Cloud Computing Procurement Updates

FedRAMP is implementing a significant transition from legacy FIPS 199 security categories to a new certification class system (Classes A through D) under the FedRAMP 20x program, aimed at streamlining federal cloud service provider authorization. This modernization emphasizes automated, machine-readable compliance evidence through OSCAL, continuous validation, and Key Security Indicators. The General Services Administration (GSA) is actively hiring 15 cybersecurity professionals for the new FedRAMP Cybersecurity Service (FRCS) to support these changes, with the 2026 Consolidated Rules expected to be finalized by the end of June. These rules will standardize cloud security authorization processes through 2028, enhancing clarity, automation, and flexibility for providers.

• Why this matters: Federal agencies and contractors must adapt to the new certification classes and automated compliance requirements to maintain or achieve FedRAMP authorization.
• The hiring of cybersecurity experts by GSA signals increased capacity to manage and enforce updated FedRAMP standards, creating potential contracting and consulting opportunities.
• Organizations providing cloud services should align their security documentation and processes with OSCAL and continuous monitoring expectations to remain competitive.
• Procurement professionals should prepare for the impact of these rules on acquisition timelines and vendor evaluations, as automation and standardized evidence become central to authorization decisions.

Cellebrite DI Ltd.'s Government Cloud platform achieved FedRAMP High Authorization on May 6, 2026, with the U.S. Department of Justice (DOJ) as the sponsoring agency. This highest federal cloud security certification enables DOJ components and other federal agencies to securely adopt Cellebrite's digital forensic, intelligence, and evidence management solutions within a compliant cloud environment. The authorization facilitates reuse of the security package across federal entities, accelerating their Authority to Operate (ATO) processes and supporting sensitive law enforcement and intelligence missions.

• Why this matters: Federal procurement professionals can now leverage Cellebrite's FedRAMP High authorized cloud platform to meet stringent security requirements for handling highly sensitive unclassified data.
• This development expands opportunities for contractors specializing in secure cloud services, digital forensics, and law enforcement technology solutions.
• Agencies benefit from streamlined authorization processes, reducing time and cost to deploy secure cloud-based digital intelligence tools.
• Organizations should evaluate integration of Cellebrite's Inseyets and Guardian platforms into federal IT environments to support compliance and operational efficiency.

Several leading cloud security and AI infrastructure providers, including Datadog, Cav, and Axonius Federal Systems, have recently achieved or are pursuing FedRAMP High certification, the highest federal security standard for cloud services handling sensitive and controlled unclassified information (CUI). Datadog secured its certification as of May 6, 2026, enabling expanded access to sensitive U.S. federal government workloads and opening significant new contracting opportunities, particularly in law enforcement, emergency services, and defense sectors. Cav announced its FedRAMP High Authorization, facilitating streamlined procurement for federal agencies by providing automated, real-time compliance monitoring that reduces audit times and operational costs. Axonius Federal Systems is advancing from FedRAMP Moderate to High certification to support mission-critical federal agencies operating in high-impact environments, with certification efforts supported by the independent assessor A-LIGN.

• Why this matters: FedRAMP High certification is a critical enabler for cloud service providers to compete for sensitive federal contracts, especially within DoD and other agencies requiring stringent cybersecurity compliance.
• Procurement professionals should anticipate increased availability of advanced cloud monitoring, AI infrastructure, and continuous compliance solutions certified for high-impact federal environments.
• Contractors and vendors can leverage these certifications to meet mandatory security requirements, reduce procurement barriers, and position themselves for expanded federal engagements.
• Organizations supporting federal IT modernization and cybersecurity initiatives should evaluate partnerships or integrations with these certified providers to enhance compliance and operational efficiency.

Federal News Network is hosting Cloud Exchange 2026, a virtual conference on June 10-11, 2026, focused on advancing a whole-of-government approach to cloud modernization. The event convenes senior government leaders, technologists, and industry experts to discuss strategies for cloud adoption, cybersecurity integration, digital service expansion, and alignment with federal policy and acquisition reform efforts.

• This conference highlights federal agencies' commitment to accelerating cloud modernization initiatives and integrating cybersecurity within cloud environments.
• Procurement professionals should note the emphasis on acquisition reform, which may influence upcoming cloud service solicitations and contract structures.
• Industry stakeholders, including cloud service providers and cybersecurity firms, can leverage insights from this event to align offerings with evolving government requirements.
• Organizations involved in digital transformation should consider participation or follow-up to understand federal priorities and procurement trends in cloud technologies.

Bentley Systems has secured FedRAMP authorization for its ProjectWise and OpenGround cloud infrastructure platforms, sponsored by the U.S. Army Corps of Engineers (USACE). This certification allows federal agencies to procure and deploy these cloud-based tools with confidence in their security compliance, facilitating streamlined collaboration and data management for federally funded construction and infrastructure projects.

• Why this matters: FedRAMP authorization reduces procurement barriers for federal agencies seeking secure cloud infrastructure solutions, accelerating adoption of Bentley's platforms.
• USACE sponsorship highlights the agency's commitment to modernizing infrastructure project management through cloud technologies.
• Procurement professionals should consider Bentley Systems' authorized status when evaluating cloud infrastructure vendors for construction and property management projects.
• Contractors and vendors supporting federal infrastructure initiatives may find increased demand for integration and support services related to these FedRAMP-authorized platforms.

Federal agencies and industry leaders convened at FCW events to discuss and promote cloud security strategies, including implementation of the Cyber Executive Order and Zero Trust architectures. These forums, held in early 2026, provided government contractors with detailed insights into evolving federal cybersecurity requirements, multi-cloud security challenges, and practical approaches to enhancing cloud-based defenses. The participation of key federal CIOs, architects, and cybersecurity directors alongside leading technology vendors highlights the growing emphasis on secure cloud adoption across government.

• Agencies such as the Office of Personnel Management, Department of State, and Department of Commerce are actively engaging in cloud security modernization efforts, signaling increased procurement opportunities for cybersecurity and cloud solution providers.
• Contractors specializing in Zero Trust frameworks and multi-cloud security can leverage these insights to align offerings with federal priorities and address common implementation challenges.
• The events underscore the importance of collaboration between government and industry to navigate budget constraints, user disruption concerns, and technical scope complexities in cloud security deployments.
• Vendors like Red Hat, Infoblox, Gigamon, Duo, VMware, and Splunk are positioned as key partners, indicating competitive landscapes and potential partnership avenues for contractors targeting federal cloud security contracts.

The U.S. Army launched Project ARIA in March 2026 to rapidly operationalize artificial intelligence capabilities across its force of nearly 2 million personnel. This initiative focuses on delivering soldier-ready AI tools that reduce administrative burdens and enhance warfighting effectiveness through streamlined acquisition processes and collaboration with industry leaders such as Amazon Web Services, Microsoft, Google, OpenAI, and CrowdStrike. Despite progress, challenges remain in integrating AI into organizational planning and budgeting, as well as overcoming adoption hurdles within the force. The Army's efforts include AI tabletop exercises and development of AI-enabled tools like chatbots, signaling a strategic shift toward becoming an "AI-first" warfighting force by 2026.

• Project ARIA represents a significant procurement and innovation opportunity for technology vendors specializing in AI, cloud services, and cybersecurity.
• Procurement professionals should note the Army's emphasis on rapid acquisition and risk reassessment to accelerate AI adoption, potentially enabling faster contract awards and pilot programs.
• Collaboration with the Enterprise Cloud Management Agency and senior Army leadership indicates a coordinated federal effort to integrate AI across defense operations.
• Organizations should prepare for evolving requirements around AI integration, digital twins of the industrial base, and AI-enabled cyber defense capabilities demonstrated in prior tabletop exercises.

Federal agencies are increasingly implementing cloud-delivered security frameworks such as Security Service Edge (SSE) and Secure Access Service Edge (SASE) to advance zero-trust cybersecurity strategies and support hybrid work environments. SSE emphasizes cloud-based security services including secure web gateways, cloud access security brokers, and zero trust network access, while SASE combines these security functions with networking capabilities like SD-WAN. Agencies are advised to assess their network maturity and modernization goals to determine the appropriate adoption path, often beginning with SSE as a phased approach toward comprehensive cloud security.

• Why this matters: Procurement professionals should recognize growing demand for integrated cloud security solutions that align with zero-trust mandates and hybrid workforce needs.
• Agencies may prioritize vendors offering flexible SSE and SASE platforms that can scale with evolving network architectures.
• Organizations should evaluate their current network infrastructure maturity to plan phased procurements starting with SSE capabilities.
• Contractors providing cloud security services and zero-trust solutions can leverage this trend to position offerings for federal cybersecurity modernization initiatives.

Elastic has secured FedRAMP High authorization for its Elastic Cloud service hosted on AWS GovCloud, enabling the company to provide cloud solutions that meet stringent federal security requirements for highly sensitive government workloads. This authorization, combined with Elastic's strong Q3 FY2026 financial performance including 18% revenue growth and expanded AI capabilities, positions Elastic as a competitive provider for federal agencies seeking secure, compliant cloud services in regulated environments.

• Why this matters: FedRAMP High authorization is critical for vendors targeting federal agencies with sensitive data, opening new opportunities for Elastic in government cloud procurement.
• Procurement professionals should consider Elastic's enhanced compliance posture when evaluating cloud service providers for high-impact, regulated projects.
• Contractors and partners can leverage Elastic's AI integrations and FedRAMP High status to meet evolving federal requirements for secure, intelligent cloud solutions.
• This development signals increased competition among cloud providers in the federal market, emphasizing the importance of security certifications and innovation in procurement decisions.

Delaware Governor Matt Meyer officially sworn in Robert Storch as the state's first Inspector General in 2026, following the creation of the Office of the Inspector General (OIG) by Senate Bill 4 in 2025. This new independent office is tasked with investigating fraud, waste, abuse, and corruption within Delaware state government, enhancing oversight and accountability beyond existing auditors and attorneys general. The establishment of the OIG represents a significant structural change in Delaware's government procurement and compliance environment, signaling increased scrutiny and potential demand for services related to audit, investigation, and compliance support.

• Why this matters: Procurement professionals should anticipate heightened oversight requirements and potential new compliance mandates stemming from the OIG's activities.
• Vendors offering audit, investigative, and compliance services may find emerging opportunities to support Delaware state agencies adapting to the OIG's oversight.
• Contracting officers should prepare for increased transparency expectations and possible procedural changes in procurement processes.
• Organizations working with Delaware state government should evaluate their internal controls and risk management practices in light of the new OIG oversight.