AWS and Telos announce Xacta’s achievement of FedRAMP High authorization

Amazon Web Services (AWS) and Telos are pleased to announce that Xacta, a leading cyber governance, risk, and compliance (GRC) platform, has achieved Federal Risk and Authorization Management Program (FedRAMP) High authorization—the program’s highest security level. This achievement validates Telos’s partnership with AWS in delivering enterprise-grade security solutions for US public sector organizations and regulated industries, providing the tools needed to efficiently manage security compliance—from initial assessment through continuous monitoring.

FedRAMP High authorization certifies that Xacta meets the most stringent security standards for protecting the federal government’s most sensitive unclassified data—so that agencies can confidently use the platform for comprehensive cyber risk management and regulatory compliance.

Deployed on AWS GovCloud (US) and available through AWS Marketplace, Xacta automates compliance processes across more than 100 leading regulations and policies—including NIST frameworks (RMF, CSF), DoD IT requirements, and FedRAMP (including the upcoming FedRAMP 20x framework). The platform streamlines assessment and authorization workflows while providing continuous monitoring to help organizations maintain their security posture and demonstrate ongoing compliance.

Xacta’s FedRAMP High authorization allows agencies and their partners to accelerate compliance and maintain the highest security standards. Organizations can reduce time and resources required for critical security frameworks, maintain continuous compliance through automated evidence collection, and establish a centralized system of record for security documentation.

Advanced AI capabilities

Xacta.ai is the generative AI engine at the core of the platform, designed to dramatically cut cyber compliance timelines through AI-driven automation. Built on 25 years of field-tested innovation, data, and subject matter expertise, Xacta.ai delivers the equivalent of a seasoned expert team trained in over two decades of GRC best practices.

In pilot testing, Xacta.ai achieved remarkable efficiency gains—reducing critical compliance tasks from 4–6 months to only 9 days and cutting control implementation statement generation from over an hour to less than 5 minutes, representing a 93% overall time savings.

Powered by Amazon Bedrock’s advanced capabilities, Xacta.ai can be customized with your organization’s data to provide precise, context-aware responses to complex GRC questions in seconds. Through real-time, pre-engineered prompts, AI-assisted data tagging, and dynamic Retrieval Augmented Generation (RAG), Xacta.ai delivers:

• Instant control implementation – Generate comprehensive control statements in seconds
• AI-driven validation – Create tailored test procedures for your systems
• Risk remediation – Receive actionable steps through intuitive chat
• Contextual insights – Identify gaps and analyze risk with one click
• Adaptive prompts – Accelerate authority to operate (ATO) decisions with customizable templates

Purpose-built architecture on AWS GovCloud (US)

Xacta delivers a secure, scalable solution for security-conscious organizations through its cloud-native architecture built on AWS GovCloud (US). The platform implements a secure multi-tenant design with multi-layered network security through AWS Network Firewall, security groups, and Network Load Balancer.

The application layer uses containerized components on Amazon Elastic Container Service (Amazon ECS) with Amazon Elastic Compute Cloud (Amazon EC2) instances to ensure scalability and workload isolation. Data is secured through encrypted Amazon Aurora databases for structured data and Amazon Simple Storage Service (Amazon S3) for document storage. AWS Key Management Service (AWS KMS) provides centralized encryption key management across the entire platform.

Comprehensive operational monitoring is delivered through Amazon CloudWatch, while identity and access management supports customer IdP integration with solutions including Okta, Azure Active Directory, and DUO.

The following diagram illustrates the solution architecture:

Figure 1: Xacta’s architecture on AWS GovCloud (US) supports multi-tenant deployments with comprehensive security controls

Commitment to security

“Achieving FedRAMP High authorization for Xacta demonstrates our commitment to providing the highest level of security for our federal customers,” said John B. Wood, CEO and chairman of Telos Corporation. “By leveraging the security and scale of AWS GovCloud, we can help agencies streamline their compliance efforts while maintaining rigorous security standards.”

Xacta serves the world’s most security-conscious organizations, including federal civilian and defense agencies handling sensitive unclassified data, intelligence community members with stringent security needs, and commercial organizations with rigorous compliance standards.

Telos and AWS are committed to helping organizations navigate complex compliance requirements. Xacta’s FedRAMP High authorization represents a significant milestone in this journey, providing a trusted platform for security compliance management.

Organizations interested in using Xacta for their security compliance initiatives can find the solution in AWS Marketplace or contact Telos directly for more information.