StateRAMP puts cybersecurity first.

As a 501(c)6 nonprofit, our mission is to promote cybersecurity best practices through education and policy development to support our members and improve the cyber posture of public institutions and the citizens they serve.

About Us


StateRAMP’s governance committees adopt policies and procedures that standardize security requirements for providers. StateRAMP’s Program Management Office then verifies those cloud offerings utilized by government satisfy adopted security requirements through independent audits and continuous monitoring. Products that are working towards or have achieved StateRAMP Authorizations are included on the Authorized Product List.

About Membership


State and local governments, public education institutions, and special districts are invited to become members of StateRAMP. Government membership provides access to shared services for managing supplier risk. Providers are also eligible for membership. Provider membership benefits include: a public profile on the Authorized Product List, transferrable credentials, committee eligibility, access to the complete membership directory, an opportunity to provide feedback on policies, and documentation, and member education.

StateRAMP Partners



With StateRAMP, Procurement Officials, Privacy Officers, and Information Security Officers can be confident their third-party cloud providers and vendors meet and maintain published cybersecurity policies at no cost. 

Service Providers

StateRAMP offers transferrable credentials through standardized cybersecurity verification. This allows providers to verify once to serve many.

Assessment Organizations

StateRAMP’s verification model requires independent audits completed by A2LA-accredited Third Party Assessment Organizations (3PAOs).