FedRAMP Certified Capability Adoption Trends, FY 2019-2021

Key Takeaways

• Federal spending on SaaS continues to dominate all service delivery types.
• The number of FedRAMP approved solutions contracted for is rising by roughly 300 procurements per year.
• FedRAMP Moderate remains the most procured type of solution.

To say that the General Service Administration’s Federal Risk and Authorization Management Program (FedRAMP) has become an important part of the federal government’s cloud services adoption would be an understatement. FedRAMP has become absolutely critical to the adoption of cloud technology on the federal level and vitally necessary for any vendor seeking to sell into that market.

One reason FedRAMP certification has become so important is the shift that has taken place in federal cloud spending toward Software-as-a-Service (SaaS) based solutions. The latest data we have shows, for example, that already by Fiscal Year 2018, agency spending on SaaS had begun to overtake spending on the other two primary service delivery types – Infrastructure and Platform-as-a-Service.

By FY 2019, federal spending on SaaS had accelerated well past IaaS and never looked back; and as agencies adopt a wider variety of SaaS solutions the demand for FedRAMP approved capabilities continued to grow.

FedRAMP Solutions Contracted, FY 2019-2021

Accordingly, when looking at the data below, we see that the trend in contracting for FedRAMP approved solutions tracked in the same direction as spending on SaaS. In aggregate, agencies are contracting for roughly 300 more FedRAMP approved solutions per year than they did the previous year.

FedRAMP Solutions Contracted by Compliance Level, FY 2019-2021

Parsing Deltek’s FedRAMP data by compliance level yields additional insight, showing that agencies continue to contract for Moderate-level solutions more than any other. The category labeled Moderate/High, by the way, derives from statements in solicitations saying that acceptable solutions may be certified at the Moderate or High level.

Contracting for Low-level solutions has also grown in recent years as the available number of solutions has increased.

Finally, in terms of spending, agencies are spending strongly on Moderate-certified solutions while also turning increasingly to High-certified solutions. For example, according to Deltek’s data, after spending $2.7B in FY 2019 on solutions rated at least FedRAMP Moderate (inc. FedRAMP Moderate/High), agencies increased that spending to $3.2B in FY 2021. Concerning High-certified solutions, agencies spent $955M on FedRAMP High solutions in FY 2021, up from the $777M they spent in FY 2019.