GSA launches FedRAMP 20-X to speed up cloud approvals

The General Services Administration has introduced FedRAMP 20-X to streamline the cloud service authorization process for federal agencies, aiming to accelerate adoption while preserving high security standards, Federal News Network reports.

Travis Howerton, former federal CTO and CEO of RegScale, explained that the update shifts more responsibility to cloud service providers by automating evidence sharing and control reporting, reducing manual oversight and paperwork. This cloud-native model enables faster onboarding and lower costs without compromising risk management. Howerton noted that inherited security controls, central to FedRAMP, are being expanded so CSPs can deliver more compliance functions “out of the box,” easing the burden on agencies. While the 20-X initiative won’t fully solve long-standing issues like redundant certifications across agencies, it builds on the legal “presumption of adequacy” clause to promote broader acceptance. He also proposed a fee-for-service model through GSA to eliminate the need for agency sponsorship, which he believes could significantly lower the entry barrier for innovative vendors.