OpenAI receives FedRAMP Moderate authorization: ChatGPT Enterprise and API open for secure adoption by US federal agencies

On Monday, April 27, 2026, OpenAI announced significant news for the US government market: the company has received FedRAMP Moderate authorization for its two key products — ChatGPT Enterprise and OpenAI API. This formally opens the door to secure adoption of generative AI technology within United States federal agencies.

What Has Been Publicly Confirmed

According to OpenAI’s official RSS description, the authorization enables “secure AI adoption for U.S. federal agencies.” Three key facts that have been publicly confirmed:

• authorization level: FedRAMP Moderate,
• covered products: ChatGPT Enterprise and OpenAI API,
• target audience: US federal agencies.

The full announcement text was not accessible externally at the time of writing (HTTP 403), so this article relies on the RSS feed and public knowledge of the FedRAMP framework.

What FedRAMP Moderate Actually Means

FedRAMP (Federal Risk and Authorization Management Program) is a standardized government framework for assessing cloud services. There are three tiers: Low, Moderate, and High.

The Moderate tier covers systems handling sensitive but unclassified data (“Controlled Unclassified Information,” CUI) and requires implementation of approximately 325 security controls defined in NIST SP 800-53. These controls encompass encryption in transit and at rest, access monitoring, network segmentation, audit logging, incident response plans, and a range of other operational and technical requirements.

In other words: for most common federal workloads that do not involve classified data, FedRAMP Moderate is the tier that “opens the door” to lawful adoption.

Why the News Matters

The US federal government is the world’s largest single IT buyer and one of those sectors adopting generative AI cautiously precisely because of regulatory and security concerns. FedRAMP Moderate authorization accomplishes three things simultaneously:

• shortens the Authorization to Operate (ATO) process at the individual agency level — agencies do not need to assess the entire OpenAI stack from scratch,
• enables federal integrators and vendors to include ChatGPT Enterprise and OpenAI API in their prime contracts as approved components,
• sends a competitive signal to other AI providers — Anthropic, Google, and Microsoft Azure OpenAI Service also hold various FedRAMP authorization levels, and each new authorization shifts the market balance.

What Remains Open

The announcement does not answer several questions that matter to enterprise buyers:

• whether the authorization covers all models available through the OpenAI API or only some,
• what the data infrastructure location is — Azure Government, AWS GovCloud, or a dedicated tenant,
• which specific agencies have already launched pilots or production deployments,
• whether there are parallel plans for a FedRAMP High authorization for higher-risk data,
• how this authorization relates to the existing Microsoft Azure OpenAI Service offering that also addresses federal markets.

Context in the Broader Landscape

This announcement is one of three OpenAI news items dated April 27, 2026: in parallel, the Symphony open-source orchestration specification for Codex agents and the announcement of the amended agreement with Microsoft were also published. The consolidated signal OpenAI is sending is that the company is simultaneously targeting the enterprise (Microsoft partnership), government (FedRAMP), and developer (Symphony, Privacy Filter) segments.

For federal agencies and their IT departments, the most practical next action is to check the current FedRAMP Marketplace record for OpenAI and conduct an internal ATO process assessment. Detailed security controls will be available through the standard FedRAMP package that agencies can request.