Snowflake scores the latest federal OneGov deal for AI, data cloud products

Artificial intelligence and cloud-based data products through Snowflake will now be available to all federal agencies, the General Services Administration announced Thursday. The GSA has struck a OneGov deal with the cloud-based data warehousing and analytics company in order to “empower federal workers to break down data silos, enhance mission effectiveness, and accelerate their IT modernization initiatives,” it said in a press release. Snowflake CEO Sridhar Ramaswamy said in a statement: “Federal agencies are seeking efficiency in cost, enterprise scaled performance, intuitive design driven tools for the workforce and simplicity in contracting — we are the only multi-cloud data platform that can meet this charge on day one.” Just over a year old, OneGov is a government contracting framework allowing for cross-agency use of commercial products at a discounted price. For Snowflake users across the federal government, this means 20% off compute services, which could go up to 50% as usage increases, as well as nearly a 27% discount on storage, the release said.

The Small Business Administration’s information security program is largely ineffective after falling below the federal baseline for controls in nine of 10 domains, according to a new watchdog report. Under Office of Management and Budget guidance on ratings for security effective controls, the SBA “has defined policies but it has not consistently implemented them,” the agency’s Office of Inspector General wrote, relaying findings from an independent auditor’s review of SBA’s fiscal 2025 performance under the Federal Information Security Modernization Act.The SBA surpassed OMB’s baseline for incident response, earning an “optimized” rating under federal FISMA guidelines. But the OIG said that six domains — cybersecurity supply chain risk management, risk and asset management, configuration management, identity and access management, contingency planning, and information security continuous monitoring — were considered “defined” (a rating of 2 on the 5-level maturity model scale). Another three domains — cybersecurity governance, data protection and privacy, and security training — were slightly better, per the watchdog, with ratings of “consistently implemented” (3 out of 5).