The Federal Risk and Authorization Management Program has announced the second phase of FedRAMP 20x, a cloud-native authorization framework that aims to advance the use of automation to accelerate secure cloud adoption across federal agencies.
The program said it is targeting about 10 Moderate pilot authorizations as part of the FedRAMP 20x pilot’s Phase 2, which is not open to the public.
According to FedRAMP, the Phase 2 pilot will continue to be iterative and explore an automation-based approach to assessment and validation of security decisions by cloud service providers seeking FedRAMP authorization.
The submission window for this phase is expected to run from Oct. 16 to Dec. 16. FedRAMP said it plans to finalize all Phase 2 requirements from mid-October through Oct. 23.
Table of Contents
Eligibility Criteria for FedRAMP 20x Phase 2 Submissions
According to FedRAMP, Phase Two submissions will be accepted only from CSPs that meet one of the following conditions:
- Providers who submitted a complete package for Phase One that was not rejected or withdrawn
- Cloud services that satisfy all FedRAMP AI Prioritization criteria
- Cloud services with GRC automation capabilities that can consume FedRAMP 20x machine-readable information from authorized services to enable review of initial and ongoing authorization data
- Cloud services that provide FedRAMP-compatible trust centers
The public can still participate in refining FedRAMP 20x through the program’s Community Working Groups.
FedRAMP 20x Phase 2 Authorization Requirements for CSPs
To submit a qualifying package for FedRAMP 20x Phase Two review, CSPs and assessors must address every recommendation and requirement in the framework.
Submission packages must demonstrate compliance by showing how the recommendation or requirement is implemented; sharing a plan to implement requirements or recommendations within the next six months; and explaining valid reasons for not implementing recommendations.
Related Articles
Nick Schiffler, marketing manager at Deltek, said proposal artificial intelligence is becoming a key capability for government contracting teams seeking to respond quickly to requests for proposals and improve competitiveness in the federal marketplace. Streamlining Proposal Development With AI In a guest post published on SAME’s website, Schiffler wrote that proposal AI tools could help GovCon proposal teams respond to requests for information, complete their capture plans, develop compliance matrices and transform complex solicitations into more manageable parts. “These tools are built to understand the structure, language, and compliance requirements of federal RFPs, helping teams respond faster and more accurately,” he added.
Michael Cadenazzi announced on LinkedIn Tuesday that he has been confirmed as assistant secretary of defense for industrial base policy. Who Is Michael Cadenazzi? Cadenazzi is a seasoned aerospace and defense executive with a proven track record in driving growth, innovation and risk management. He most recently served as the managing director at EY for nearly four years. He was also senior vice president of product development and director of solutions at Govini. The executive dedicated five years to McKinsey & Company, holding key roles such as associate partner, senior knowledge expert and solutions general manager of VisualDoD—the innovative startup he
The Department of Defense has started implementing a five-phase construct that seeks to provide real-time cyber defense at operational speed and ensure that U.S. warfighters maintain technological superiority against evolving cyberthreats. 5 Phases of DOD’s Cybersecurity Risk Management Construct DOD said Wednesday the Cybersecurity Risk Management Construct, or CSRMC, consists of five phases aligned to system development and operations: design, build, test, onboard and operations. The design phase, for instance, aims to ensure resilience of system architecture by embedding security at the outset. “This construct represents a cultural fundamental shift in how the Department approaches cybersecurity,” said Katie Arrington, a Wash100 awardee who