GSA Reports Progress Following FedRAMP 20x Launch

The General Services Administration (GSA) unveiled FedRAMP 20x one month ago to rapidly modernize the program and is already seeing efficiency gains.

“One of GSA’s primary objectives is to achieve continuous improvement in all aspects of FedRAMP operations. For FedRAMP, that priority is accelerating the authorization process so that it is faster, easier, cheaper and better, with a true focus on security outcomes that effectively ensures the safeguarding of government information,” FedRAMP Director Pete Waterman told GovCIO Media & Research.

FedRAMP aims to standardize security assessments, authorization and continuous monitoring of agencies’ cloud products and services. With 20x, the program’s team is working to streamline the authorization process and shorten approval times from months to weeks.

The team is implementing a new cloud-native approach to FedRAMP assessments and authorizations to offer greater efficiency while protecting sensitive data. It will also bolster relationships between government officials and tech providers when establishing protocols and developing and maintaining security requirements.

According to Waterman, FedRAMP has finalized over 70 cloud service authorizations to date.

Boosting Collaboration Between Government and Industry

While GSA has seen improvement with the FedRAMP Marketplace — which now lists over 400 FedRAMP authorized cloud service offerings (CSOs) — the agency recognizes that government users still lack access to the tens of thousands of CSOs available to the private sector and is committed to closing the gap.

Waterman explained that FedRAMP 20x will allow more opportunities for government to partner with the private sector to drive innovation. The process and program improvements can be more effective by incorporating a broader range of perspectives and insights from industry stakeholders, system owners and architects.

“Building a new thing through public collaboration with industry fosters transparency, trust and legitimacy.” said Waterman. “The FedRAMP 20x model of open engagement facilitates more opportunities for innovation and collaboration, and we think it can lead to a stronger industry-government relationship.”

Leveraging Emerging Tech to Maximize Efficiency

Waterman said the FedRAMP team is moving away from manual, documentation-focused annual security assessments to a model where cloud service providers continuously evaluate and validate the enforcement of security best practices.

“The intent of FedRAMP 20x is for agencies to work under a more streamlined automation-driven security framework to accelerate federal cloud adoption,” said Waterman. “The aim is to leverage modern technologies to minimize bureaucracy and maximize efficiency.”

FedRAMP’s data scientists are enhancing the program’s AI tool use in line with GSA’s AI priorities, according to a FedRAMP progress update. In its first month, the team built an internal system using the GitHub API and GSAi to review and prioritize GitHub comments and generate executive summaries.

They also evaluated the GSAi tool and models, developed GSA’s first living guide for larger-scale code generation for business applications and created a lab environment with resources for generative AI-based learning and prototyping.

Aligning with the New Administration’s Directives

FedRAMP 20x will support the Trump administration’s recent executive order on federal procurement, leveraging modern technologies to minimize bureaucracy and maximize efficiency.

“Agencies will get access to hundreds of modern cloud services for innovative use cases that were previously unattainable, while the re-use of authorized cloud services by new agencies will be a more streamlined process that helps them understand all the risks up front,” said Waterman. “Existing users of government cloud services will get access to features and updates faster.”

FedRAMP 20x will ultimately increase competition and drive innovation within the federal space, Waterman explained.

“Today, many cloud service providers do not pursue federal contracts because of the burdensome bureaucratic process. Through FedRAMP 20x, GSA is advocating for an environment where both best-in-class small and large companies can compete for any federal business,” Waterman said. “This initiative has the potential to lower vendor costs, increase competition and strengthen trust with industry.”

Waterman’s team is working to break down bureaucratic processes and barriers to entry for businesses hoping to work with the federal government. Waterman said FedRAMP should integrate seamlessly into the existing workflows of engineering and compliance teams, making it easier for agencies to purchase directly from cloud providers.

“It should be easy for cloud providers to validate security frameworks without paperwork; thereby making it easy to get listed on the FedRAMP Marketplace after validation and being able to sell authorized cloud service offerings directly to agencies,” said Waterman. “We want it to be worth it for every company to pursue FedRAMP authorization so public servants can get access to all the cool stuff industry builds.”