fedramp

Microsoft's Security Theater, Two Acts

John Z Black Apr 10, 2026

Policy, Law & Governance #microsoft #fedramp #gcc-high #wireguard #veracrypt #government-cloud #open-source-security #security-theater

FedRAMP reviewers called Microsoft's government cloud documentation 'a pile of shit' and authorized it anyway. Same week, Microsoft silently locked out the developers of WireGuard and VeraCrypt. Two stories, same company, same problem.

FedRAMP Says Authorized. That Doesn't Mean Enforced.

John Z Black Mar 19, 2026

Policy, Law & Governance #fedramp #cloud-assurance #cisa #governance #public-sector-security #resilience #oversight

ProPublica raises questions about major cloud authorizations. Congress pressed on CISA staffing. Post-incident recovery data shows uneven performance long after disclosure. Compliance and enforcement capacity are not the same thing.

FedRAMP's Trust Gap: When Technical Warnings Lose to Procurement Momentum

John Z Black Mar 18, 2026

Policy, Law & Governance #fedramp #cloud-security #governance #procurement #assurance #public-sector #risk-management

Federal cyber experts reportedly called Microsoft's cloud a 'pile of shit' -- and approved it anyway. That's not just a Microsoft story. It's a story about what certification badges actually mean.