FedRAMP authorizations in 2025 already more than double last year, GSA says

The Federal Risk Management and Authorization Program has already approved more than twice as many government cloud services in fiscal year 2025 as all of fiscal 2024, the General Services Administration announced Monday. 

FedRAMP reached 114 authorizations in July for fiscal 2025, along with four new cloud services through the FedRAMP 20x revamp program, according to a GSA statement. 

The reform program, unveiled in March, is focused on simplifying the authorization process and shaving the approval timeline from months to weeks. Eventually, agency sponsorship will no longer be needed to win authorization, a process that is often expensive and time-consuming. 

The new numbers come just over a year since the Office of Management and Budget published a memo calling for the modernization of the cloud authorization process. 

The GSA said FedRAMP had a “significant backlog” at the time of the memo, with authorizations taking more than a year. A year later, FedRAMP’s increased use of automation and streamlined workflows cut the wait time to about five weeks, the GSA said. 

“FedRAMP 20x has allowed us to rethink the entire authorization model and prove that security and speed can coexist in the federal space. We’re not just catching up, we’re leading,” FedRAMP Director Pete Waterman said Monday. 

Acting GSA Administrator Michael Rigas said the FedRAMP 20x program shows a shift from “process-driven compliance to outcome-focused security” that gives agencies the chance to adopt cloud services quickly while still protecting federal data. 

As part of the FedRAMP 20x changes, the private sector also has more responsibility over the monitoring of their systems, and Waterman said in April he wants further collaboration with the private sector to determine the best services for government.