GSA launched the FedRAMP 20X program to help accelerate the adoption of secure commercial cloud services by government agencies. The FedRAMP 20X program’s goals are to provide a highly secure and compliant commercial cloud system by building automated checks, configuration telemetry and “show me” evidence versus “tell me” documentation. We at stackArmor have pioneered the concept of “Engineered Compliance” to reduce the compliance burden by decomposing complex requirements into standardized capabilities, patterns, configuration as code and well-defined operational activities. Our efforts have resulted in a 50% reduction in cost and time of achieving a 100% compliant cloud environment. We are eager for further reductions! The FedRAMP 20X program challenges us to do more, collaborate with like-minded organizations and push to further refine and develop the next generation of risk scorecards, automated checks, evidence collection and automated verifications. We want to see the FedRAMP Marketplace rocket from ~400 cloud services to 8,000!
On this site we hope to provide you with meaningful content that showcases our thoughts and ideas to help enable greater automation, standardization and mapping of complex compliance controls to code.
An idea being tossed around is the use of a “Risk Score” for systems that can be used to inform risk-based authorization decisions and, potentially, accelerate the system authorization process. This idea is neat, but as with all things “IT security”, there are caveats…and pitfalls. Read on to learn more.
stackArmor provides FedRAMP, FISMA/RMF, and CMMC/DFARS compliance acceleration services on Amazon Web Services (AWS). stackArmor’s ThreatAlert® Security Platform reduces the time and cost of an ATO by 40%. We serve enterprise customers in Defense, Aerospace, Space, Government, and Healthcare markets as well as ISV’s looking to offer cloud solutions for Government.
Menu
Blog
© stackArmor. All Rights Reserved 2025.
