Baseline Requirements Archives

Security Assessment Framework

This document describes a general governance and security framework for StateRAMP.

StateRAMP Penetration Test Guidance

This document is to provide guidance to service providers and 3PAOs for a penetration test.

StateRAMP Authorization Boundary Guidance

This document is to provide service providers guidance for developing the authorization boundary for their cloud offering.

Baseline Controls

This document provides the security control baselines. All of the security controls listed in the table are outlined in NIST 800-53 Rev. 4. (Retired October 1, 2024)

Data Classification Tool

This document helps service providers and governments determine what StateRAMP security category requirements to use to ensure their data is protected.

Document Category: Baseline Requirements

Security Assessment Framework

StateRAMP Penetration Test Guidance

StateRAMP Authorization Boundary Guidance

Baseline Controls

Data Classification Tool