#43 - Martin Rieger on FedRAMP 20X, The Future of FedRAMP Compliance, Cloud, and Security

Today, we’re sitting down with StackArmor’s Martin Rieger — a FedRAMP veteran with over 300 engagements under his belt — for an unfiltered deep dive into the origin, evolution, and future of FedRAMP compliance.

We cover everything from the early days of DIACAP and gold images to today’s world of automation, OSCAL, and AI-powered documentation. Martin shares war stories, explains why so many companies fail audits even with AI, and gives his take on where FedRAMP 20x is headed.

Key takeaways
- AI can't replace expertise: Using ChatGPT (or any AI) to generate FedRAMP documentation without human validation leads to failure—AI is a tool, not a replacement for expertise.

- Right tools + right people = success: AI and automation can massively accelerate compliance work if handled by professionals who understand the frameworks deeply.

- FedRAMP’s evolution: FedRAMP has matured from infrastructure-heavy beginnings to a focus on SaaS and cloud-native tools, with an increasing push toward automation and standards like OSCAL.

- Common ATO pitfalls: Many companies underestimate the effort required for continuous monitoring (ConMon) and maintaining their ATO, mistakenly thinking the hardest part is getting authorized.

- Martin: FedRAMP may move toward sponsor-less paths (like StateRAMP) for Low/Moderate baselines, and AI + OSCAL will likely reshape how security packages are created, validated, and shared.

This episode is loaded with insights for anyone serious about federal cloud compliance.

⏱️ Timestamps:
04:10 – Martin’s early FedRAMP journey & Navy background
10:00 – DIACAP, early tools, and Excel-era compliance
16:35 – How Kenny and Martin met (NIST OSCAL event story)
25:00 – StackArmor’s shift from golden images to modern cloud
35:00 – The problem with AI-generated SSPs
43:30 – POAMs, audit problems, and compliance documentation
49:45 – FISMA vs. FedRAMP, ‘FISRamp’, and ATO inefficiencies
56:40 – Predictions: FedRAMP 20x, agency sponsorship & PMO
1:02:20 – The future of FedRAMP automation & OSCAL + AI

🔗 Learn more about StackArmor: https://stackarmor.com/
👤Learn more about Martin Rieger: https://www.linkedin.com/in/martinrieger/

🔗 Learn more about Paramify: https://www.paramify.com/?utm_medium=social
👤 Connect with Kenny: Kenny G. Scott: / https://www.linkedin.com/in/kenny-g-scott/
👤 Connect with Mike: Mike Schreiner:  / https://www.linkedin.com/in/mikecschreiner/