Government Cloud Security Program Offers Update on FedRAMP 20x

The Federal Risk and Authorization Management Program has provided updates on efforts launched and upcoming initiatives for FedRAMP 20x, a cloud-native authorization framework that seeks to advance the use of automation to accelerate secure cloud adoption across federal agencies. FedRamp 20x Launched in March–What’s Next? Since launching FedRAMP 20x in March, the program said Thursday the FedRAMP team has executed several initiatives to deliver authorizations, facilitate community engagements, improve standards and support the General Services Administration’s artificial intelligence priorities. When it comes to the authorization aspect, the program has granted FedRAMP Ready designations to seven new cloud services, recognized twoThe post Government Cloud Security Program Offers Update on FedRAMP 20x first appeared on Executive Gov.

The Federal Risk and Authorization Management Program has provided updates on efforts launched and upcoming initiatives for , a cloud-native authorization framework that seeks to advance the use of automation to accelerate secure cloud adoption across federal agencies. Table of Contents FedRamp 20x Launched in March–What’s Next? Since , the program said Thursday the FedRAMP team has executed several initiatives to deliver authorizations, facilitate community engagements, improve standards and support the General Services Administration’s artificial intelligence priorities. When it comes to the authorization aspect, the program has granted FedRAMP Ready designations to seven new cloud services, recognized two new third party assessment organizations and listed five new In Process cloud services for Rev 4 agency authorizations, among other efforts.

Under the standards improvements category to advance FedRAMP 20x, the FedRAMP team has finalized eligibility criteria for the first 20x pilots using stakeholder feedback, prepared a draft standard to demonstrate FedRAMP 20x with explicit criteria for achieving an automated FedRAMP Low authorization and proposed a standard for defining the boundary of FedRAMP authorizations based on public comment. To improve FedRAMP’s use of AI tools, the program has created a lab environment with resources for generative AI-based learning and prototyping and developed an internal system using GitHub API and GSAi internal tool to review GitHub comments and create executive summaries. FedRAMP 20x Phase One Pilot In May, the program will launch the initial phase of the to test how cloud service providers can meet FedRAMP Low authorization requirements using automated technical validation, simple documentation requirements and existing commercial certification to produce machine-readable packages that can be evaluated by trusted third parties.

Qualifying cloud services that complete the first phase will secure a 12-month FedRAMP Low authorization. The program will prioritize such service offerings for FedRAMP Moderate authorization in the pilot program’s second phase. The program is seeking public comments on for FedRAMP 20x Phase One pilot.

Responses are due May 24. FedRAMP is also soliciting feedback on the proposed and ..