Subscribe
https://storage.ghost.io/c/a8/7d/a87d6442-d141-4551-9942-fa89174cf058/content/images/2026/05/ari-1-1.jpg

Ari

3 posts
Compliance as Code

FedRAMP 20x Is Not an Upgrade. It's a Different Program.
FedRAMP 20x Is Not an Upgrade. It's a Different Program.

Here's what most enterprise teams are getting wrong about FedRAMP 20x: they're treating it like a faster version of what already exists. It isn't. FedRAMP 20x, announced by GSA on March 24, 2025, doesn't just compress the authorization timeline. It replaces the

Compliance as Code

Compliance as Code: A Reference Model for an Industry That Isn't Ready
Compliance as Code: A Reference Model for an Industry That Isn't Ready

01 OSCAL Component Definition 02 C2P CLI generates policy bundle 03 Policy engine CI/CD & runtime 04 Assessment evidence artifacts 05 OSCAL Assessment Results 06 3PAO validates assessment Live telemetry Layer 2 inputs Gate fail auto-rem ↺ on fail 3PAO findings → update component definition OSCAL artifact Generation Enforcement (L3) Telemetry

Compliance

You Shift Left on Security. You're Bolting Compliance. Here's What That Costs You.
You Shift Left on Security. You're Bolting Compliance. Here's What That Costs You.

There’s a version of this story that ends with an Authority to Operate (ATO) on schedule, unblocking your public sector revenue pipeline. There’s another version, the more common one, that ends with your product and engineering leads on a call with a 3PAO, debating whether your multi-tenant SaaS

Subscribe to our newsletter

© 2026 shift.left, repeat - Published with Ghost & shift.left, repeat
Your link has expired. Please request a new one.
Your link has expired. Please request a new one.
Your link has expired. Please request a new one.
Great! You've successfully signed up.
Great! You've successfully signed up.
Welcome back! You've successfully signed in.
Success! You now have access to additional content.