Security Assessment Framework
This document describes a general governance and security framework for StateRAMP.
Security Assessment Framework Read More »
This document describes a general governance and security framework for StateRAMP.
Security Assessment Framework Read More »
When a service provider identifies a vulnerability that potentially warrants different handling than normally required by StateRAMP, they may submit a deviation request to StateRAMP using this form.
Vulnerability Deviation Request Form Read More »
This guide describes the requirements for all vulnerability scans provided by service providers to StateRAMP for products with a Ready, Provisional, or Authorized status.
Vulnerability Scan Requirements Guide Read More »
This document describes the process for StateRAMP stakeholders to use when reporting information concerning information system security incidents or suspected information system security incidents.
Incident Communications Procedures Read More »
Service providers are requirements to submit this completed form to StateRAMP and receive StateRAMP approval prior to implementing a significant change to a system with an existing StateRAMP Authorization.
Significant Change Form Template Read More »
Continuous monitoring review procedures outline the process to examine each monthly package.
Continuous Monitoring Guide Read More »
To achieve Ready Status for Low Impact levels, a service provider must meet the minimum mandatory requirements outlined in this document. (Rev. 4 – Retired Oct. 1, 2024)
Ready Minimum Mandatory Requirements for Low Impact Levels Read More »
This document provides the security control baselines. All of the security controls listed in the table are outlined in NIST 800-53 Rev. 4. (Retired October 1, 2024)
This document helps service providers and governments determine what StateRAMP security category requirements to use to ensure their data is protected.
Data Classification Tool Read More »
This document explains the actions taken when a service provider fails to maintain an adequate continuous monitoring program.
Continuous Monitoring Escalation Process Read More »