Anchored by the FedRAMP Authorization Act and OMB Memo M-24-15, FedRAMP is undergoing a major change that affects virtually every aspect of how cloud service providers pursue, achieve, and maintain federal authorization. Named FedRAMP 20x, this program is meant to streamline compliance and make it easier for cloud products to enter the federal marketplace.

The most visible of those changes is the retirement of the legacy FIPS 199 security categories (Low, Moderate, and High) in favor of a new alphabetical system: Certification Classes A through D.

We’re walking through these new classes and what they mean for agencies seeking Authorization.

Read More

For MSPs supporting defense contractors, federal agencies, and cloud service providers, 2026 marks a turning point when most regulatory bodies expect architecture, compliance, and service delivery to align.

This is made even more readily apparent with changes in federal requirements. The DoD’s phased rollout of CMMC and FedRAMP 20x are clear signal that the government expects MSPs to focus on modern, risk-focused security. 

Read More

This shift to identity-based security has had major implications for compliance. Frameworks like FedRAMP, CMMC, and NIST 800-series controls all rely on strong identity practices. Yet areas like Identity Assurance remain a consistent challenge.

Many organizations assume that if a user can log in with MFA, their identity is secure. In reality, authentication only proves that someone possesses a credential. Identity assurance determines whether the system actually knows who that person is.

Read More