Get FedRAMP without a sponsor! 

Ensure Compliance with a FedRAMP-Authorized Solution For CMMC SSP Solution

We’re Fedramp High Ready!

Blog
/
Article

Flock Safety's Fast FedRAMP 20x Authorization with Paramify & Moss Adams/Baker Tilly

Flock Safety opened doors to federal contracts by achieving one of the first FedRAMP 20x Low authorizations. Leveraging Paramify for automation and Moss Adams/Baker Tilly as their 3PAO, they adapted to required Key Security Indicators and prepared evidence in just two weeks, becoming the first non-GRC tool to earn this authorization through 20x.

|
53
min read

In This Article

FedRAMP 20x Process

Flock Safety provides real-time threat detection for law enforcement and communities with AI-powered surveillance technology, including automated license plate recognition (ALPR) cameras and cloud-based analytics.

The FedRAMP 20x pilot offered Flock Safety a faster, more efficient route to FedRAMP authorization and listing on the FedRAMP marketplace without having a sponsor. Their team achieved one of the first FedRAMP 20x Low authorizations by using Paramify for automation and Moss Adams/Baker Tilly as their 3PAO.

Improving Security With Flock Safety

Flock Safety's goal is to help solve and eliminate crime. Their platform uses AI for vehicle identification and crime-solving, serving state and local agencies with secure, scalable cloud solutions. 

To help federal agencies, Flock Safety would need FedRAMP authorization. But, doing the FedRAMP process without a sponsor lined up is risky — it requires a lot of time and money without the promise of authorization.

The FedRAMP 20x pilot created a new path for Flock Safety to get authorized and open doors to government contracts. 

A Tight Deadline and a New Process

Flock Safety would need to meet a nearly impossible timeline to submit a package to the FedRAMP 20x pilot. 

They were working toward GovRAMP and Rev 5, so they’d have to pivot to 20x in weeks to take part in the pilot. Which required they:

  • Adapt to 50+ Key Security Indicators (KSIs) that emphasize demonstrable security over the prescriptive controls in Rev 5. 
  • Produce evidence they’ve met these requirements 
  • Create machine-readable reporting
  • Implement continuous validation to continually assess these KSIs going forward.

Finally, Flock Safety would need the help of a 3PAO to audit their KSI implementations, evidence, and methods of continuous validation.

First to 20x Authorization with Paramify and Moss Adams/Baker Tilly

Flock Safety was already using Paramify to reach their compliance goals. When the pilot was announced, Flock asked if Paramify could quickly flip the platform to handle KSIs and machine-readable reports. 

The answer? Let’s do it.

The Pilot opened May 30th. Using Paramify to map KSIs and tap into their existing tools like Wiz and Splunk, a small Flock Safety team was able to prepare their evidence in just 2 weeks.

With their package ready, Flock Safety needed a 3PAO audit. Moss Adams/Baker Tilly is known for working with some of the world’s most innovative companies. They took on the challenging timeline and new 20x process, balancing rigor with the flexibility of FedRAMP 20x — even as requirements evolved during the process. 

With a great team, the right tools, and a flexible 3PAO, Flock Safety had their full package with machine-readable reporting ready to go.  

On July 15, 2025, Flock Safety was the 1st non-GRC tool to achieve FedRAMP Authorization through 20x and one of the first 4 businesses to be authorized with 20x. 

Get FedRAMP Authorized Fast

FedRAMP Authorization opens doors to government contracts and new revenue streams. If your organization has been putting off FedRAMP or you don’t have a sponsor, now may be the time to get started. 

Paramify has helped many businesses get FedRAMP Authorized with 20x and through the traditional Rev 5 approach. The 20x process is the fastest, simplest way to get FedRAMP — especially if you don’t have a sponsor. 

If you’re looking to tackle FedRAMP, but want to simplify the process, check out our pricing or reach out with any questions. 

Watch our video demo, find out more about what we do, or request a live demo below to learn more:

Learn More:

🎧 Podcast with Jason Oksenhendler of Moss Adams/Baker Tilly

📖 Is FedRAMP 20x Right For You?

🎥 Everything You Need to Know About 20x

Oct 2025
Related posts

Paramify blog

Interviews, tips, guides, industry best practices, and news.

Streamline Your Compliance Journey with Prescient Security and Paramify

Paramify and Prescient Security join forces to streamline compliance for frameworks like FedRAMP and CMMC, combining automation with expert advisory to save time and boost audit readiness.
Read post

How Mirai is Cutting Timelines More than 80% with Paramify

Paramify is partnering with Mirai Security – and we can’t wait to let you know it. Together we’re slashing timelines, lowering costs, and improving their clients’ security. 
Read post

Accurate FedRAMP High SSP in Less than 4 hours

Paramify helped a software company maintain their FedRAMP High authorization by generating a complete and accurate ATO package in 3.5 hours. Learn how Paramify's proprietary Risk Solutions expedites and improves your documentation, whether you're just starting out or already have documentation created.
Read post
View all posts

Frequently Asked Questions

Can compliance advisors or consultants work in Paramify with us, and does it help with managed-service models?

Absolutely. Paramify is used by many advisory partners, RPOs, and MSPs to guide, generate, and manage documentation, perform gap assessments, facilitate policy/procedure drafting, and oversee remediation activities. Advisors can fill out templates, manage controls, and generate client-ready documents.

We have privacy or compliance concerns, can we restrict what external reviewers can access?

Yes, you can assign role-based access controls in Paramify. Advisors or auditors can be given access only to certain programs, assessment and their related evidence.

Sensitive information can be withheld or redacted as needed, and only authorized reviewers see specific items.

Can auditors or advisory partners get direct access to our Paramify environment, or do we have to export everything for them?

Yes, Paramify allows external assessors/auditors and advisors to be invited as users, with controlled permission levels. They can review specific evidence, policies, SSPs, POA&Ms, or assessment modules without accessing broader company data. 

Documentation — such as Appendix A, SSPs, procedures, and POAMs — can also be exported in multiple standard formats (Word, Excel, OSCAL, EMASS, PDF) as needed.

Can I get matched with an Advisor based on my specific needs?

Yes. You can use the Get Matched feature on our website. We will review your specific compliance goals and connect you with the partner best suited for your industry and timeline.

How do Advisors use Paramify during a FedRAMP engagement?

Advisors use Paramify to conduct Gap Assessments, map controls, Automate SSPs, and manage POA&Ms.

Instead of spending months writing Word documents, the Advisor inputs the system architecture and control implementations into Paramify, which then generates the required NIST-formatted documentation.

Does Paramify compete with its Advisors?

No. Paramify is a software company. We do not offer independent audit or long-term consulting services. Our goal is to empower Advisors with better tools so they can serve more clients effectively.

What are the different partner tiers?

We feature Premier Partners prominently on our site. These are firms that have demonstrated a high level of proficiency with the Paramify platform and have successfully helped many clients through the authorization process using our tools.

How do I become an official Paramify Advisor Partner?

We look for firms with a proven track record in federal compliance. If you are interested in joining our network and leveraging our automation products, you can reach out via our contact page or schedule a demo to see how our tools fit into your workflow.

What is the benefit of using an Advisor who uses Paramify vs. one who doesn't?

Advisors using Paramify can accelerate your implementation and typically deliver documentation in a fraction of the time it takes without Paramify. This means:

  • Faster Implementation: An accelerated implementation roadmap keeps timelines predictable.
  • Lower Costs: Reduced manual consultant hours.
  • Higher Accuracy: Automation eliminates the "copy-paste" errors common in traditional SSPs.
  • Easier Maintenance: Your Advisor can help you manage POA&Ms and continuous monitoring within the platform.
Does working with an Advisor on this list guarantee FedRAMP or CMMC authorization?

No firm can "guarantee" authorization, as the final decision rests with the government authorizing body (e.g., the FedRAMP PMO or the DoD).

However, working with a Paramify Advisor significantly reduces the risk of documentation errors and ensures your package is built on a technically sound, automated foundation.

How do I choose the right Advisor for my organization?

Our Advisor page allows you to filter partners by their specific expertise, such as FedRAMP, CMMC, FISMA, or GovRAMP.

Why does Paramify partner with Advisors?

Paramify is an “Iron Man suit” for GRC experts. We provide automation technology to generate and manage compliance documentation (like SSPs snd POA&Ms) while Advisors provide the expert human oversight and implementation expertise.

Together, we offer a "best-of-both-worlds" solution: expert consulting powered by industry-leading automation and risk management planning.

What is the Paramify Advisor Partner Network?

The Paramify Advisor Partner Network is a curated group of cybersecurity and compliance firms — including CMMC Registered Practitioner Organizations (RPOs) and accredited 3PAOs — that use Paramify’s platform to deliver faster, more accurate compliance outcomes for their clients.

I already have an advisor or very capable GRC team. Why do I need Paramify?

Use Paramify's Risk Solution platform to automate ATO packages, improving cost efficiency, speed, and accuracy. This frees your team to focus on more valuable efforts like security posture enhancement and compliance improvements.