FedRAMP. AI. Player 3 Has Entered the Game.

In Medias Res: The Hot Seat

<The very near future.>

<An ambitious SaaS company who has heard the call of agentic AI and integrated it into their product. It’s real, it works, it’s the way of the future.>

Across the Webex link is the 3PAO team sent to pass judgment on your adherence with FedRAMP 20x. Like all auditors, they're diligent, professional, and particularly unnerving when they’re trying to be disarming.

It’s the first interview where you explain what the product does. In the spirit of transparency you mention it has AI capabilities.

The junior auditor casually asks:

Do you treat AI like a user, a program, or a service?

You give it a beat, then calmly reply:

Yes.

Act I : What is FedRAMP 20x and Why Should I Care?

<Sometime earlier>

You’d known about FedRAMP for years — the US Federal government’s compliance standard for SaaS providers. Established in the early ‘10s to provide a single, unifying approval to replace the disparate, per-agency gauntlets companies had to run.

Good upside, but the downsides were brutal: hundreds of overlapping controls requiring thousands of pages of documentation, yearly audits (quarterly if you wanted to introduce new features), and a backlog for initial approval that could take anywhere from months to years.

Hard to pencil out.

Then you heard about FedRAMP 20x.

It was easy to get lost in the flurry of news throughout 2025, but something had changed and distant members of your LinkedIn network were chatting it up. So, on a quiet afternoon, you sat down and did what’s become the standard for up-skilling on new topics.

<Opens LLM of choice>

     What is FedRAMP 20x and why should I care?

With its recorded memory about you, your work, and both your personal and professional goals, the LLM reaches out, finds the FedRAMP 20x homepage, pulls content, muses, and responds.

     It’s an in-process refactor of FedRAMP aiming to be fast, straightforward, & secure.

Interesting, but you can’t just take the robot’s word for it (you’ve been burned too many times before), so you open the website, find the requirements — now called Key Security Indicators — and begin reading…

Then you remember what year it is.

<Re-Opens LLM of choice>

      Pull the FedRAMP 20x KSI’s into a spreadsheet, add a column for every one that will apply to AI features and another column explaining why.

More musing. The spreadsheet comes back.

The first thing you notice is that the column for AI applicability has X’s on every row.

Ah, typical overreach. No matter how streamlined this 20x thing is, it’s still cybersecurity which has to cover technology, people and process.

Halfway down the screen is a heading for “Cybersecurity Education.”

Here we go, training requirements only apply to human…oh…wait.

A few minutes later you realize this is going to require some real, active cognition, and you grudgingly switch into strategy mode.

<Several hours later...>

You’re staring at the ceiling.

Your brain’s worked. Feels like the end of a circuit training class.

Compliance has always been a two-player game. On one side there’s the people with the product and on the other side there’s the auditors. Two households, both alike in dignity.

Technology, people, process.

Fast, straightforward, secure.

Pick three.

Three.

Out of nowhere a phrase pops into your head:

     Player 3 has entered the game.

Despite the exhaustion, you decide that maybe FedRAMP is a game you want to play after all.

Act II: The Meeting before the Meetings

     Are you out of your mind?

People are… skeptical. Totally understandable considering you just said compliance, security, government, new, and audit in the same sentence.

     Still in development…barely any takers…changing monthly…

You wonder where you’d retire to if you had a dollar for every time one of your ideas was met with perfectly reasonable criticism.

     …Impact to timeline…100x sure, but still…the competition…

Maybe the Philippines. Isn’t there a special visa program? You could eat pancit all day.

The conversations run out of steam. Eyes turn back.

Deep breath.

     You’re right, all of you. Totally fair points across the board. The idea’s only a few days old and I’m far from convinced. But here’s the thing…

Turn to Engineering.

      You folks have been working hard to build out something great. A decent chunk of that investment has been in security. You’ve made good choices - encryption, authentication, patching — it’s been a pain, but you’ve done the work, right?

Engineering confirms. You turn to Security.

     You run the tools, stand watch 24x7. You’ve given the 20x requirements a once-over — they hardly take more than that. It’s a handful of plain english sentences — literally things like “Persistently review and audit logs.” I know we’re doing that.

Security doesn’t say anything.

     It’s a weird time right now. Future-shock weird. AI agents have their own Reddit weird.

     But when I look around I see that some of the sharpest brains I know have set aside their criticisms and are acknowledging, sometimes grudgingly, sometimes with increasing excitement that we’ve passed an inflection point.

     These are not the kind of people who get carried away on bandwagons — they never met a hype-train they couldn’t miss.

     And yeah, there’s a ton of energy and manic excitement. But for all the people out there chasing the ball, I can’t shake the feeling that the game has changed…and I don’t know what it’s changing to, but I’m convinced that it’s not changing back.

     When I look at this 20x thing I see the risks, and I can’t tell you for certain that there’s going to be rewards. But if this is what it says it is, and we are where some very thoughtful people think we are, and if the only thing we get out of this is reasonable security, continuously proven at a time when the pace of everything — good, bad, and ugly — is picking up…I think it’s worth considering.

     I know there’s going to be work, the requirements and the ecosystem’s going to be a moving target, and we’ll have to figure out what to build, but if we’re already doing this right…

The pause goes a touch longer than you’d like before Engineering finishes the sentence.

     …we’ll barely have to lift a finger.

People are looking thoughtful.

Come to think of it, there’s a new Filipino place around the corner.

Exhale.

      Seems like we’ve got some alignment. I propose for our next step we do a montage.

---

Messages are tapped, emails are sent.

Discussions are had — online and over water coolers.

Whiteboards are cleared then progressively filled with diagrams.

Calendar invites arrive and are rescheduled. Eventually committees are formed.

Vendors are interviewed, their references are checked, there’s several handshakes.

Engineering grabs a whiteboard marker out the hands of Security and draws a comically large circle around something. Security laughs.

It’s all coming together, there’s a fair number of moving pieces, but will it work?

Act III: Back to the Future

The junior auditor casually asks (again):

     Do you treat AI like a user, a program, or a service?

You give it a beat, then calmly reply:

     Yes.

Even with their videos turned off you can feel the lead auditor smile and the team relax while everyone on the call thinks to themselves: Okay — these are people we can work with.

Because that’s not just the right answer.

From here on out it’s the only answer.

Agent authentication and authorization is addressed with the same terms used for humans because the underlying mechanisms are the same — usernames, secrets, just-in-time approvals, recorded sessions, groups and permissions.

Where they differ there’s a fall back to machine-to-machine primitives and best practices for API access, keys, endpoints, change management, and audit logs.

There’s an acknowledgement that you aren’t responsible for your agents’ creation any more than you are for the databases, libraries, programming languages and operating systems in your tech stack. The risk is being managed as a critical-path in your software supply chains.

You seek to avoid backdoors and enhance accuracy by sourcing from reputable vendors, and guard human-accessible back-end levers with the same security you use for everything else.

But none of that takes place on the call. There are no screenshots, no spreadsheets, no more hot seat.

It all happens in the blink of an eye — continuously — through a combination of deterministic, realtime, periodic, and event-driven checks that you show off with the pride of a classic car enthusiast popping the hood on a beloved roadster while the engine is revved and purring like a mixed metaphor.

Or at least you would, but you’re not in the room for any of it, you’re not even in the building.

Nobody is. That’s the whole point.

Technology, people, process.

Fast, straightforward, secure.

Exit: Pursued by Lunch

No doubt about it, the pancit at this place is really good.

You’re reminded of an old mentor who said we can’t predict the future, but we can be reasonably certain it’s going to look a lot like (gestures at the immediate surroundings) only more (gestures to the horizon more energetically).

That’s been right…so far.

Things change, because that’s what things do.

People will fret about worst case scenarios while others are irrationally exuberant, because that’s what people do.

The truth will lie somewhere in the middle…and on the extremes…and on many of the points in-between because that’s the surface area touched by this new technology.

Your phone buzzes, assessment complete.

Time to get back to work.

About the author

George Chamales recently wrapped up architecting and delivering Cisco Security Cloud for Government, the company’s large-scale, multi-product FedRAMP offering.

Related articles

→ Streamlining FedRAMP Compliance
→ 2026 Research: The Top AI Infrastructure Risks and Identity Gaps
→ How AI Agents Impact SOC 2 Trust Services Criteria