About Us - StateRAMP

About StateRAMP

Founded at the beginning of 2020, StateRAMP was born from the clear need for a standardized approach to the cybersecurity standards required from service providers offering solutions to state and local governments.

StateRAMP is a registered 501(c)(6) nonprofit membership organization comprised of service providers offering IaaS, PaaS, and/or SaaS solutions, third party assessment organizations, and government officials. Our members lead, manage, and work in various disciplines across the United States and are all committed to making the digital landscape a safer, more secure place.

Our Mission and Vision

Our mission is to promote cybersecurity best practices through education, advocacy, and policy development to support its members and improve the cyber posture of state and local governments and the citizens they serve. This standardized approach allows providers serving state and local governments to verify their security posture and prove their cybersecurity compliance to their government clients.

Making History: The StateRAMP Roadmap

Where We’ve been Shapes Where We’re Going

February 2020

An Idea Sparks

J.R. Sloan (CIO, State of Arizona) and Joe Bielawski (President, Knowledge Services) develop the idea of StateRAMP to meet the growing need, primarily within the public sector’s state and local governments, to manage third-party risk and efficiently verify cloud security services.

February 2020

March 2020

Steering Committee Formed

Dozens of former and current state chief information and security officers, and procurement and privacy officials, join private industry leaders and cybersecurity assessors and innovators to form the steering committee that officially charters StateRAMP.

March 2020

April 2020

First Committee Meeting

The full StateRAMP Steering Committee convenes for the first time, amid the backdrop of the early days of the COVID-19 pandemic, electing Joe Bielawski as its chairman and formulating a schedule for priority discussions.

April 2020

May 2020

Charter Adoption

The StateRAMP Steering Committee Charter is officially adopted, outlining a timeline featuring objectives for discovery and policy decisions.

May 2020

September 2020

First Framework Approval

Following months of meetings and discussions on governance, processes, and security requirements, the steering committee adopts its first StateRAMP Security Assessment Framework.

September 2020

December 2020

Governing Board Forms

With an adopted framework for bylaws in place, the steering committee votes to formally launch StateRAMP in the next month and forms its inaugural board of directors with members J.R. Sloan, Joe Bielawski, and Ted Cotterill (Chief Privacy Officer, State of Indiana).

December 2020

January 2021

Launch Initiated

StateRAMP officially launches under the leadership of Executive Director Leah McGrath and PMO Director Noah Brown with a focus on growing outreach and raising awareness among key stakeholders.

January 2021

April 2021

Membership Opens

Membership enrollment begins for state and local government officials and service providers, creating a shared service model for best practices and standardization in cloud security verification and validation.

April 2021

August 2021

Assessments Begin

Published templates allow security assessments to get underway. For providers with products or services already under federal approval, the StateRAMP PMO’s Fast Track provides and verifies the necessary documentation already completed for federal authorization.

August 2021

September 2021

Inaugural Authorized Product List (APL)

StateRAMP announced the publication of its first Authorized Product List, which features 24 companies and a combined 51 products.

September 2021

June 2022

APL 2.0

New updates increase the value of information included on the StateRAMP Authorized Product List, including a revamped user interface highlighting information on a product’s position in the StateRAMP pipeline. A new Federal JAB status gives recognition to products that have received FedRAMP authorization through joint authorization board approval.

June 2022

September 2022

Industry Accolades Roll In

StateRAMP is nominated as Innovation of the Year, while Joe Bielawski is nominated for Industry Leadership, at the prestigious CyberScoop 50 Awards.

September 2022

December 2022

Introducing StateRAMP Security Snapshot

Providing a simpler first step toward achieving a verified StateRAMP security status, Security Snapshot debuts as a “pre-Ready” measurement and gap analysis providing insights to providers and the governments they serve.

December 2022

January 2023

Growth & Ongoing Improvement

Celebrating 332 government members, 139 service providers, and a combined 79 products—and counting—StateRAMP strives to shift the culture of cybersecurity to one of continuous improvement.

January 2023

March 2023

Introducing StateRAMP Progressing Snapshot Program

Another option to the StateRAMP Security Snapshot, the Progressing Security Snapshot Program provides quarterly assessments (Snapshots) and monthly consultative calls with the PMO security team.

March 2023

May 2023

First Symposium

StateRAMP Symposium Brings Together Leading Cybersecurity Experts to Discuss Cyber Threats and Supplier Risk Management.

May 2023

November 2023

Security Program Rev. 5 Updates

StateRAMP Standards & Technical Committee completed a year-long review to align with Rev. 5.

November 2023

December 2023

TX-RAMP Accepts StateRAMP

TX-RAMP recognizes StateRAMP Progressing Snapshot and StateRAMP Ready status for Provisional Status with no expiration, a change from the usual 18- month limit. TX-RAMP Level 1 is for public/ non-confidential information or low impact systems, and Level 2 for confidential/regulated data in moderate or high impact systems.

December 2023

January 2024

Snapshot 2.0

Effective, January 1, 2024, the Security Snapshot criteria and scoring are updated to align with baselines based on NIST 800-53 Rev. 5 and the MITRE ATT&CK framework control protection values..

January 2024