FedRAMP 20x Keeps Government Cloud Use Moving

Earlier this year, the General Services Administration (GSA) announced a significant update to the Federal Risk and Authorization Management Program (FedRAMP). Named FedRAMP 20x, the focus of this initiative is on introducing automation to increase the pace of authorizations.

The Phase One pilot of this effort trialed a new approach to FedRAMP Low authorization. This automated process focused on Key Security Indicators (KSIs) rather than the traditional NIST SP 800-53 narrative control set. Vendors meeting the KPIs were granted a 12-month FedRAMP Low authorization. Using this process, the first FedRAMP authorizations were issued in just four months.

The GSA is now kicking off Phase Two, which will look at granting FedRAMP Moderate authorizations. Participation in this pilot is by invitation only, in order to ensure the small FedRAMP staff concentrates efforts on participants that are well-positioned to achieve Moderate authorization. The focus of this phase, "quality, not quantity,"-- is aimed at fine-tuning automated processes, with a target of 10 approved solutions.

Phase Three is expected to begin in early 2026 and will formalize the Low and Moderate pilots to make them available to the public as standard authorization processes. FedRAMP High authorizations will be addressed in Phase Four, which is expected to start in the fall of 2026.

Outside of these automation pilots, the FedRAMP program is also streamlining existing processes, approving more than twice as many government cloud services in fiscal year 2025 than in fiscal year 2024. As of July 2025, FedRAMP completed 114 authorizations, in addition to the four new cloud services approved through the Phase One pilot. The previous year, FedRAMP authorized 49 cloud service providers. What's more, the time for authorizations is now about five weeks, as compared to a 12-month-plus average in 2024's fiscal year.

To stay on top of government cloud use and procurement, check out these resources:

• Cloud Summit 2025 (October 29, 2025; virtual) - Learn from government and industry leaders at the forefront of cloud initiatives about how they are overcoming legacy systems and addressing cybersecurity and privacy concerns to efficiently migrate to the cloud.
• Cloud Security 2026 (February 24, 2026; New York City, NY) - Join senior IT professionals, cloud security experts, and decision makers to discuss the latest trends and policies in cloud security.
• Technology & Transformation Summit (March 17, 2026; Washington, DC) - Explore the transformation of mission delivery through IT innovation, workforce development, cybersecurity, and cloud technology.
• FedRAMP: Evolving Standards, Emerging Challenges, and the Road Ahead (white paper) - FedRAMP, once a groundbreaking framework for authorizing cloud services, is now undergoing a critical transformation through the 20x initiative--aimed at streamlining processes, reducing sponsor burden, and embracing automation over paperwork. Yet, challenges remain, from securing agency sponsorship to helping smaller innovators break into the federal market.
• The Cloud Playbook (white paper) - Cloud adoption in government has evolved far beyond simply migrating workloads to the public cloud. Agencies are now rethinking strategies to balance cost, compliance, and security while building resilient infrastructures that support innovation.
• Navigating Uncertainty in Government Cloud Security (white paper) - As government agencies accelerate their shift to the cloud, they're also navigating mounting cybersecurity challenges and operational complexities. The Institute for Critical Infrastructure Technology's 2025 report highlights a growing "effectiveness gap" between agencies' goals and their capacity to secure multi-cloud environments, manage regulatory requirements, and maintain operational agility.
• Enabling Smarter Government With Cloud-Based Information (white paper) - Public sector CIOs are under intense pressure to modernize outdated systems, improve cybersecurity, and meet executive mandates--all while working with limited budgets. This brief outlines how cloud-based information management can help agencies streamline operations, strengthen citizen engagement, and become AI-ready without multiplying tech headaches.

For more information on cloud in government, search for additional events and resources on GovEvents and GovWhitePapers.