Document Category: Continuous Monitoring

Vulnerability Deviation Request Form

When a service provider identifies a vulnerability that potentially warrants different handling than normally required by StateRAMP, they may submit a deviation request to StateRAMP using this form.

Vulnerability Scan Requirements Guide

This guide describes the requirements for all vulnerability scans provided by service providers to StateRAMP for products with a Ready, Provisional, or Authorized status.

Incident Communications Procedures

This document describes the process for StateRAMP stakeholders to use when reporting information concerning information system security incidents or suspected information system security incidents.

Significant Change Form Template

Service providers are requirements to submit this completed form to StateRAMP and receive StateRAMP approval prior to implementing a significant change to a system with an existing StateRAMP Authorization.