FedRAMP 20x: Reshaping the look, feel, and speed of FedRAMP

FedRAMP 20x launched and hosted its first community working group on March 31, 2025, as part of a major overhaul to make the Federal Risk management and Authorization Program (FedRAMP) simpler and more efficient through automation, moving away from lengthy wait times and a heavy documentation burden. Registration for the group is currently open.

The announcement was made at the Alliance for digital innovation on March 24, 2025, in Washington, DC.

Subject matter experts with cloud service offerings, advisors, and assessors will be able to participate in community working groups or respond to requests for comments (RFCs) to contribute ideas, opinions, or thoughts on potential solutions, which could ultimately become practice in the future.

Who’s affected?

As with most FedRAMP initiatives, impacted parties include:

• Cloud service providers
• Third-party assessment organizations (3PAO)
• Federal agencies
• FedRAMP PMO

What are the goals of FedRAMP 20x?

FedRAMP 20x aims to establish new processes designed in collaboration with industry stakeholders.

Key goals for FedRAMP 20x include:

• Simplifying the automation of applications and validation of FedRAMP security requirements.
• Leveraging existing industry investments in security by inheriting best-in-class commercial security frameworks.
• Continuously monitoring security decisions using a straightforward, hands-off approach.
• Building trust between industry and federal agencies by leaning into the direct business relationships between providers and customers.
• Enabling rapid continuous innovation without artificial checkpoints that hinder progress.