New States Leveraging StateRAMP for Cyber Verification

by Liz Huston

Announcing more states later this summer! 


Today StateRAMP announced its growing list of states who are working with StateRAMP to validate the cybersecurity posture of their third-party suppliers who use or offer cloud products to deliver services.

StateRAMP launched in early 2021 and one year later, an expanded list of state and local municipalities are working with StateRAMP to validate provider’s cloud-based solutions to ensure all baseline cyber requirements are met.

Leading states include:

  • Arizona
  • California
  • Florida
  • Georgia
  • Massachusetts
  • Michigan
  • New Hampshire
  • Oklahoma
  • North Carolina
  • Texas

With responsibilities for critical infrastructure, vital services, and mass storage of confidential data, government, at all levels, is a prime target for cybercrime.

“2021 was a record-breaking year for data breaches and software supply chain attacks,” said Steve Nichols, Chief Technology Officer at the Georgia Technology Authority. “As cybersecurity threats and risks have increased, state and local governments must ensure the suppliers they work with are able to meet minimum cyber requirements.”

StateRAMP provides state and local governments assurance that the suppliers they are working with meet the minimum cybersecurity standards through independent audits and ongoing continuous monitoring.

“Until StateRAMP, there was not a standardized method to provide state and local governments consistent, independent, and ongoing validation of a product’s cyber posture,” said J.R. Sloan, Chief Information Officer for the State of Arizona. “That left states on their own, expending valuable resources evaluating vendor compliance. StateRAMP allows us to work together with our counterparts in other states and in the vendor community toward a common standard.”

StateRAMP is designed as a shared service for government and a streamlined service for suppliers who can verify their products one time and reuse that certification with each government agency they serve.

“Cybersecurity is a team sport. The bad actors are working together, why can’t we?” said Chance Grubb, Senior Staff Officer/OK-ISAC Lead, Oklahoma Cyber Command, Office of Management and Enterprise Services. “Being able to partner with StateRAMP allows us to better protect citizen data and infrastructure.”

“StateRAMP is a great example of what needs to take place to help us defend against attack,” said Rob Main, State Chief Risk Officer for the State of North Carolina.

“At launch one year ago, our goal was to work with three to five states in the first year. The level of interest in StateRAMP is far surpassing our expectations and incredibly exciting,” said Leah McGrath, Executive Director of StateRAMP. “Our team feels truly honored to be a part of this effort helping strengthen cybersecurity across the nation.”

About StateRAMP

StateRAMP is a nonprofit organization that launched in early 2021 and brings state and local governments together with the suppliers who serve them to recognize best practices in cloud security and provides a standardized approach to cloud cybersecurity verification. StateRAMP helps state and local governments reduce cyber risks from unsecure cloud solutions, and benefits service providers by creating a “verify once, use many” approach to cloud security and risk assessment.

StateRAMP maintains an Authorized Vendor List (AVL) which lists products that have achieved a security status and those products going through the process. Learn more at, and register to attend a virtual event at


Share this post: