Skip to main content
background

Secureframe Achieves FedRAMP® 20x Moderate Authorization

Compliance automation platform reaches Moderate authorization under FedRAMP's automation-first 20x program, building on its previous FedRAMP 20x Low authorization

Secureframe, the leading compliance automation platform, today announced it is among the first organizations to achieve FedRAMP® 20x Moderate authorization, as one of 14 organizations to participate in the Moderate pilot under FedRAMP’s modernized authorization model. 

FedRAMP 20x Moderate raises the bar significantly beyond the Low baseline, requiring continuous, production-derived validation rather than static, point-in-time documentation. Where the Low pilot proved automation-based validation was possible for low-impact systems, Moderate authorization required Secureframe to demonstrate that same automation-driven approach could meet the government’s significantly higher assurance requirements for moderate-impact, moderate-risk federal data. 

"Moderate authorization isn't just the next step after Low, it's proof that automation-first authorization holds up as the stakes get higher,” said Shrav Mehta, Founder and CEO at Secureframe. “We built our platform to meet the same high bar, and this is the clearest evidence yet that the model works at scale."

A Track Record of Federal Compliance Milestones

This authorization is the latest in a string of federal compliance milestones for Secureframe. In September 2025, the company achieved CMMC Level 2 certification after completing an C3PAO assessment with Redspin, placing it in a category representing less than 0.2% of the estimated 220,000+ companies in the Defense Industrial Base expected to comply with CMMC requirements. 

The company also recently launched Secureframe Defense, a purpose-built solution for CMMC readiness, including:

  • Defense Navigator – Guides contractors through structure scoping questions to define accurate, right-sized CMMC scope, then delivers step-by-step implementation guidance built by former federal assessors with CMMC Level 2 certification experience.
  • Automated Cloud Provisioning – Deploys a CMMC-compliant CUI enclave, reducing the scope and setup time required to secure Controlled Unclassified Information compared to traditional approaches.
  • Automated Documentation – Automatically generates and manages an SSP, POA&M, and other required CMMC documentation directly from a contractor’s live environment and existing controls and policies, keeping materials organized, up-to-date, and ready for assessor review. 
  • Comply Platform for CMMC – Continuously monitors control health, tests, and risk profile to detect drift, flag misconfigurations and failing controls, and maintain compliance through real-time compliance dashboards. 

With support for more than 40 frameworks, including FedRAMP 20x, CMMC Levels 1-3, and NIST 800-53, Secureframe is powering the next generation of secure, compliant government contractors. 

To learn more go to: www.secureframe.com

About Secureframe

Secureframe empowers businesses to build trust with customers by automating information security and compliance. Thousands of fast-growing organizations such as Saronic, Lunar Outpost, Nasdaq, and AngelList trust Secureframe to simplify and expedite their compliance journey for global security and privacy standards such as CMMC, FedRAMP, SOC 2, ISO 27001, ISO 42001, NIST CSF, PCI DSS, HIPAA, GDPR and more. Backed by top-tier investors and corporations such as Kleiner Perkins, Accomplice Ventures, and Google’s AI fund, the company is amongst the Forbes list of Top 100 Startup Employers for 2025.