Anchored by the FedRAMP Authorization Act and OMB Memo M-24-15, FedRAMP is undergoing a major change that affects virtually every aspect of how cloud service providers pursue, achieve, and maintain federal authorization. Named FedRAMP 20x, this program is meant to streamline compliance and make it easier for cloud products to enter the federal marketplace.
The most visible of those changes is the retirement of the legacy FIPS 199 security categories (Low, Moderate, and High) in favor of a new alphabetical system: Certification Classes A through D.
We’re walking through these new classes and what they mean for agencies seeking Authorization.