stateramp approvals committee

How the StateRAMP Approvals Committee Streamlines Sponsorship

by

Todd Taber
Todd Taber

Announcing the StateRAMP Approvals Committee

The newly formed StateRAMP Approvals Committee is making the path to cybersecurity validation simple and straightforward.

Formed by the StateRAMP Board and Nominating Committee, the Approvals Committee includes five members, uniting experience in state and local government and higher education. Their work will help service providers who offer or use IaaS, PaaS, or SaaS solutions that process, store, or transmit government data be sure their products meet stringent government industry verification standards and receive an Authorized status for their product.

Learn more about the StateRAMP Approvals Committee, including the specific ways it’s helping service providers verify their cybersecurity posture, the expertise each member brings to the organization, and how to engage the Approvals Committee to begin cybersecurity validation.

Quick Links

What Is the StateRAMP Approvals Committee?

 

Over the past decade, state and local governments have taken steps to secure their systems and databases from cyberthreats but have struggled to validate security compliance or oversee third-party service providers who offer or use PaaS, IaaS, or SaaS. Often, these providers handle sensitive government data alongside PII, PCI, or PHI. This gap creates an enormous opportunity for cyber criminals to target governments, disrupting vital services and impacting entire communities.

StateRAMP was formed to help establish a standardized approach to cybersecurity thresholds for service providers who offer solutions to state and local governments. StateRAMP’s Board of Directors and its Nominating Committee recently formed the StateRAMP Approvals Committee, which is charged with serving as the body for Government Sponsorship for StateRAMP Authorized and StateRAMP Provisional Statuses.

The StateRAMP Approvals Committee possesses the necessary technical and government policy knowledge and the capabilities to provide States and Local Governments with industry verification standards and guidance related to cybersecurity and third-party solutions. The committee is comprised of leaders in government, education, and cybersecurity to bring proven experience and clear insight to the committee.

Committee members serve as authorizing officials on behalf of government if a provider is unable to secure a government sponsor. In some cases, StateRAMP’s Board of Directors may appoint a subject matter expert to the committee to aid in claims assessments as necessary.

Members of the StateRAMP Approvals Committee must:

  1. Actively serve in state or local government
  2. Be a technical security subject matter expert
  3. Be knowledgeable and support the StateRAMP PMO process and objective in achieving sponsorship for service providers
  4. Be able to provide regular reviews and recommendation
  5. Conduct review of the StateRAMP PMO Executive Summary documentation for each service provider requesting StateRAMP Authorization
  6. Render a vote to accept or reject the PMO’s recommendation
  7. Evaluate each system and provide feedback to obtain clarification
  8. Not be a member of the StateRAMP Appeals Committee

The Approvals Committee will approve the processes and preferred timing for monthly reviews. The process for approvals may include:

  1. The Approvals Committee will review security packages for the standard baseline controls of an impact level, including: StateRAMP Low, StateRAMP Moderate and StateRAMP High. Low+ and other deviations from the standard baseline controls will not be eligible for review by the SAC.
  2. Members receive notification of a product awaiting committee review.
  3. The PMO will provide an executive summary which will be available via the secure StateRAMP PMO Repository.
  4. The Committee will review the PMO’s executive summary, recommendation, and associated artifacts as needed within an agreed upon time frame.
  5. Members will provide a vote within a secure system to accept or reject the PMO’s recommendations.

The committee will begin processing security packages in March. Providers who are interested in submitting their product to the Approvals Committee for review should reach out to info@stateramp.org.

Who Serves on the StateRAMP Approvals Committee?

StateRAMP thanks the following individuals for serving on the inaugural StateRAMP Approvals Committee:

David S. Allen
Chief Information Security Officer
Georgia Technology Authority 

Jayson Cavendish
Deputy Chief Security Officer
Michigan Dept. of Technology, Management & Budget

Rob Main, CGCIO
State Chief Risk Officer
North Carolina Department of Information Technology

Antoine Charles
Third Party Risk Analyst
Oklahoma Office of Management and Enterprise Services

Adam Mikeal
Director of IT Policy, Risk, Identity, & Data Management
Texas A&M University Division of IT

How to Engage the Approvals Committee

If you’re a provider whose product has completed a StateRAMP PMO Authorization Review and awarded a temporary Ready status, you are eligible to submit your product(s) to the Approvals Committee for review. Please contact ellen@stateramp.org to schedule your product in the approvals queue.

If you’re a provider who has not yet engaged the StateRAMP PMO for an Authorization Review, but you do intend to leverage the Approvals Committee instead of an individual government sponsor, please indicate your preference for Approvals Committee review on your PMO Security Review Application at the time of your submission.

Get Involved with StateRAMP


Whether you’re a service provider looking for clear ways to validate your product’s security posture, a government official researching how to protect citizen data, or a cybersecurity assessor researching the current ecosystem, StateRAMP has tools and resources to help.

StateRAMP offers membership options for government officials and members of private industry.

Read about the benefits of StateRAMP membership and register to become a member today by visiting the Registration page on the StateRAMP website. StateRAMP’s membership applications are quick and easy, and you can join StateRAMP to get access to the Member Portal, list your product on the Authorized Vendor List, and engage the StateRAMP PMO today!

Register Now for Upcoming StateRAMP Events

The StateRAMP staff and PMO team host regular webinars to provide education and resources about StateRAMP, the mission of the nonprofit, how providers and governments can get involved, what the review process looks like, and how providers can assess their product to prepare for a PMO Security Review. Webinars are free and open to all.

Register for our upcoming Introduction to StateRAMP webinar on March 15th and the Getting Started with StateRAMP webinar on March 29th by visiting the Events page on the StateRAMP website.

Unable to attend the webinar or looking for a recording of a past event? We have a complete video library of all past webinars and presentations on our website for you to access.

If you would like to learn more about StateRAMP and how you can get involved, email info@stateramp.org.

Share:

Share on facebook
Share on twitter
Share on linkedin