Cloud service providers (CSPs) looking to sell into the U.S. federal market have long faced a highly bureaucratic and paperwork-based process for FedRAMP authorization. But that’s changing.

The FedRAMP 20x Phase One pilot, which is now open to the public, offers a faster, more streamlined path to achieving FedRAMP Low authorization. 

For CSPs aiming to support the US government and its missions, this is a major opportunity to reduce time to market, lower compliance costs, and build a strong foundation for FedRAMP Moderate or High authorizations in the future.

What is the FedRAMP 20x Phase One pilot?

The FedRAMP 20x pilot program is designed to test new strategies for improving the FedRAMP authorization process. The goal is to make the process more efficient without compromising security.

Phase One of the pilot focuses on streamlining FedRAMP Low authorization for cloud service providers by introducing a reduced set of Key Security Indicators (KSIs). These are controls that replace traditional FedRAMP Rev. 5 baselines as indicators of a CSP’s security posture and readiness. This phase will also test how machine-readable validation can be assessed by Third-Party Assessment Organizations (3PAOs).

This pilot is open to the public and any cloud service provider may participate. Successful participants in Phase One will:

• Receive a 12-month FedRAMP Low authorization
• Be prioritized for Moderate authorization in future phases of the program

Why participate in the FedRAMP 20x Phase One pilot?

For many CSPs, the traditional FedRAMP process can take 12–18 months and require hundreds of pages of documentation. This timeline creates a significant barrier for innovative cloud products aiming to enter the federal market quickly.

FedRAMP 20x offers a path to:

• Accelerated time to revenue with federal customers
• Early validation of your security program
• Reduced compliance overhead in the initial phases
• Improved strategic positioning for longer-term Moderate or High authorizations

For startups and growth-stage cloud providers, Phase One of the FedRAMP 20x pilot is a pivotal chance to break into federal sales, without the full upfront investment and time requirements of a traditional FedRAMP path.

How Secureframe and Coalfire Federal can help you succeed

Secureframe is proud to be participating in the FedRAMP 20x pilot alongside our trusted 3PAO partner, Coalfire Federal. Together, we can help CSPs prepare for, navigate, and succeed in the pilot program with:

Out-of-the-box support for the FedRAMP KSI framework

The Secureframe platform supports the Fedramp 20x KSI framework out of the box. With the key security indicators for the Phase One pilot already mapped to pre-built controls and tests, you know exactly how to meet FedRAMP Low KSI requirements.

Federal-ready automation

From initial gap assessments to SSP generation to continuous monitoring and evidence collection with integrations for AWS GovCloud and other federal cloud services, Secureframe automates the most time-intensive tasks in the FedRAMP process to help reduce cost and complexity. 

Expertise you can trust

Our team includes former FedRAMP, FISMA, and CMMC auditors who know what it takes to pass rigorous assessments and avoid rework. Combined with Coalfire Federal’s deep 3PAO experience and enterprise-class cybersecurity support services, you’ll have expert guidance at every step of the FedRAMP 20x process, from readiness to submission.

Interested in joining the FedRAMP 20x pilot?

If your cloud product is ready for the federal market—or you're exploring what it would take—now’s the time to act.

To participate in the FedRAMP 20x Phase One pilot with Secureframe and Coalfire Federal, fill out the form here to get more information. Or, if you’re an existing Secureframe customer, reach out to your customer success manager and/or account manager for next steps.