C1Secure Launches SmartRAMP 20x for the FedRAMP 20x Model
C1Secure today announced SmartRAMP 20x, a ServiceNow-native application built for FedRAMP 20x, the federal government’s new model for certifying cloud services. As a ServiceNow Build Partner, C1Secure delivers SmartRAMP 20x on the ServiceNow AI Platform, giving cloud service providers a faster, lower-cost path to the FedRAMP Marketplace and giving agencies a live, evidence-based view of compliance for every service they authorize. SmartRAMP 20x is planned for publication on the ServiceNow Store.
FedRAMP 20x replaces the old certification model in fundamental ways. The prior program required a sponsoring agency, cost providers $250,000 to $1 million, and took 12 to 15 months to complete. Only about 500 cloud offerings are authorized today. FedRAMP 20x removes the sponsor requirement and replaces one-time, document-heavy review with continuous, automated proof against Key Security Indicators: plain-language security outcomes providers must demonstrate on an ongoing basis. SmartRAMP 20x was built around this new model from the start, mirroring FedRAMP’s 46 Key Security Indicators across 10 themes rather than mapping them to legacy control checklists.
Also Read: GitOps and Infrastructure as Code: Building Fully Automated Cloud Operations
For providers, SmartRAMP 20x turns certification into continuous operation. The platform validates supporting evidence on the cadence FedRAMP sets, automatically opens remediation issues in ServiceNow Integrated Risk Management when evidence falls short, and closes the loop when evidence passes again. For agencies, SmartRAMP 20x operates inside ServiceNow Continuous Authorization and Monitoring, so authorizing officials can evaluate and authorize certified services in the workflow they already trust, with the provider’s live compliance posture at hand. Requirements are delivered as a continuously updated catalog subscription, so customers stay current with every FedRAMP change without redeployment.
“FedRAMP 20x is a different model, not a tweak to the old one. Compliance is something you prove every day now, not something you document once a year,” said Tom Thomson, CEO of C1Secure. “We built SmartRAMP 20x so a provider can earn certification on the platform it already runs its business on, and so the agencies buying that service get current, dependable assurance instead of a stack of paperwork.”
The ServiceNow Partner Program rewards partners for their broad expertise and experience to drive opportunities, reach new markets, and deliver transformative outcomes for joint customers across the enterprise. As a Build partner, C1Secure develops and distributes applications on the ServiceNow AI Platform, including tailored configurations and seamless integrations to enhance platform capabilities.
“Because SmartRAMP 20x is built on ServiceNow, it connects to the systems an organization already uses to manage its assets, its identities (both human and machine), and its AI,” said JJ Contessa, COO of C1Secure. “A point solution can track FedRAMP requirements in isolation. It cannot tie them to the rest of your risk picture or plug into the authorization workflow an agency already runs. That connection is the difference between a compliance tool and a compliance program.”
Also Read: Infrastructure as Code Security: Why Policy as Code Is Becoming Essential
SmartRAMP 20x serves cloud service providers pursuing FedRAMP 20x certification, the agencies and assessment organizations that evaluate them, and the advisors who support the process. On the roadmap, C1Secure’s SmartControl Fabric will add AI-assisted continuous monitoring, drift detection, and executive reporting across every certified service.
Write to us [wasim.a@demandmediaagency.com] to learn more about our exclusive editorial packages and programmes.