Skip to main content
immixGroup
Enterprise Computing Solutions
Arrow Electronics, Inc.
  1. immixGroup Home
  2. Resources: Government Sales Insider
  3. Article Search
  4. FedRAMP 20x moves to testing automated assessments in Phase 2 Pilot

FedRAMP 20x moves to testing automated assessments in Phase 2 Pilot

March 10, 2026 | Amanda Mull

Subscribe to Government Sales Insider

Contact us

FedRAMP 20x, the General Services Administration’s (GSA) initiative to improve the authorization of cloud services to FedRAMP continues to progress. In mid-January, 13 cloud services with machine-readable proposals were selected for Phase 2 of the pilot. Industry is still invited to follow progress of the pilot program via the FedRAMP community’s hosted work group meetings, blogs and official site postings. The FedRAMP 20x pilot’s commitment to public input is hastening progress.

Phase 2 will test how well the cloud service providers can meet the requirements of automated third-party assessments. Collecting and assessing evidence of how security decision-making functions perform and evolve within the cloud services are crucial for meeting the FedRAMP Key Security Indicators (KSIs) for Phase 2. There have been significant changes from Phase 1.

The second phase requires extensive automation and detailed security processes that might not be inherent to commercial off-the-shelf products. Industry must review the requirements and determine a development strategy. From the complexity of the requirements, it seems certain that development of products specifically for the government will be required by industry to meet FedRAMP 20x KSIs. Engineering and compliance teams should review and discuss the KSIs now for development.

One thing remains certain — obtaining FedRAMP 20x certification in the near future will be via third-party tools that should be simpler, easier and faster to use than the previous FedRAMP processes. Following the FedRAMP 20x community progress and waiting until those tools are developed and launched is still the best strategy for most cloud service providers interested in FedRAMP certification of their cloud services.

immixGroup is following the developments and progress of FedRAMP20x closely. The contracts team is available to help IT vendors and solutions providers understand and navigate how the path to FedRAMP 20x will affect IT procurement. Contact immixGroup for more information on navigating the transition to FedRAMP 20x.

About the author

Amanda Mull

Amanda Mull

Federal Contract Specialist
Amanda Mull is a federal contract specialist for immixGroup, the public sector business, of Arrow Electronics for the past 7 years. She served as an administrative contracting officer under GSA Schedule 84 for 20 years and then moved into IT and cybersecurity services under GSA Schedule 70. She currently serves as ACO for the US ARMY ITES-SW2 contract and administers immixGroup’s DHS CDM program participation.
More