Announcing the StateRAMP Approvals Committee
The newly formed StateRAMP Approvals Committee is making the path to cybersecurity validation simple and straightforward.
Formed by the StateRAMP Board and Nominating Committee, the Approvals Committee includes five members, uniting experience in state and local government and higher education. Their work will help service providers who offer or use IaaS, PaaS, or SaaS solutions that process, store, or transmit government data be sure their products meet stringent government industry verification standards and receive an Authorized status for their product.
Learn more about the StateRAMP Approvals Committee, including the specific ways it’s helping service providers verify their cybersecurity posture, the expertise each member brings to the organization, and how to engage the Approvals Committee to begin cybersecurity validation.
What Is the StateRAMP Approvals Committee?
Over the past decade, state and local governments have taken steps to secure their systems and databases from cyberthreats but have struggled to validate security compliance or oversee third-party service providers who offer or use PaaS, IaaS, or SaaS. Often, these providers handle sensitive government data alongside PII, PCI, or PHI. This gap creates an enormous opportunity for cyber criminals to target governments, disrupting vital services and impacting entire communities.
StateRAMP was formed to help establish a standardized approach to cybersecurity thresholds for service providers who offer solutions to state and local governments. StateRAMP’s Board of Directors and its Nominating Committee recently formed the StateRAMP Approvals Committee, which is charged with serving as the body for Government Sponsorship for StateRAMP Authorized and StateRAMP Provisional Statuses.
The StateRAMP Approvals Committee possesses the necessary technical and government policy knowledge and the capabilities to provide States and Local Governments with industry verification standards and guidance related to cybersecurity and third-party solutions. The committee is comprised of leaders in government, education, and cybersecurity to bring proven experience and clear insight to the committee.
Committee members serve as authorizing officials on behalf of government if a provider is unable to secure a government sponsor. In some cases, StateRAMP’s Board of Directors may appoint a subject matter expert to the committee to aid in claims assessments as necessary.
Members of the StateRAMP Approvals Committee must:
- Actively serve in state or local government
- Be a technical security subject matter expert
- Be knowledgeable and support the StateRAMP PMO process and objective in achieving sponsorship for service providers
- Be able to provide regular reviews and recommendation
- Conduct review of the StateRAMP PMO Executive Summary documentation for each service provider requesting StateRAMP Authorization
- Render a vote to accept or reject the PMO’s recommendation
- Evaluate each system and provide feedback to obtain clarification
- Not be a member of the StateRAMP Appeals Committee
The Approvals Committee will approve the processes and preferred timing for monthly reviews. The process for approvals may include:
- The Approvals Committee will review security packages for the standard baseline controls of an impact level, including: StateRAMP Low, StateRAMP Moderate and StateRAMP High. Low+ and other deviations from the standard baseline controls will not be eligible for review by the SAC.
- Members receive notification of a product awaiting committee review.
- The PMO will provide an executive summary which will be available via the secure StateRAMP PMO Repository.
- The Committee will review the PMO’s executive summary, recommendation, and associated artifacts as needed within an agreed upon time frame.
- Members will provide a vote within a secure system to accept or reject the PMO’s recommendations.
The committee will begin processing security packages in March. Providers who are interested in submitting their product to the Approvals Committee for review should reach out to email@example.com.
Who Serves on the StateRAMP Approvals Committee?
StateRAMP thanks the following individuals for serving on the inaugural StateRAMP Approvals Committee:
Third Party Risk Analyst
Oklahoma Office of Management and Enterprise Services
Chief Information Security Officer
New Hampshire Department of Information Technology
Chief Technology Officer
Director of IT Policy, Risk, Identity, & Data Management
Texas A&M University Division of IT
Governance, Risk, & Compliance Team Lead
North Dakota Information Technology
How to Engage the Approvals Committee
If you’re a provider whose product has completed a StateRAMP PMO Authorization Review and awarded a temporary Ready status, you are eligible to submit your product(s) to the Approvals Committee for review. Please contact firstname.lastname@example.org to schedule your product in the approvals queue.
If you’re a provider who has not yet engaged the StateRAMP PMO for an Authorization Review, but you do intend to leverage the Approvals Committee instead of an individual government sponsor, please indicate your preference for Approvals Committee review on your PMO Security Review Application at the time of your submission.
Get Involved with StateRAMP
Whether you’re a service provider looking for clear ways to validate your product’s security posture, a government official researching how to protect citizen data, or a cybersecurity assessor researching the current ecosystem, StateRAMP has tools and resources to help.
StateRAMP offers membership options for government officials and members of private industry.
Read about the benefits of StateRAMP membership and register to become a member today by visiting the Registration page on the StateRAMP website. StateRAMP’s membership applications are quick and easy, and you can join StateRAMP to get access to the Member Portal, list your product on the Authorized Vendor List, and engage the StateRAMP PMO today!
Register Now for Upcoming StateRAMP Events
The StateRAMP staff and PMO team host regular webinars to provide education and resources about StateRAMP, the mission of the nonprofit, how providers and governments can get involved, what the review process looks like, and how providers can assess their product to prepare for a PMO Security Review. Webinars are free and open to all. View all events at stateramp.org/events.
If you would like to learn more about StateRAMP and how you can get involved, email email@example.com.