Artificial intelligence cloud services now will go to the front of the security certification line. The cloud security program known as FedRAMP will begin prioritizing certain AI cloud services for approval based on five criteria.
The new focus comes at the behest of the Federal Chief Information Officers Council, which wrote an August 12 letter asking FedRAMP to focus on cloud services that provide access to conversational AI engines designed for routine and repeated use by federal workers.
With that in mind, one of the new criteria is for AI tools where there is demand from at least five CFO Act agencies or are specifically recommended by the CIO Council.
“This is a transformative moment for federal cloud security and AI integration,” said Thomas Shedd, the director of the Technology Transformation Services and deputy commissioner of the Federal Acquisition Service in the General Services Administration, in a statement. “The emphasis on AI adoption within government meets agencies where they are by providing them with access to authorized emerging technologies that have been vetted using FedRAMP’s security standards. The strategic directive to rapidly deploy secure AI solutions across government is essential to moving agencies forward quickly and effectively. Our team is committed to this bold vision and will work diligently to ensure its success.”
The other criteria include:
- Offering enterprise-grade features including single-sign on, system for cross-domain identity management (SCIM) provisioning, role-based access control and real-time analytics
- Guaranteeing data separation and protection; any model information from training on customer data will not leave the customer environment without customer authorization
- Being available for government use via the GSA Multiple Award Schedule program
- Meeting the requirements for a FedRAMP 20x authorization within two months of acceptance for prioritization
“GSA is taking swift action to prioritize the acceleration of AI adoption across government and deliver on President Trump’s AI Action Plan,” said Federal Acquisition Service Commissioner Josh Gruenbaum in a release. “Prioritizing FedRAMP reviews for AI solutions is a critical step in getting trusted AI tools deployed across government and in use to streamline operations and improve workflows.”
The decision by the FedRAMP board, on behalf of the CIO Council, comes after GSA awarded schedule contracts to three commercial AI providers for between $0.47 and $1 in the last few weeks.
Of the three AI tools — Google’s Gemini, Open AI’s ChatGPT and Anthropic’s Claude — only Gemini has earned a FedRAMP authorization through the company’s workstation offering. Agencies can access Claude for Government through Palantir, according to the FedRAMP marketplace listing. It’s unclear, however, whether the $1 deal with Anthropic includes access through Palantir.
Second attempt to prioritize AI tools
The FedRAMP program office said there are no AI cloud services that currently meet all five criteria.
“What we care about is information and information flows. Whether that information flows to an application programming interface (API) wrapped around a large language model or if it flows to an API wrapped around a PDF management service or a logging service, or anything like that. It’s all treated exactly the same by FedRAMP,” said Peter Waterman, the director of FedRAMP, at the 930Gov conference in late July. “It’s actually kind of cool, in a way, that the process, the whole concept of all the laws, rules, etc., around federal information, just automatically apply and provide perfect ground rules for AI. I found it really fascinating that people tend to want to talk about AI like some magical new thing when it’s really not, like the way that we send information into AI is exactly the same as the way we send information into any other service. So it needs to be managed in the same way.”
This isn’t the first time FedRAMP has prioritized AI tools. In June 2024, the program launched a priority approval process for GenAI tools, specifically used for chat interfaces and code generation, and debugging tools that use large language models (LLMs), and prompt-based image generation as well as associated application programming interfaces (APIs) that provide these functions.
At that time, FedRAMP planned to use its emerging technology prioritization framework to help manage the effort. The program management office cancelled the program in January as required by President Donald Trump’s decision to rescind the executive order that established it.
Copyright
© 2025 Federal News Network. All rights reserved. This website is not intended for users located within the European Economic Area.
