StateRAMP Governance: Meet Our Committees

by Taylor Behlmer

As StateRAMP continues to grow, our mission is being driven by the dedicated efforts of our diverse committees. Each committee plays a pivotal role in shaping the standards, governance, and operational excellence that guide our commitment to improving cloud cybersecurity for state and local governments.

Our committees provide a valuable opportunity for the StateRAMP community to actively participate in our evolution. While each committee has unique standards and requirements, they are predominantly composed of public sector representatives, complemented by private sector members to ensure a balanced industry perspective. Having a wide range of expertise enables us to meet both industries’ needs.

In this blog, we explore the committees that make up the StateRAMP governing body, their responsibilities, and recent accomplishments.

Board of Directors

The Board of Directors is instrumental in guiding our mission, making strategic decisions, and ensuring the seamless operations of StateRAMP. The Board’s leadership ensures StateRAMP remains aligned with its mission and continues to serve both its members and stakeholders.

A major undertaking this year for StateRAMP is the StateRAMP Cyber Summit with presenting sponsor Carahsoft that will be held on September 12th, 2024, in Indianapolis, Indiana. The Board of Directors is spearheading the planning of our inaugural Summit, aiming to create a unique event that addresses real-world cybersecurity problems, fosters solution-focused discussions, and advances state and local government cybersecurity practices and framework harmonization.

Meet the Board of Directors.

Steering Committee

Formed in April 2020, the StateRAMP Steering Committee is comprised of distinguished government and industry leaders. This committee founded StateRAMP, aiming to unify public and private sector leaders in developing a streamlined approach to risk and authorization management (RAMP).

The Steering Committee’s work led to the formation of StateRAMP as a 501(c)6 nonprofit, in partnership with state government CIOs, CISOs, Chief Privacy Officers, Procurement Officials, and private industry experts who serve state governments. This essential group determines StateRAMP’s priorities and manages our operations.

Meet the Steering Committee.

Standards & Technical Committee

The Standards and Technical Committee is at the heart of maintaining and enhancing StateRAMP’s reliability, ensuring that we adhere to the highest levels of security and effective approaches. The committee provides recommendations to the Board regarding PMO policies, security standards, best practices, and assessment processes. Their diligent work ensures that our security measures and best practices remain top-notch, benefiting all members and stakeholders.

This group has been tasked with overseeing the transition to NIST 800-53 Rev. 5, which sets the standard for best practice controls essential to StateRAMP’s Security Snapshot Program and StateRAMP Authorizations. Noah Brown, StateRAMP PMO Director, emphasizes the significance of Rev. 5, stating, “Updating our control baselines was critical for safeguarding government data, as NIST 800-53 Rev. 5 represents the latest advancements in cloud security controls, aligning with current threat landscapes.” StateRAMP is scheduled to fully adopt Rev. 5 controls by October 1, 2024.

Meet the Standards and Technical Committee.

Appeals Committee

The Appeals Committee plays a key role in maintaining StateRAMP’s integrity by ensuring that conflicts and disputes are addressed in an equitable and transparent manner. Comprising of at least five members, the committee includes representation from all stakeholders and at least one Board of Directors member.

In the absence of appeals to review, the Appeals Committee collaborates closely with the Standards and Technical Committee. Recently, these committees joined efforts to assess the NIST 800-53 Rev. 5 baselines, facilitating member feedback on these updated controls. Both committees determined the update enables StateRAMP to implement the most advanced and exhaustive guidelines for cloud security.

Meet the Appeals Committee.

Approvals Committee

The Approvals Committee ensures that providers can verify their products and achieve StateRAMP Authorized status. Composed of at least five members representing state and local government and higher education, this group was formed by the StateRAMP Board and Nominating Committee to address community feedback and guarantee comprehensive product security verification.

Members of the Approvals Committee bring technical expertise and government policy knowledge to the process, carefully reviewing six to eight security packages to grant StateRAMP Authorized Status.

Meet the Approvals Committee.

Nominating Committee

The Nominating Committee identifies and recommends qualified individuals to join our Board of Directors and other leadership positions. Additionally, the committee provides recommendations on best practices for governance, ensuring the effectiveness and transparency of StateRAMP’s operations.

Recognizing the importance of procurement in our initiatives, the Nominating Committee assessed the need for championing the establishment of the Procurement Committee.

The group is instrumental in selecting suitable individuals who will drive the future of StateRAMP forward. Their dedication to identifying capable leaders ensures StateRAMP remains at the forefront of cybersecurity governance.

Meet the Nominating Committee.

Procurement Committee

We are excited to announce the formation of the Procurement Committee, which will begin its term in 2025. This new committee will play a crucial role in advising on procurement best practices for cloud cybersecurity, ensuring that our members are equipped with the most effective and efficient strategies for securing cloud services.

By leveraging the expertise and insights of this committee, we aim to enhance the procurement processes across the board, driving forward our mission to improve cybersecurity standards and practices. Nominations for this committee are now open, and we look forward to welcoming dedicated professionals who are passionate about advancing cybersecurity procurement.

2025 Nominations

We invite you to shape the future of StateRAMP by submitting nominations for the 2025 term. Your nominations ensure our committees and boards benefit from diverse expertise, driving our mission forward. Nominations are open until August 1st. If you know individuals with the right qualifications and commitment, please visit our nominations page to submit their information today.

StateRAMP offers multiple ways to engage, including the 3PAO and Advisory Council, Provider Leadership Council, and various task forces. Introduced in 2024, the 3PAO and Advisory Council facilitates quarterly collaboration among peers. The Provider Leadership Council offers a platform for providers to share insights and stay updated. Our Board of Directors also forms task forces, inviting members to contribute their expertise. Stay tuned for opportunities to participate and help shape StateRAMP’s future.