The General Services Administration (GSA) announced today that its Federal Risk and Authorization Management Program (FedRAMP) has already approved more than twice as many cloud security authorizations in fiscal year (FY) 2025 as it did in all of FY 2024.
In an Aug. 11 press release, GSA said that as of last month, FedRAMP reached a record 114 authorizations for FY 2025 — more than double the number completed in FY 2024. GSA approved 49 authorizations in fiscal year 2024.
The news comes just one year after the White House Office of Management and Budget (OMB) issued Memorandum M-24-15, which provides guidance to overhaul FedRAMP in line with directions from Congress in the FedRAMP Authorization Act approved in late 2022.
“FedRAMP 20x represents a critical shift from process-driven compliance to outcome-focused security, empowering agencies to adopt innovative cloud services faster while maintaining robust protections for federal data,” said GSA Acting Administrator Michael Rigas.
“The program is setting a new standard for federal IT modernization and reaffirming GSA’s commitment to delivering smarter, more secure services for Americans,” Rigas added.
FedRAMP aims to provide a standardized, government-wide approach to security assessment, authorization, and continuous monitoring for cloud products and services used by Federal agencies.
In March, the program launched FedRAMP 20x, a revamp effort that places a heavy focus on automation to speed the approval process for secure cloud services authorized by the program.
“As a result, GSA has now reduced the time for authorizations to approximately five weeks,” the agency said in today’s press release.
GSA also noted that it has authorized four new cloud services through its FedRAMP 20x Phase One pilot. As the pilot progresses, GSA said it will continue working with agency and industry partners to “validate and refine the FedRAMP 20x model.”
“FedRAMP is demonstrating what’s possible when a mission-driven team is empowered to move fast and fix what’s broken,” said FedRAMP Director Pete Waterman. “FedRAMP 20x has allowed us to rethink the entire authorization model and prove that security and speed can coexist in the federal space. We’re not just catching up – we’re leading.”
MeriTalk recently interviewed Brian Conrad, a former FedRAMP director who is now the director of strategic global compliance initiatives at Zscaler, who applauded the program’s progress thus far.
“What’s happening in FedRAMP right now is setting it up for the future. This hard work now is going to create that better future and set the program up to be a more recognizable and critical piece of Federal cybersecurity,” Conrad said. “This is just the beginning of some really great things.”