Indianapolis, IN — April 7, 2026 — GovRAMP today announced a new initiative in collaboration with accredited third-party assessment organizations (3PAOs) designed to reduce the cost of independent security assessments for cloud and technology service providers. Participating 3PAOs will offer assessment discounts of up to 30% for service providers that have participated in the GovRAMP Progressing Security Snapshot program or achieved GovRAMP Core verification.
This initiative builds GovRAMP’s preparation and on-ramp programs, which are designed to help service providers strengthen their security posture through measurable, evidence-based approaches.
A study released earlier this year found that participation in the Progressing Security Snapshot program accelerates security maturity and increases government confidence. Early findings indicate that service providers completing GovRAMP programs enter formal assessments better prepared, enabling more efficient assessment activities.
Participating 3PAOs:
“The cost of independent assessments has long been a concern for service providers and government partners alike,” said Leah McGrath, executive director of GovRAMP. “This voluntary commitment from participating 3PAOs reflects what’s possible when education, collaboration and shared responsibility are prioritized.”
As governments increasingly rely on GovRAMP to evaluate the security of cloud services, accessibility and predictability remain important considerations—particularly for small and midsize technology service providers seeking to work in the public sector.
By offering reduced assessment rates to providers that have demonstrated preparedness through GovRAMP’s Security Snapshot or Core programs, participating 3PAOs are reinforcing GovRAMP’s mission to strengthen public‑sector cybersecurity by recognizing early security investment and supporting more predictable assessment outcomes.
“This initiative reflects the GovRAMP ecosystem working as intended,” McGrath added. “When early security investment is recognized, it becomes easier for secure solutions to reach the public sector and support the communities governments serve.”
About GovRAMP
GovRAMP is a nonprofit membership organization dedicated to advancing consistent, trusted cybersecurity practices across state, local, tribal, and educational government. Guided by its mission to make cybersecurity easier to understand, implement, and maintain, GovRAMP provides a standardized framework, independent validation, and community-driven education that help governments adopt secure cloud solutions with confidence while enabling service providers to demonstrate trusted security through clear, evidence-based practices. By bringing together public and private sector partners, GovRAMP supports policy collaboration, strengthens shared assurance, and helps build a more resilient cybersecurity ecosystem that protects government services, data, and the communities they serve. Learn more at GovRAMP.org.
Participating 3PAO Quotes
A-LIGN: “Service providers that come to us after completing GovRAMP Progressing Security Snapshot or Core are noticeably more prepared,” said Petar Besalev, EVP of cybersecurity and compliance services at A-LIGN. “That preparation reduces the overall time and effort required for an assessment and allows us to work more efficiently.”
Prescient Security: “Prescient Security strongly supports GovRAMP’s phased authorization paths because we have seen firsthand that providers are more successful when complex security requirements are implemented through an iterative, structured approach,” said Matthew S. Graham, vice president of U.S. federal practice at Prescient Security. “That approach often improves assessment efficiency by enabling appropriate reuse of validated prior results, reducing reassessment effort, and limiting false starts or critical findings that can delay progress.”
Coalfire: “As assessors, Coalfire consistently sees that service providers that complete GovRAMP Core and Progressing Security Snapshot experience fewer false starts and more efficient assessments because they arrive better prepared and able to avoid the hurdles that typically slow the process,” said Adam Shnider, EVP of assessment services at Coalfire.
Fortreum: “We can tell within the first day of an assessment whether a provider has done the preparation work,” said Gary Guercio, VP of operations at Fortreum. “Providers coming through GovRAMP’s Security Snapshot and Core programs consistently show up ready — with documentation in order, controls implemented and a clear understanding of what’s expected. That readiness is what makes this discount program the right call.”
RISCPoint: “Early investment in security maturity should be recognized, not ignored, and this initiative does exactly that,” said Tony Bai, chief solutions officer at RISCPoint. “Providers who have gone through GovRAMP’s Security Snapshot or Core programs arrive at the formal assessment stage with a fundamentally different level of preparedness. The evidence tends to be more mature, with tighter narratives, resulting in a faster process overall. A discount that reflects that preparation is a natural extension of the value these programs create.”