Press Release

Coalfire Issues First Annual FedRAMP Marketplace Report

May 3, 2017

First-of-its-kind Resource Identifies Areas of Growth for Cloud Service Providers Interested in Expanding Public Sector Presence

Westminster, CO – May 3, 2017 –Coalfire, a leader in cybersecurity risk management and compliance services, today announced the results of its first annual FedRAMP marketplace report titled, “Securing Your Cloud Solutions: Research and Analysis on Meeting FedRAMP / Government Standards.” The report examines data posted within the FedRAMP marketplace and reviews aggregated data from advisory and assessment projects, providing guidance on common pitfalls, successful strategies and typical resourcing and budgeting approaches for cloud service providers (CSPs).

The findings highlight where cloud service providers can improve to comply with framework standards in order to accelerate the adoption of secure cloud solutions within government agencies. The result will save significant time and resources, improve real-time security visibility and enhance transparency between the government and cloud service providers.

Key Facts in the Report:

  • Since 2014, average times to obtain authorization have decreased 65 percent for CSPs working with the Joint Authorization Board (JAB) and 59 percent for those working directly with an agency.
  • Despite beliefs that FedRAMP is too expensive and only for large companies, more than 40 percent of authorized CSPs have less than $100 million in revenue.
  • CSPs working with a third-party assessment organization (3PAO) for preparation and assessment typically spend $250,000 to $385,000.
  • There is a broad range of authorized solutions, but competitive depth among cloud service providers is shallow, providing opportunities for entry.
  • FedRAMP adoption of authorized cloud services in agencies has progressed, but more can be done:
    • 20 federal agencies have leveraged FedRAMP five or more times, and cabinet-level departments use an average of 16 solutions.
    • We estimate 60 percent of federal agencies, primarily small and medium-sized, do not yet participate with a FedRAMP authorized solution.
  • Many tech firms have focused on solutions at the expense of cybersecurity, and have been unprepared in areas like vulnerability scanning, where 70 percent of CSPs needed to improve.

“The cloud services market continues to grow while government CIOs face shrinking budgets, tighter security requirements and the need to modernize technology,” said Tom McAndrew, EVP Commercial Services at Coalfire. “FedRAMP has emerged as one of the most successful programs for driving security and cost savings across the government. Cloud Service Provider adoption continues to grow exponentially, and time to authorization is decreasing. However, there is still a lot that can be done to improve the adoption, visibility and transparency of secure cloud across the federal government. I cannot recall another government program that has been as impactful as FedRAMP in driving security into the government and commercial sectors.”

Coalfire is the largest provider of advisory, assessment and engineering services to cloud service providers, including documenting FedRAMP compliant solutions or as acting in a third-party assessment (3PAO) role to perform the required assessment.

About Coalfire

Coalfire is the trusted leader in cybersecurity risk management and compliance services. Coalfire integrates advisory and technical assessments and recommendations to the corporate directors, executives, boards, and IT organizations for global brands and organizations in the technology, cloud, healthcare, retail, payments, and financial industries. Coalfire’s approach addresses each businesses’ specific vulnerability challenges, developing a long-term strategy to prevent security breaches and data theft. Coalfire has offices throughout the United States and Europe. For more information, visit

Press Contact:
Samantha Doherty
Racepoint Global