"Pile of shit"
“lack of proper detailed security documentation”
“lack of confidence in assessing the system’s overall security posture”

Auch wird der Vergleich zu #AWS und #GCP gezogen - dort wäre das Design auf die Anforderungen angepasst, Microsoft hätte einfach bestehendes irgendwie zurechtgegaffat.

Wurde nach politischem Druck natürlich trotzdem für geheime Dokumente zugelassen.

https://www.propublica.org/article/microsoft-cloud-fedramp-cybersecurity-government

#azure #microsoft #microslop #FedRAMP