GSA doubles FedRAMP authorizations compared to last year

The General Services Administration says that recent efforts to streamline cloud security authorizations across the government are working. 

As of last month, the Federal Risk and Authorization Management Program, or FedRAMP, completed 114 authorizations for fiscal 2025, more than double the number finished in fiscal 2024. 

FedRAMP is the government’s standardized security assessment, authorization and continuous monitoring program for cloud products and services. It dates back to 2011, and Congress officially authorized it in late 2022.

GSA’s latest milestone follows the launch of FedRAMP 20x in the spring, meant to cut red tape around the program and push automation. Approximately a year ago, the Office of Management and Budget revamped FedRAMP’s guidance to respond to changes in cloud tech and to make the program easier for agencies to use.

Since the launch of FedRAMP 20x, the time for authorizations is down to about five weeks, GSA estimates, as opposed to over a year on average last year.

“FedRAMP 20x has allowed us to rethink the entire authorization model and prove that security and speed can coexist in the federal space. We’re not just catching up — we’re leading,” FedRAMP Director Pete Waterman said in a statement.

The number of authorizations done in 2025 so far also outpaces GSA’s own goal to hit 100 authorizations approved in fiscal 2025 and 2026, as outlined in its fiscal 2026 budget request. GSA approved 49 authorizations in fiscal 2024.

GSA has also authorized four new cloud service providers through a FedRAMP 20x pilot using key security indicators and machine-readable validation to assess security, it said Monday, and will continue to refine the model.

“FedRAMP 20x represents a critical shift from process-driven compliance to outcome-focused security, empowering agencies to adopt innovative cloud services faster while maintaining robust protections for federal data,” GSA’s new acting director, Michael Rigas, said in a statement.