in Artificial Intelligence, Cloud, Digital Modernization, News

RegScale CISO: FedRAMP 20x Speeds Cloud Authorization But Faces Cultural Adoption Hurdles

Photo: Dale Hoak/LinkedIn
Dale Hoak, CISO at RegScale. Hoak wrote an article explaining GSA's FedRAMP 20x
Dale Hoak CISO RegScale

The General Services Administration’s FedRAMP 20x is accelerating the process of securing the Federal Risk and Authorization Management Program certifications through automation and machine-readable evidence, but the initiative is facing a cultural challenge where organizations already have modern tools but continue to rely on manual processes, according to Dale Hoak, chief information security officer at RegScale.

In a blog post published on the Carahsoft website, the executive discussed what FedRAMP 20x is changing and what organizations can do to meet evolving requirements.

What Is FedRAMP 20x?

GSA introduced FedRAMP 20x in March 2025 to make FedRAMP authorization simpler, easier and cheaper. 

Stephen Ehikian, who was acting administrator of the agency at the time, said strengthening the government’s partnership with the commercial cloud industry will reduce waste and ensure that agencies have access to “the best available technologies” to modernize legacy federal IT.

FedRAMP 20x, Elkian added, “give agencies access to the latest technology now — not months or years down the road.”

Traditionally, FedRAMP authorizations take 18 to 24 months, but FedRAMP20x is already making progress. Hoak pointed out in his blog post that RegScale secured full authorization six months after the company started the audit process. 

How Can Organizations Adapt?

According to Hoak, automation requires “replacing ‘no hope’ environments, where compliance is viewed as endless documentation.” 

He added that organizations must break down silos between security and compliance teams, agencies, and third-party assessment organizations. The executive explained that all stakeholders must have access to real-time telemetry, not rely on outdated screenshots. 

Hoak also recommends the adoption of platforms that enable real-time logging, continuous control monitoring, automated vulnerability scanning, and application programming interface-based evidence collection.

RegScale’s Continuous Controls Monitoring platform streamlines governance, risk and compliance processes by providing self-updating paperwork, creating an audit-ready environment. The platform can be deployed on-cloud, on-premise or air-gapped networks, the company said.

ExecutiveBiz Logo

Sign Up Now! ExecutiveBiz provides you with Daily Updates and News Briefings about Artificial Intelligence

mm

Written by Elodie Collins

Photo: Sikov / Adobe Stock
Cybersecurity. Trellix said CISOs now favor hybrid infrastructure over cloud-only or on-premise setups.
Balancing Modernization and Threat: How 2025 Redefined Federal Cyber Strategy
Photo: U.S. Department of War
DOW. logo. The Department of War requires a multi-layered hybrid cloud platform to support modern defense readiness.
Hybrid Cloud as a Strategic Enabler of Defense Readiness