AutomateNow ← Blog
Need help with Zapier?
Connect with an Expert

FedRAMP 20x: Proposed Framework to Enhance Automation and Efficiency

Introduction to FedRAMP

The Federal Risk and Authorization Management Program (FedRAMP) launched "FedRAMP 20x" on March 24, 2025. This initiative aims to improve the efficiency of FedRAMP by automating security assessments and continuous monitoring, simplifying required technical controls, and engaging the industry to provide necessary tooling and solutions.

FedRAMP is a federal government-wide compliance framework that standardizes security assessments, authorization, and ongoing monitoring for cloud products and services used by federal agencies. Compliance with FedRAMP ensures cloud service providers (CSPs) meet necessary security requirements.

Goals of FedRAMP 20x

FedRAMP 20x is still in the early stages, with many details yet to be finalized. However, several key proposals have been highlighted:

  • Accelerated Agency Sponsorship Process: The existing pathway for agency sponsorship will continue to be available, albeit on an expedited timeline with fewer rigorous checks starting after March 2025.
  • Increased Automation: The new framework proposes that over 80% of security assessments and continuous monitoring will rely on automated validation rather than extensive documentation.
  • Simplified Technical Controls: FedRAMP plans to develop "Key Security Indicators" (KSIs) that translate traditional security controls into measurable formats. These KSIs will use automation for verification and may be customized based on specific cloud services seeking authorization.
  • Industry Collaboration: FedRAMP 20x counts on commercial partners to help shape policies and processes, encouraging industry contributions to automation tools and community working groups.

Implications for Cloud Service Providers

While FedRAMP 20x does not alter the foundational structure of FedRAMP immediately, it aims to modernize the authorization process with active input from cloud service providers and other stakeholders. Key considerations for cloud service providers include:

  • Participating in the FedRAMP 20x community working groups, which will launch in the coming weeks.
  • Exploring new business opportunities that may arise from FedRAMP 20x, particularly in relation to tools and features that facilitate automated assessments.
  • Staying informed about updates to the existing authorization process and the status of current authorization holders.