StateRAMP recognizes the importance of providing relevant and up-to-date resources for all users and values the input of the provider and government member communities. Currently available documents were developed by the StateRAMP Steering Committee, which is comprised of government representatives, third party assessment organizations, service providers, and subject matter experts.
The StateRAMP Security Assessment Framework was initially created, in collaboration with state government officials and private industry experts, to provide a method for agencies to assess their current security programs by comparing their current environment status against the relevant policies and develop plans for improvement.
The Baseline Security Controls document is designed to help state or local governments and/or service providers identify their required impact level and all the controls required for the environment and to protect the data managed therein.
The Data Classification Tool is intended to be used by state governments and procurement officials as a tool for determining the appropriate StateRAMP or FedRAMP security requirements in a request for proposal (RFP). Determining security requirements ensures States select a service provider that can meet their needs and effectively protect their data.
StateRAMP developed the Minimum Requirements for Ready with input from State, CSPs, and security experts. The minimum mandates are the same across all impact levels.
The Continuous Monitoring Guide outlines the process to examine each monthly package. Ongoing assessment of security controls results in greater control over the service provider’s system and enables timely risk-management decisions.
Members are invited to participate in the annual document review by providing feedback on existing tools, templates, policies, and guides. Our team thanks you for your feedback. Your input is critical in continuing to provide the best guidance and resources possible.
Please provide your comments on the StateRAMP Security Assessment Framework in this comment form by December 1, 2021.
We are accepting comments on the Baseline Security Controls in this comment form and Data Classification Tool in this comment form until January 14, 2022.
Comments will be accepted on the Minimum Mandatory Requirements for Ready in this comment form and Continuous Monitoring Guide in this comment form until February 11, 2022.
To learn more about the StateRAMP Public Comment Period, visit our website: https://stateramp.org/membership/public-comment/