FedRAMP 20x Assessment App

Table of Contents

What It Is
#

Built this for my client InfusionPoints to conduct FedRAMP 20x Low pilot assessments. Used by Fortreum (3PAO) to validate their Command Center platform.

The assessment results are public:

InfusionPoints/fedramp20x-low-pilot-final

InfusionPoints FedRAMP 20x Low Pilot Final Submission

HTML

Features
#

Digital Signature Verification - Upload JSON/Excel files with their .sig files to verify authenticity and integrity via PGP
Assessment Workflow - Structured process for 3PAO attestation
KSI Validation - Key Security Indicator checks per FedRAMP 20x requirements
Machine-Readable Output - JSON reports with cryptographic signatures

The Pilot
#

InfusionPoints submitted their Command Center on XBU40 (cloud-native GRC platform hosted in AWS GovCloud) for the FedRAMP 20x Low pilot. Fortreum served as the independent 3PAO.

Timeline:

Original submission: June 18, 2025
Updated submission: July 3, 2025 (added 5 additional KSI checks based on PMO feedback)

Related
#

FedRAMP 20x CWG Pilot Demos - Video walkthrough
GitOps Demo - GitOps approach to FedRAMP 20x

Goog-Sec

6 May 2025·Updated: 11 December 2025·1 min

Security Tools Documentation Google GCP Workspace Chrome Security NIST FedRAMP

Security docs for Google products with NIST/FedRAMP control mappings.

GCP FedRAMP Quickstart

26 March 2025·Updated: 11 December 2025·1 min

Compliance Tools Cloud Security FedRAMP GCP Terraform GKE IaC Kubernetes

Terraform modules for FedRAMP Moderate workloads on GCP.

⚡ Prowler

1 January 2024·Updated: 25 November 2025·2 mins

Security Tools Open Source AWS Azure GCP Kubernetes M365 Multi-Cloud FedRAMP NIST PCI-DSS GDPR HIPAA SOC2 Python Open-Source

Open-source cloud security platform for AWS, Azure, GCP, Kubernetes, and M365 - performs security assessments, compliance audits, and continuous monitoring with 900+ built-in checks across 38+ frameworks

What It Is#

Features#

The Pilot#

Related#

Related

What It Is
#

Features
#

The Pilot
#

Related
#