Vanta Receives FedRAMP 20x Moderate Authorization

SAN FRANCISCO--(BUSINESS WIRE)--Vanta, the leading Agentic Trust Platform, today announced that its Vanta Government Cloud offering has received its FedRAMP 20x Moderate Authorization from the Federal Risk and Authorization Management Program (FedRAMP®) Program Management Office (PMO).

The FedRAMP 20x pilot program is grounded in public-private partnership to bring greater efficiency and effectiveness to the FedRAMP authorization process, while improving cybersecurity outcomes. By using automation, machine-readable validation, and Key Security Indicators (KSIs), FedRAMP 20x is able to streamline compliance, compress evaluation timelines, and lower the costs of FedRAMP authorization, all while preserving security standards. Continuous control monitoring sits at the heart of this approach, shifting FedRAMP from periodic point-in-time assessments to an always-on model that surfaces risks as they emerge and keeps authorized systems verifiably secure over time.

While Vanta’s commercial cloud offering achieved its FedRAMP 20x Low Authorization through Phase One of the pilot program in July 2025, Vanta’s Government Cloud offering is among the second cohort of cloud service providers (CSPs) to successfully complete Phase Two of the FedRAMP 20x pilot program, with both independent assessments conducted by Schellman.

In addition to achieving its own FedRAMP 20x authorizations, Vanta’s GRC platform is also being leveraged by other CSPs in support of their own FedRAMP 20x pilot process. By receiving its own 20x authorization, as well as helping other CSPs achieve theirs, Vanta is demonstrating its commitment to the public sector compliance and solidifying its position as a key industry partner in federal cybersecurity modernization initiatives.

“Vanta is incredibly proud to be an early adopter of the FedRAMP 20x program, both as a pilot participant and in support of others seeking FedRAMP authorization through the 20x pathway,” said Morgan Kaplan, Head of Public Sector, Vanta. “We greatly appreciate the FedRAMP team’s leadership and partnership with industry in this historic modernization initiative. By leveraging the benefits of automation, the FedRAMP 20x program is able to shrink the costs and timeline of authorization, while improving continuous control monitoring and transparency. This is ultimately a win-win for government and industry – federal agencies gain greater access to the commercial cloud services they need to deliver on their missions, while industry gains a more viable pathway to do business with the federal government.”

Vanta Government Cloud is an AI-enabled GRC platform that helps organizations achieve, maintain, and continuously demonstrate security and compliance through automation, real-time visibility, and intelligent workflows. By automating evidence collection, continuously monitoring control effectiveness, and integrating with existing systems, Vanta replaces fragmented, manual compliance processes with a centralized and scalable operating model. The result is measurable operational efficiency—reducing administrative burden, streamlining compliance, and accelerating assessments—while proactively identifying and mitigating risk before it escalates into operational disruption or mission impact.

In addition to supporting third-party risk management, security questionnaire automation, trust centers, asset and vulnerability visibility, and access reviews, Vanta’s core GRC offering helps organizations demonstrate compliance with essential government frameworks including the Department of Defense’s Cybersecurity Maturity Model Certification (CMMC), FedRAMP Rev 5 and 20x, NIST 800-53, NIST 800-171, NIST AI RMF, CJIS, and HIPAA, among others.

“FedRAMP 20x fundamentally changes how modern technology companies approach government compliance. With Vanta, we were able to automate and unify our entire compliance stack - connecting our systems, controls, and evidence into a real-time, FedRAMP-aligned trust center,” said William Yeack, CISO, Entratus. “As an AI technology company, that level of automation and integration was critical to maintaining both speed and rigor, allowing Entratus to meet government-grade requirements without slowing innovation or increasing operational overhead."

Today’s announcement adds to Vanta’s growing investment in the public sector. For example, the company’s partnership with Carahsoft Technology Corp., a trusted government IT solutions provider, makes it easier for public sector organizations to adopt Vanta’s trust management capabilities through established procurement channels.

Following Vanta’s $150M Series D funding round, the company is accelerating its investment in public sector capabilities, expanding collaboration across government and industry to streamline the efficient and effective adoption of commercial technology and simplify how organizations demonstrate and maintain compliance with government security standards.

About Vanta

Vanta is the leading Agentic Trust Platform that helps over 15,000 businesses earn and prove trust. Companies including Atlassian, Duolingo, Golden State Warriors, Icelandair, Ramp and Synthesia rely on Vanta to earn and prove trust continuously.