GovRAMP Changelog

Tracking progress across the GovRAMP ecosystem.

Explore ongoing updates to our security program, adoption guidance, and membership as GovRAMP continues to evolve in support of secure cloud adoption.

• 2026: Quarter 2

  April

  • 2026‑04‑7: Launched a 3PAO Discount Program for progressing Security Snapshot graduates and Core Verified Service Providers to support cost-effective advancement through the GovRAMP authorization process. Participating 3PAOs: A-LIGN, Prescient Security, Coalfire, Fortreum, RISCPoint

    • See Press Release: GovRAMP Launches 3PAO Discount Program for Progressing Security Snapshot Graduates and Core Verified Service Providers
      
      

  • 2026‑04‑16: Released a Policy Path Forward to advance cybersecurity framework harmonization, including key findings from the 2026 GovRAMP Symposium and a supporting policy white paper outlining recommendations for alignment across frameworks.

    • Policy White Paper (See Document: Path Forward for Framework Harmonization)

    • Symposium Findings (See Document: 2026 GovRAMP Symposium on Framework Harmonization — Findings & Discussion Record)

    • (See Press Release: GovRAMP Releases Policy Path Forward to Advance Cybersecurity Framework Harmonization)
      
      

  • 2026‑04‑17: Published a new Federal Overlay applicable to Low, Moderate, and High Impact Levels to demonstrate enhanced GovRAMP Authorized verification aligned with common federal security requirements.

    • Federal Overlay (See Template: GovRAMP Federal Overlay – Low, Moderate, High)
      
      

  • 2026-04-22: Highlighted how states across the country are leveraging GovRAMP to strengthen cybersecurity and vendor risk management through shared implementation examples and use cases.

    • (See Blog: States Across the Country Highlight Use of GovRAMP to Strengthen Cybersecurity and Vendor Risk Management)
      
      

  May

  • 2026-05-05: Expanded the 3PAO Discount Program with additional assessment firms to increase provider access to discounted assessment services and accelerate authorization timelines. Newly Participating 3PAOs: 360 Advanced, Data Lock Consulting Group, Lunarline, Schellman, Securisea

    • (See Press Release: GovRAMP Expands 3PAO Discount Program with Additional Assessment Firms)

• 2026: Quarter 1

  March

  • 2026‑03‑18: Published updated templates to support Low and Moderate Impact authorizations, including revisions to assessment and authorization documentation.

    • 3PAO Package for Low Impact (See Template Update: 3PAO Package for Low Impact – Rev 5)

    • Service Provider Package for Low Impact (See Template Update: Service Provider Package for Low Impact – Rev 5)

    • 3PAO Package for Moderate Impact (See Template Update: 3PAO Package for Moderate Impact – Rev 5)

    • 3PAO Package for Moderate Impact with CJIS Overlay (See Template Update: 3PAO Package for Moderate Impact with CJIS Overlay – Rev 5)

    • Service Provider Package for Moderate Impact (See Template Update: Service Provider Package for Moderate Impact – Rev 5)

    • Service Provider Package for Moderate Impact with CJIS Overlay (See Template Update: Service Provider Package for Moderate Impact with CJIS Overlay – Rev 5)
      
      

  • 2026‑03‑18: Published new High Impact authorization templates to support expanded GovRAMP assessment and authorization activities.

    • 3PAO Package for High Impact (See New Template: 3PAO Package for High Impact – Rev 5)

    • Service Provider Package for High Impact (See New Template: Service Provider Package for High Impact – Rev 5)
      
      

  • 2026‑03‑18: Published a new GovRAMP Continuous Monitoring Matrix Template Completion Guide to support consistent and accurate completion of continuous monitoring requirements across the GovRAMP program.