As the reliance on cloud technology grows and cybersecurity threats become more sophisticated, securing IT products and services has transformed from an important consideration into an urgent priority for state and local governments. With the increasing complexity of procurement processes and the pressing need to enhance cyber resilience, it became evident that a new approach was necessary. Enter the NASPO/StateRAMP Procurement Task Force—a collaborative initiative established in October 2023 to address these challenges head-on.
Why This Task Force?
The formation of this Task Force stemmed from a recognized need to harmonize procurement practices with the rigorous demands of cybersecurity. The stakes are high; as governments across the country increasingly rely on cloud-based solutions, ensuring these products are secure is not just a priority, but a necessity. Yet, navigating the intersection of procurement and IT has often been fraught with challenges, from aligning stakeholders to ensuring compliance with complex Risk Authorization Management Programs (RAMP).
To address these concerns, StateRAMP saw an opportunity to collaborate with the National Association of State Procurement Officials (NASPO). This strategic partnership was not by chance—NASPO’s expertise in procurement, coupled with StateRAMP’s focus on cybersecurity, provided the perfect foundation for this Task Force. Together, our goal was to create a streamlined approach that brings procurement professionals and IT experts together, ensuring that security is at the forefront of every cloud product procurement.
“The collaborative effort of the NASPO/StateRAMP Procurement Task Force represents an important step forward in addressing the unique challenges of IT procurement and cybersecurity and enforces our commitment to enhancing the security of government digital infrastructure while streamlining the procurement process,” stated Fay Tan, Deputy Chief Legal Officer, NASPO. “As we move toward a permanent Procurement Committee, we’re confident that this work will continue to shape the future of secure IT procurement across the nation.”
The Mission and Goals
The NASPO/StateRAMP Procurement Task Force is comprised of a diverse group of professionals from both procurement and IT communities. This robust team has worked tirelessly over the past year to review current practices, identify gaps, and develop practical tools that can be used by states and local governments across the nation.
Our mission is clear: to provide guidance and resources that simplify the procurement of secure IT cloud products while enhancing the overall cybersecurity posture of government entities. The culmination of nearly a year’s work, the Task Force has developed a Procurement Toolkit designed to bring procurement into the IT conversation. This toolkit serves as a bridge, ensuring that all stakeholders—from procurement officers to IT professionals—are aligned in their efforts to secure critical infrastructure.
Looking Ahead
As the work of the NASPO/StateRAMP Procurement Task Force concludes, StateRAMP is excited to announce the establishment of a Procurement Committee. This committee, composed of representatives from the public sector, along with advisors from NASPO and the private sector, will continue to foster collaboration and innovation in the procurement process, ensuring that our mission to secure IT cloud products remains a top priority. By integrating cybersecurity considerations into the procurement lifecycle, we can help governments procure IT solutions that are not only effective but also secure.
This Task Force is more than just an initiative; it represents a commitment to safeguarding our digital future. We are excited to share the tools and resources we have developed and look forward to seeing how they will help governments across the country navigate the complexities of IT procurement with confidence. For more information on the Task Force, please visit stateramp.org/naspo-stateramp-procurement-task-force/.
StateRAMP would like to thank our strategic partner, NASPO, for all the excellent work in convening this task force and for their continued efforts to improve our nation’s cybersecurity.