The Federal Risk and Authorization Management Program has outlined a new program certification framework for cloud service providers while preparing to retire the FedRAMP Ready designation as part of upcoming rule changes scheduled for release in 2026.
The Potomac Officers Club’s 2026 Digital Transformation Summit on April 22 will explore federal IT modernization efforts and advancements in AI, cybersecurity and user experience. Register now!
Table of Contents
Why Is FedRAMP Creating a Program Certification Path?
The program said Saturday the proposal stems from challenges faced by cloud providers that invested in the FedRAMP Rev5 agency authorization process but lost or could not secure an agency sponsor due to government staffing and budget constraints. Traditionally, a full Rev5 security assessment requires extensive review.
FedRAMP has relied on government agencies to conduct these reviews since the program lacks the staffing and funding to evaluate every assessment directly. The new approach, called FedRAMP 20x, aims to reduce the initial review workload so FedRAMP can handle certain assessments itself while expanding capacity if additional funding becomes available.
How Will the New Certification Framework Work?
Under the updated structure, FedRAMP authorizations will be renamed FedRAMP certifications, and the program will shift from impact levels to certification classes. Certifications will be available through two pathways: agency authorization and program certification. The agency authorization path requires an agency sponsor to support the review process, while the program certification path allows FedRAMP to review a cloud product without a sponsor, though availability will be more limited.
The changes will be published by June, preceding the retirement of the FedRAMP Ready designation on July 28. They will be applicable to all cloud service providers from Dec. 31, 2026, through Dec. 31, 2028. Providers currently pursuing FedRAMP Ready will be able to convert their existing progress toward obtaining a Class A FedRAMP Certification.
What Are the Stages for Program Certification Implementation?
The rollout will occur in designated stages, beginning with the availability of Class A certifications for current FedRAMP Ready providers. Stage 2 will expand to Class B and C certifications for providers that met specific criteria between January 2025 and March 2026, such as being “In Process” or having completed a full security assessment. A tentative third stage aims to open certifications to providers using external security frameworks that are highly compatible with Rev5 requirements.
Related Articles
The Department of War has appointed Gavin Kliger, a former Databricks technical staff member, as chief data officer to help oversee and execute DOW’s artificial intelligence initiatives. Attend Potomac Officers Club’s 2026 Artificial Intelligence Summit on March 18 to hear from Kliger’s new collaborator in AI innovation at DOW, Chief Digital and Artificial Intelligence Officer Cameron Stanley. Register today to secure your spot and join fellow leaders for this timely discussion. How Will Kliger Oversee DOW’s AI Strategy? In a post on X published Friday, DOW said Kliger will focus on aligning and managing the day-to-day execution of the department’s
The U.S. Navy on Saturday christened USNS Hector A. Cafferata Jr. (ESB 8), the Military Sealift Command’s sixth and final ship in the Expeditionary Sea Base program, during a ceremony at the General Dynamics NASSCO shipyard in San Diego, DVIDS reported. The christening of USNS Hector A. Cafferata Jr. highlights the Navy’s continued investment in flexible maritime platforms and the evolving capabilities that support modern naval operations. Industry and government leaders will explore the latest capabilities and the future of naval strategy at the 2026 Navy Summit on Aug. 27. Sign up today to book your spot! Family members of
The U.S. Air Force is seeking industry feedback on potential missile systems that could support the Stand-in Attack Weapon, or SiAW, program, as part of market research for a future acquisition effort. In a sources sought notice posted on SAM.gov on Wednesday, the service said it is seeking companies that can provide an All-Up-Round missile system and associated software and hardware, logistics elements, training systems and verification tools compatible with SiAW launch platforms and infrastructure. Responses are due March 19. Leaders from the U.S. Air and Space Forces and industry will gather at the Potomac Officers Club’s 2026 Air and