Agenda

As expectations for government services continue to evolve, agencies are embracing artificial intelligence and automation to deliver faster, more personalized, and more accessible experiences. This keynote will explore how public-sector leaders are moving from CX strategy to execution, leveraging AI and emerging technologies to modernize service delivery, improve outcomes, and strengthen public trust.

What tech advances have been made in the last 18 months. What types of companies does the government need? How can we incentivize the best companies to look at the federal government earlier?

FedRAMP is more than an authorization process—it is a trust framework that enables agencies to confidently adopt shared cloud services. This panel brings together agency leaders to discuss how FedRAMP supports mission outcomes, reduces duplicative assessments, and enables faster procurement while maintaining strong security postures.

Industry representatives will discuss their views of FedRAMP's modernization strategy.

As federal agencies navigate increasingly complex security and compliance requirements, traditional Governance, Risk, and Compliance (GRC) approaches are struggling to keep pace. Disconnected tools, manual processes, and static documentation are no longer sufficient in an era defined by continuous monitoring, automation, and machine-readable evidence. This session explores what a modernized GRC environment could—and should—look like for federal agencies. Panelists will examine the concept of a “single pane of glass” for security, where real-time visibility, integrated data, and automated workflows converge to provide a unified view of risk and compliance posture across systems and environments. The conversation will also address the growing imperative for machine readability within frameworks like FedRAMP 20x, and how agencies can evolve their internal capabilities to ingest, validate, and act on continuous data streams rather than point-in-time assessments.

Achieving a FedRAMP Authorization to Operate (ATO) is a major milestone—but it’s only the beginning of a successful public sector journey. This session explores how cloud service providers and ISVs can effectively leverage their FedRAMP authorization to drive adoption across multiple agencies, turning initial authorization into sustained growth. Panelists will share practical insights into “land and expand” strategies used by leading vendors, including how to position reuse packages, navigate agency-specific procurement processes, and build credibility with mission owners and acquisition teams. The discussion will also highlight what federal buyers expect to see in a strong reuse package—from clear security documentation to evidence of operational maturity and customer success.

As FedRAMP 20x continues to reshape the authorization landscape, organizations are seeking clarity on what the future state truly looks like—and how to get there. This session moves beyond high-level vision to examine the FedRAMP roadmap in practice, providing a grounded view of where the program stands today, what changes are actively underway, and how both agencies and cloud service providers can align to emerging expectations. Panelists will unpack the current state of FedRAMP 20x initiatives, including the shift toward automation, continuous validation, and Key Security Indicators (KSIs) as a mechanism for demonstrating security posture. The discussion will address one of the most pressing questions facing the ecosystem: how KSIs can be trusted as a reliable, secure, and scalable alternative to traditional control-based assessments.

Achieving a FedRAMP Authorization is only the beginning—maintaining compliance in a dynamic, cloud-native environment is where the real challenge begins. As agencies and cloud providers shift toward continuous monitoring and real-time validation, the question becomes: how do you sustain compliance without introducing friction that slows innovation and delivery? This session explores how leading cloud service providers and federal agencies are evolving their approach to post-authorization compliance—moving from periodic reporting to integrated, continuous monitoring practices embedded directly into DevSecOps workflows. Panelists will examine how responsibilities are shared between CSPs and government stakeholders, and how both sides can work together to maintain a strong security posture without duplicating effort or creating bottlenecks. The discussion will also highlight lessons learned from agencies successfully implementing continuous monitoring at scale—demonstrating how automation, telemetry, and standardized data can reduce manual burden while improving visibility and trust.

For many ISVs, achieving initial adoption through pilot programs is only the first step—scaling into long-term production contracts across government agencies requires a deep understanding of federal procurement pathways. This session demystifies how agencies actually buy, and how providers can effectively navigate the transition from early-stage deployments to enterprise-wide adoption. Panelists will break down the fundamentals of government cloud procurement, including the role of contract vehicles such as GSA Multiple Award Schedule (MAS), Governmentwide Acquisition Contracts (GWACs), and other IDIQ mechanisms that streamline purchasing and enable agencies to quickly acquire vetted solutions. The discussion will also explore how FedRAMP authorization fits into the contracting lifecycle—serving as a prerequisite for trust and enabling agencies to reuse validated security packages rather than duplicating effort.

As demand for secure, cloud-based solutions continues to grow across the federal landscape, a central question emerges: how do we scale the FedRAMP marketplace to meet it? With ambitious goals to dramatically expand the number of authorized products, success will depend on deeper collaboration between government and industry to streamline pathways to authorization and accelerate adoption.

This session explores what it will take to move from today’s state to a future where thousands of secure solutions are readily available to agencies. Panelists will examine how FedRAMP 20x initiatives—including automation, reuse, and machine-readable validation—can reduce friction in the authorization process while maintaining trust in security outcomes. The discussion will also focus on the shared responsibilities required to scale: how agencies can modernize procurement and embrace reuse, and how industry can deliver standardized, high-quality security evidence that supports faster evaluation and broader adoption.