Vanta Receives FedRAMP 20x Low Authorization

SAN FRANCISCO--(BUSINESS WIRE)--Vanta, the leading AI-powered trust management platform, today announced that it has received its FedRAMP 20x Low Authorization from the Federal Risk and Authorization Management Program (FedRAMP®) Program Management Office (PMO). With this announcement, Vanta joins the first cohort of four cloud service providers to successfully complete the FedRAMP 20x Phase One Pilot program and continues the company’s market leadership in bringing the power of trust management to government and commercial contractors.

The General Services Administration (GSA) announced the FedRAMP 20x Phase One Pilot in March 2025, with the goal of testing a new approach to FedRAMP Low authorization that uses Key Security Indicators (KSIs) and machine-readable validation to assess and validate the security capabilities expected of cloud services used by the federal government.

Since May 2025, Vanta has been an active participant in the 20x Phase One Pilot program, working closely with the FedRAMP PMO, internal audit partner Sunstone Secure and external audit partner Schellman, and the broader FedRAMP community across industry to develop new pathways to accelerate the efficiency and effectiveness of the FedRAMP process, all while continuously improving security.

“We are proud to participate in this historic modernization effort, demonstrating how automation and commercial innovation can bring greater efficiency to the government authorization process,” said Christina Cacioppo, CEO, Vanta. “Thank you to the FedRAMP team for leading the 20x initiative with energy and transparency, and for working with the entire community to promote public-private trust and collaboration.”

Vanta’s FedRAMP 20x Low Authorization underscores the company’s broader commitment to supporting the U.S. public sector mission, while enabling other businesses focused on delivering their capabilities to government agencies. Vanta is currently helping its customers demonstrate compliance with essential government frameworks, like the Department of Defense’s Cybersecurity Maturity Model Certification (CMMC) for members of the Defense Industrial Base, as well as NIST 800-53, NIST 800-171, NIST AI RMF, CJIS, and HIPAA, among others.

As part of Vanta’s recent Series D funding announcement, the company is expanding its collaboration and market leadership across the public and private sectors to streamline and accelerate the safe adoption of commercial technology in government, while simplifying how industry partners and customers can demonstrate and maintain compliance with government standards.

"It’s been an incredible experience for the Vanta team to work alongside the broader community in shaping the future of FedRAMP 20x over the past two months,” said Arpita Husain, Security Analyst, Vanta. “The FedRAMP PMO has been collaborative and agile throughout the process, making it possible to move quickly while building something meaningful together. Today is just the first milestone of many to come as we showcase the power of trust management for supporting the public sector mission.”

About Vanta

Vanta is the leading AI trust management platform that helps organizations of all sizes earn and prove trust. Over 12,000 companies including Atlassian, Duolingo, Icelandair, Ramp and Synthesia rely on Vanta to build, maintain and demonstrate their trust—all in a way that's real-time and transparent. Founded in 2018, Vanta has customers in 58 countries with offices in Dublin, London, New York, San Francisco and Sydney. For more information, visit www.vanta.com.