For Immediate Release
(Indianapolis) The leadership of StateRAMP is pleased to announce the first publication of its Authorized Product List (APL).
StateRAMP is a nonprofit formed earlier this year by leaders from state and local governments, industry experts, and private businesses who joined efforts to help state and local governments manage their third party supplier cybersecurity risks. StateRAMP’s mission is to promote cybersecurity best practices through education, advocacy, and policy development to support its members and improve the cyber posture of state and local governments and the citizens they serve.
“This is an important milestone in the development of StateRAMP and demonstrates the strong commitment of the provider community to verifying cloud security for state and local governments,” said Joe Bielawski, President of Knowledge Services and StateRAMP Founding Board Member.
In an effort to support this mission, StateRAMP brings together public and private voices to establish a common set of security criteria so a standard method of verifying cloud security can be recognized. This standardized approach allows providers serving state and local governments to verify their security posture and prove their cybersecurity compliance to their government clients.
“Zscaler is committed to partnering with government agencies to improve cyber defenses and secure the public sector. We were involved with FedRAMP from the beginning and are very encouraged to see and support this approach being taken at the state level,” said Stephen Kovac, Vice President of Global Government and Head of Corporate Compliance, Zscaler. “StateRAMP is an excellent example of how compliance programs can be incredibly efficient, speed up innovation, and build upon the partnership between private industry and the government.”
“Like many cloud service providers, Project Hosts provides solutions to a number of US states. Historically, the different compliance standards for each state have led to complications, procurement delays, and higher costs. By establishing a common compliance standard for multiple states, StateRAMP is accelerating the compliant cloud adoption process while lowering the cost both for providers and states,” said Joshua Krueger, ISSO/DPO/FSO, Project Hosts.
The StateRAMP security standards are based on the widely recognized National Institute of Standards and Technology (NIST) Special Publication 800-53. Compliance verification is modeled in part after FedRAMP and leverages an independent audit conducted by a third party assessment organization delivered to the StateRAMP Program Management Office (PMO) for review.
The APL includes products with verified security statuses ranging from Ready to Authorized, as well as in progress statuses for providers who are in the process of working toward an authorization. To ensure ongoing security compliance and risk mitigation, providers must comply with continuous monitoring requirements to maintain a verified security status.
“The continuous monitoring function of StateRAMP is the real difference maker for state and local governments seeking to trust but verify their providers have security controls and processes in place to ensure the data we are placing with them is protected,” said J.R. Sloan, CIO for the State of Arizona and President of the StateRAMP Board of Directors.
“Gone are the days of checking a box through self-attestation or submitting a one-and-done SOC 2 Report to validate security. We must adapt to meet the evolving cyber threats, and that requires constant monitoring and reporting so that, as users of technology, state and local governments can be prepared to take action quickly to protect their systems and data, when needed,” said Sloan.
State and local governments can work with StateRAMP to understand and manage the risk profiles of their third-party providers utilizing or offering software as a service (SaaS), platform as a service (PaaS), or infrastructure as a service (IaaS) to manage the government’s data. StateRAMP currently has more than 200 members who represent state and local government and the providers who serve them.
“The States of Arizona and Texas have made headlines this year with their adoption of vendor verification requirements for cybersecurity, and our team is excited to work with their leadership,” said Leah McGrath, Executive Director of StateRAMP.
“There is no question that state and local governments are under attack, and the threats to our communities’ infrastructure, utilities, and information are very real. StateRAMP is an important step that state and local governments can take today to work toward a more secure future,” said McGrath.
Congratulations to the following 24 companies who have a combined 51 products on the first publication of the StateRAMP Authorized Product List.
First Authorized Product List
Aurigo Software Technologies Inc.
Cisco Systems, Inc.
Geographic Solutions, Inc.
ORock Technologies, Inc.
Project Hosts, Inc.
The first APL was published September 14, 2021 and is updated weekly at: https://stateramp.org/vendor-list/. The list includes verified products, as well as products in progress.
In 2020, a steering committee of government CIOs, CISOs, and Procurement and Privacy officers joined industry leaders from cloud providers and cyber security assessing organizations to charter StateRAMP. StateRAMP simplifies security by providing states and local government a standardized approach for protecting their data in the cloud, with a security framework built on the National Institute of Standards & Technology (NIST) Special Publication 800-53 rev. 4. StateRAMP helps states and local government reduce cyber risks from unsecure cloud solutions, and benefits service providers by creating a “verify once, use many” approach to cloud security and risk assessment. StateRAMP is a 501c6 nonprofit organization and governed by a board of directors with a majority representation from state and local government officials. Learn more at http://www.stateramp.org