Halo has been granted FedRAMP Certified status under the new FedRAMP 20x standard at Class C (Moderate) impact level, effective 6 May 2026. Package ID: FR2621445678. This makes Halo one of the first cloud platforms in the world to achieve 20x Moderate authorization, having been selected by GSA for the FedRAMP 20x Phase 2 pilot.
For US federal agencies, state and local governments, and DoD contractors evaluating Halo, this removes the single biggest barrier to adoption. The authorization is already in place. Agencies can reuse it rather than building a new Authority to Operate from scratch.
What FedRAMP 20x actually is
FedRAMP 20x is a fundamentally different approach to cloud security certification. The older Rev5 framework worked like a traditional audit: once a year, a vendor presents evidence to an assessor who checks everything is configured correctly. FedRAMP 20x is automation-based. Security controls are validated continuously through Key Security Indicators, checked daily against live infrastructure data. The results are visible to customers in real time through a trust portal. It is not a one-time annual snapshot. It is ongoing, verifiable, and transparent.
The Halo FedRAMP environment runs on AWS GovCloud (us-gov-west-1), a dedicated US government region with restricted access. The full system boundary was independently assessed by DataLock Consulting Group, an accredited FedRAMP Third Party Assessment Organization. Class C Moderate covers the vast majority of federal civilian and state and local government IT service management use cases.
What this means for customers
The FedRAMP-certified environment is a purpose-built, pre-configured Halo instance on AWS GovCloud, deployed and managed by Allied ESM. It includes GRC built in natively: POA&M tracking, OSCAL documentation, continuous KSI monitoring, and cross-framework control mapping covering FedRAMP, FISMA, CMMC, and NIST SP 800-53. All in the base licence. No add-on costs.
Importantly, FedRAMP is standard Halo licensing. There is no pricing uplift, no separate SKU for the government environment. Allied ESM handles the full deployment and ongoing support. ServiceNow is still authorized under the older Rev5 framework. Halo is certified under 20x, the standard the whole industry is moving towards.
If your agency is evaluating ITSM platforms or looking to move away from ServiceNow, the FedRAMP question now has a clear answer.