Six months ago, FedRAMP launched a bold modernization effort, FedRAMP 20x. It promised faster authorizations, modernized security, and a more accessible path to the federal market for all cloud service providers (CSPs).

Only six months into the FedRAMP 20x rollout, and the results are already impressive. The new program is delivering authorizations at record speed, helping to ensure more cloud services are secure and available to federal agencies. And, perhaps even more importantly, it’s changing how these cloud providers and federal agencies think about and approach security in the cloud.

Let’s take a closer look at the significant progress and changes that have taken place in the six months since FedRAMP 20x was announced.

1. FedRAMP authorization timeline slashed to five weeks

One of the clearest wins so far: speed. Under the legacy process, CSPs often waited 12–18 months for authorization. Under 20x, that timeline has been cut down to five weeks on average as of July.

This accelerated timeline for FedRAMP authorization doesn’t just save CSPs valuable time and resources. It also helps agencies adopt secure cloud technologies faster, ensuring they’re not left behind while the private sector benefits from cutting-edge tools. This will have major ramifications for the federal government and national security.

2. There has been a record-breaking number of FedRAMP authorizations 

Also in July, the FedRAMP team completed 114 authorizations—more than double the number of authorizations completed in the entire fiscal year of 2024. 

The sheer volume underscores the potential of FedRAMP 20x to achieve the vision laid out in the 2024 Memorandum M-24-15, Modernizing the Federal Risk and Authorization Management Program (FedRAMP) of thousands of cloud services entering the federal market

The streamlined reviews and automation championed by this program are allowing the FedRAMP team to process more authorizations than ever before, without sacrificing rigor or security. Although there’s still much progress to be made to get to that goal of thousands, this milestone—just four months into the FedRAMP 20x rollout—is a huge step in the right direction. 

3. More FedRAMP Low authorized cloud services entered Marketplace than ever

In August, FedRAMP announced that 26 new cloud services (including Secureframe) were authorized through the 20x Low Pilot. 

To put that in perspective, that’s more than the rescinded FedRAMP Joint Authorization Board processed in the last four years of its existence combined. Previously, before the pilot launched, there had been only 7 services authorized using the traditional Low baseline. That means, the 20xP1 pilot increased the Low authorized cloud services represented in the Marketplace by 270%. (Note: This is excluding the low-impact systems authorized using the Li-SaaS baseline).

The success of the Phase One pilot proves that the 20x approach works and that automation can scale FedRAMP authorization in ways the legacy program couldn’t.

The Phase Two pilot, announced on September 24, 2025, is expected to achieve similar success in accelerating authorizations for moderate-impact cloud services.

5. Moving closer to “true” continuous monitoring

Today’s FedRAMP “continuous monitoring” is anything but, according to Waterman, consisting of little more than annual assessments with periodic check-ins.

FedRAMP 20x is pushing toward true continuous monitoring, where systems automatically detect, remediate, and report security risks in real time, without humans involved. This will involve:

• Automated systems that detect security risks in real time
• Tools that can provide instant remediation without waiting on human reviews
• Dashboards and trust centers that provide continuous validation and reporting instead of point-in-time checks

The finalization of the new FedRAMP Authorization Data Sharing Standard represents major progress toward this last goal of continuous validation and reporting, enabling CSPs to store and share FedRAMP authorization data via Trust Centers on their preferred platform of choice if it meets certain requirements specified in this standard. 

If the industry continues to provide solutions to automatically monitor and enforce requirements and FedRAMP continues to establish standards and guidelines for using these tools consistently and securely, 20x will fundamentally change how security is validated in government systems and set a new bar for compliance programs worldwide, such as CMMC. 

6. New tools and innovations from private sector for the government

FedRAMP 20x isn’t just about shortening authorization timelines and cutting paperwork with automation. Its ultimate goal is to expand the size, capabilities, effectiveness, and diversity of the Marketplace by making it more accessible to startups, smaller providers, and other vulnerable populations who want to sell to the government without years of upfront investment to get authorized.

To do so, FedRAMP is looking to the industry to provide technology and innovative solutions to improve the authorization process, rather than relying on the government to provide the answers. Already, according to Waterman, the Phase One pilot has spurred the development or customization of tools and products that didn’t exist six months ago. 

If that pace continues, FedRAMP 20x could very well reach its vision of being not just an improved authorization program, but an engine of continuous improvement and stronger security that can help transform how organizations and customers—in both the public and private sector—approach and assess security. 

Looking toward the future: What to expect under FedRAMP 20x in Q4 2025 and beyond

These results signal that FedRAMP 20x is already delivering on its promise of faster, smarter, more secure cloud adoption for the federal government.

Moving into Q4 2025 and 2026, we can expect even more progress against its core goals:

• The FedRAMP Marketplace to continue to grow at unprecedented speed.
• More FedRAMP Moderate authorized cloud services to enter the Marketplace under the 20x Phase Two Moderate Pilot (announced on September 24)
• 20x Low and Moderate standards to be finalized (expected early 2026).
• The industry to continue to embrace innovative tools to achieve and validate FedRAMP authorizations.

While the accuracy of the estimated dates in the FedRAMP 20x Roadmap will affect how quickly the FedRAMP Marketplace scales, it’s safe to say the FedRAMP authorization process will continue to transform at unprecedented speed.

How Secureframe automation can help you achieve FedRAMP authorization faster and with more confidence 

At Secureframe, we’ve seen this transformation firsthand. As one of the first organizations to earn a FedRAMP 20x Low authorization, we know what it takes to succeed under the new model. Our platform is built to simplify compliance, automate monitoring, and give CSPs — from startups to enterprises — the tools they need to achieve and maintain FedRAMP authorization with confidence.

• First-hand FedRAMP 20x expertise: Former federal auditors who have undergone the FedRAMP 20x authorization process themselves can guide you through every step of the process.
• Federal cloud integrations: Automates monitoring and evidence collection with 300+ integrations to AWS GovCloud and other major federal cloud services as well as key tools in CSPs’ tech stacks.
• Continuous monitoring: 24/7 monitoring with customizable test intervals and task notifications to simplify continuous compliance.
• Risk management: Track, assess, and mitigate risks with our purpose-built POA&M Manager.
• Vendor management: Automate assessments to monitor and reduce third-party risk.
• User access reviews: Enforce least privilege with automated user access reviews and timely revocations.
• Vulnerability management: Integrates with leading scanners for continuous vulnerability monitoring to meet requirements in the newly finalized FedRAMP Vulnerability Detection and Response Standard. 
• Cross-mapping: Map FedRAMP controls to 40+ frameworks to cut duplicate effort.
• Partner network: Access trusted 3PAOs, vCISOs, and MSSPs to streamline FedRAMP authorizations, from readiness to assessment to maintenance.
• Policy management: Templated, customizable policies with workflows for approvals and compliance.
• Trust Center: Share your FedRAMP authorization data in real time with a customizable Trust Center that meets FedRAMP requirements for standardized automated data sharing and validation within the FedRAMP ecosystem.

Request a demo today to see how we can help you achieve and maintain FedRAMP 20x compliance over time with confidence.