Press Release

Open-Source Compliance Deployment Accelerates Federal Market Access for Government Cloud Contractors

October 4, 2023

Open-source compliance deployment accelerates federal market access for government cloud contractors

GREENWOOD VILLAGE, CO – October 4, 2023 – Coalfire, an industry-leading FedRAMP (Federal Risk and Authorization Management Program) advisory and assessment organization, today granted the open-source community free access to its source code, architecture, and documentation. By reducing barriers to entry to the dominant security framework for federal contractors, Coalfire’s RAMP/pak open-source package creates new opportunities for thousands of cloud service providers who previously couldn’t afford to enter or expand into government markets.

“Coalfire’s open-source FedRAMP offering is a major breakthrough supporting the federal government’s cloud-first/security-first compliance mandate,” said Nathan Demuth, vice president of cloud services at Coalfire. “Inclusive access, lower costs, and reduced time-to-market mean more cloud and software contractors can qualify to serve government clients, which brings more democratization and security to America’s public infrastructure and supply chains.”

In addition to the RAMP/pak open-source package, Coalfire made updates to its entire FedRAMP advisory suite, which includes engineering and advisory support powered by one of the industry’s most experienced FedRAMP team and a suite of professional services keyed to Amazon Web Services (AWS), Google Cloud Platform (GCP), and Microsoft Azure environments:

  • RAMP/pak+: Free, open-source materials paired with professional services, providing a clear go-to-market strategy and roadmap to kickstart the FedRAMP journey.
  • FastRAMP/app: Full-service approach, combining advisory, engineering, and operations services, ensuring cloud service providers a seamless path to authorization.
  • FastRAMP/enterprise: Comprehensive advisory, engineering, and operations services tailored to help large enterprises easily scale their FedRAMP program.

The recent FedRAMP Rev. 5 update and passing of the FedRAMP Authorization Act affirm the public sector’s commitment to universal compliance standards. By releasing its FedRAMP modules to open source, Coalfire is creating new dynamics in community dialogue and making a strong market share expansion case for CSPs looking for new opportunities and larger contracts.

Gaining FedRAMP ATO has historically required intensive staff resources, with costs into the millions and taking years to achieve. “Access is the great equalizer,” said Demuth. “With RAMP/pak, we’re making our FedRAMP deliverables more collaborative and open to everyone. From DIY to programmatic environments, we’re giving companies of all sizes the chance to get to market faster, with increased return on security investment.”

With the Biden-Harris Administration’s far-reaching National Cybersecurity Strategy announced in March, selling secure software and cloud services into government markets is the next frontier in corporate growth planning. “The federal bureaucracy’s cloud migration and move to more technical standardization are keys to achieving public sector security,” said Coalfire CEO Tom McAndrew. “This drives compliance maturity and cyber best practices into local, state, and national governments, and throughout the entire economy.”

“Coalfire’s innovative approach, leveraging open-source and advisory services, provides a cost-efficient alternative to traditional FedRAMP implementations,” said Doug Hudson, vice president of Public Sector and Strategic Alliances at Orca Security. “This methodology benefits federal agencies, their supply chains, and prospective contractors by reducing complexities and expenses that previously slowed development, innovation, and service delivery to the modernizing government marketplace.”

About Coalfire

The world’s leading organizations – including the top five cloud service providers and leaders in financial services, healthcare, and retail – trust Coalfire to elevate their cyber programs and secure the future of their business. Number one in compliance, FedRAMP®, and cloud penetration testing, Coalfire is the world’s largest firm dedicated to cybersecurity services, providing unparalleled technology-enabled professional and managed services. To learn more, visit


For media inquiries:
Mike Gallo
(212) 239-8594