Document Category: Program Document

This document provides an updated StateRAMP Program Management Fee Schedule, effective January 1, 2023.

This document provides information about the StateRAMP organization, how to become a member, the process for engaging the PMO to complete a security review, requirements for government sponsorship, and how to list products on the Authorized Product List.

To achieve StateRAMP Ready status at a Moderate or High Impact Level, a service provider must meet the minimum mandatory requirements outlined in this document.

To achieve StateRAMP Ready status at a Low Impact Level, a service provider must meet the minimum mandatory requirements outlined in this document.

This document outlines the process and requirements for monthly, quarterly, and annual reporting required for a service provider to maintain a StateRAMP status.

This document provides a summary of NIST 800-53 Rev. 4 security controls required for verification, by Security Impact Level Category. This summary is the result of ongoing collaboration with State leaders and cybersecurity experts.

This document provides a summary of the objectives, goals, and governance approach of StateRAMP, along with an outlined methodology to verify cloud security.