Who We Are

StateRAMP is an independent not-for-profit organization providing an efficient and cost-effective solution for verifying the cybersecurity of cloud service providers for state and local governments.

The StateRAMP model helps state and local governments by creating a level playing field for cloud service providers to take a standardized approach for cloud security and risk assessment. StateRAMP does not recreate the wheel—instead, StateRAMP builds upon the existing third party assessment organization (3PAO) ecosystem.

Leveraging proven and consistent security authorizations, following existing State policy baseline standards, NIST 800-53, StateRAMP ensures consistent application of State approved standards.

Our Goals Are Simple

  • Enable state and local procurement officials to confidently contract with secure third party cloud service providers in a manner that won’t jeopardize government and citizen data.
  • Provide a strong framework that saves state and local governments time, money, and personnel from conducting redundant cloud security assessments.
  • Make it easier for third party cloud service providers to work with governments through a clear framework and transferable certification process.
  • Help state and local governments avoid unnecessary cyber risks though a cost-effective solution.  

Our Steering Committee

Comprised of government, commercial, and academic experts in the fields of cybersecurity, government procurement, and public policy, the committee is responsible for establishing procedures and policies for:

  • Long-term governance and best practices
  • Internal controls ensuring transparency and credibility for all stakeholders
  • Partner engagement process, including: States, third party cloud providers and third party assessment organizations (3PAOs)
  • Program Management Office (PMO) process and administration functions
  • Cost model evaluation and recommendations