GCP – Accelerating FedRAMP 20x: How Google Cloud is automating compliance
Google is committed to helping federal agencies meet their mission, more securely and more efficiently, with innovative cloud technologies. Today, we’re reinforcing our commitment to FedRAMP 20x, an innovative pilot program that marks a paradigm shift in federal cloud authorization. FedRAMP 20x is a new assessment process designed to move away from traditional narrative-based requirements towards continuous compliance and automated validation of machine-readable evidence. Our approach is built around Google Cloud Compliance Manager (now available for public preview) and is designed to transform the path to FedRAMP authorization for our partners and customers.
Compliance Manager accelerates the FedRAMP authorization process by automating end to end management of compliance for partners and customers building on Google Cloud. By providing automated, externally validated cloud controls to demonstrate compliance with FedRAMP 20x Key Security Indicators (KSIs), Compliance Manager allows partners to spend fewer resources manually collecting evidence and is designed to reduce the time required to achieve FedRAMP authorization. Compliance Manager will natively support FedRAMP 20x compliance with general availability later this year.
During a recent proof of concept demonstration to the FedRAMP Program Management Office (PMO), Google showcased how Compliance Manager enables strategic Google Cloud partners such as stackArmor to submit applications for 20x Phase One authorization and beyond.
Google Cloud’s latest capabilities are an exciting step forward in accelerating the FedRAMP 20x cloud-native approach to security assessment and validation. We need true innovation from industry to realize this vision of automated security and Google Cloud is leading the way by building it natively into their platform. As Google goes to market in support of FedRAMP 20x, we can’t help but wonder who’s next?
Pete Waterman
Director, FedRAMP
Compliance Manager’s ability to automate KSI compliance is also being assessed by Coalfire, a FedRAMP recognized Third Party Assessment Organization (3PAO). Coalfire is providing independent validation that agencies can benefit from a much faster, more automated path to deploying secure Google Cloud solutions, directly accelerating their access to critical cloud technologies.
Google is dedicated to accelerating federal compliance through both the existing FedRAMP Rev5 authorization path and the pilot FedRAMP 20x process. Recent Rev5 High authorizations for Google Cloud services including Agent Assist, Looker (Google Cloud core), and Vertex AI Vector Search.
If you are spending more effort than expected on compliance and audits, you can get started with Compliance Manager and streamline compliance and audits for your organization. Want to learn more? Register for the Google Public Sector Summit on October 29, 2025, in Washington, D.C., where you will gain crucial insights and skills to navigate this new era of innovation and harness the latest cloud technologies.
Read More for the details.