ReqoData
Compliance 2026Updated

List of FedRAMP Authorized Cloud Service Providers

Comprehensive directory of cloud service offerings with FedRAMP authorization, including impact level, sponsoring agency, and service model. Built for government IT procurement teams evaluating compliant cloud vendors for federal workloads.

Available Data Fields

Provider Name
Product/Service Name
Authorization Level
Service Model
Sponsoring Agency
Authorization Date
Category
Deployment Model
Website
Impact Level

Data Preview

* Full data requires registration
ProviderProductAuthorization LevelService Model
Amazon Web ServicesAWS GovCloud (US)HighIaaS/PaaS
Microsoft CorporationAzure GovernmentHighIaaS/PaaS
Google LLCGoogle Cloud PlatformHighIaaS/PaaS
Salesforce, Inc.Government Cloud PlusHighSaaS
ServiceNow, Inc.GovCommunityCloudHighSaaS

400+ records available for download.

* Continue from free preview

FedRAMP Authorized Cloud Services: What Government Buyers Need to Know

The Federal Risk and Authorization Management Program (FedRAMP) provides a standardized approach to security assessment, authorization, and continuous monitoring of cloud products and services used by federal agencies. As of 2025, there are over 450 FedRAMP Authorized cloud service offerings listed on the official FedRAMP Marketplace.

Authorization Impact Levels

FedRAMP authorizations are categorized by FIPS 199 impact levels, which determine the rigor of the security assessment:

High
For systems where loss of confidentiality, integrity, or availability could have severe or catastrophic effects. Required for law enforcement, emergency services, financial, and health data. Covers 421 security controls.
Moderate
The most common authorization level. Appropriate when loss could have serious adverse effects. Covers 325 security controls. The majority of FedRAMP authorizations are at this level.
Low
For systems where loss would have limited adverse effects. Covers 125 security controls. Suitable for publicly available data with minimal sensitivity.

Authorization Paths

Cloud service providers can pursue FedRAMP authorization through two primary paths:

PathSponsorBest For
Agency AuthorizationIndividual federal agencyCSPs with an existing agency customer willing to sponsor
JAB P-ATOJoint Authorization BoardCSPs seeking broad government adoption (now transitioning under FedRAMP 20x)

FedRAMP 20x: The New Framework

Launched in 2025, FedRAMP 20x represents a significant modernization of the authorization process. It introduces automated validation, reduces reliance on lengthy documentation, and aims to cut authorization timelines from 12+ months to weeks. The program emphasizes continuous monitoring over point-in-time assessments, making the marketplace more dynamic than ever.

Market Landscape

The FedRAMP marketplace spans IaaS, PaaS, and SaaS across virtually every enterprise software category — from core infrastructure (AWS GovCloud, Azure Government) to collaboration (Zoom for Government, Microsoft 365 GCC High), security (Palo Alto Networks, CrowdStrike), and business applications (Salesforce Government Cloud, ServiceNow GCC). The growing demand for cloud-first federal IT, driven by OMB mandates and agency modernization initiatives, continues to expand the pool of authorized offerings.

Frequently Asked Questions

Q.How current is this FedRAMP provider data?

When you request data, our AI crawls the FedRAMP Marketplace and public sources in real time to compile the latest authorization information. This ensures you get current authorization statuses rather than a static snapshot.

Q.Does this include providers that have lost their authorization?

By default, the dataset includes only currently authorized providers. You can specify in your request if you want historical data including revoked or expired authorizations.

Q.Can I filter by specific agency sponsorship?

Yes. You can request data filtered by sponsoring agency — for example, only providers authorized through the Department of Defense or a specific civilian agency.

Q.How is authorization level (High/Moderate/Low) determined in your data?

Authorization levels are pulled directly from publicly available FedRAMP Marketplace listings and official authorization documentation. We do not independently assess or assign impact levels.

Q.Can I get the 3PAO assessment organization for each provider?

Yes. The Third Party Assessment Organization (3PAO) that conducted the security assessment is available as a data field and can be included in your export.