Our team expanded at the end of 2022, and we are thrilled to start the new year with unique perspectives and exciting updates! Read below to dive deeper into a recap of 2022 and to learn more about what’s to come for StateRAMP in 2023.
Overview of 2022
Formalization of StateRAMP Approvals Committee
At the beginning of 2022, StateRAMP’s Board of Directors and Nominating Committee formed the StateRAMP Approvals Committee, which offers service providers another option for government sponsorship. The committee reviews security packages on a monthly basis and since beginning reviews, the StateRAMP Approvals Committee has sponsored 13 products.
“We are so grateful for the members of our StateRAMP Approvals Committee. The committee streamlines sponsorship, allowing more service providers to achieve StateRAMP Authorization and broadening the pool of secure cloud service offerings for government,” said Leah McGrath, StateRAMP Executive Director. You can read more about the StateRAMP Approvals Committee here.
Additionally, 2022 was the first year StateRAMP accepted nominations from our members. We had an incredible response with 53 people submitting nominations for our 4 standing committees and Board of Directors. We are grateful for the cybersecurity community’s dedication to protecting government data.
Expanded Membership
In 2022, 17 states, 4 local governments and 2 higher education institutions publicly recognized StateRAMP. To increase understanding of StateRAMP’s direct value, the StateRAMP team attended dozens of conferences and speaking engagements across the country, establishing several new strategic partnerships, such as National Association of State Procurement Officials (NASPO), National Association of State Chief Information Officers (NASCIO), and K12 Security Information eXchange (K12 Six). The feedback from the 23 engaged jurisdictions provided insight into how StateRAMP can better serve the government in years to come.
At the end of 2022, StateRAMP had 139 service provider members representing 1,295 people. There were 37 products on the Authorized Product List and 42 on the Progressing Product List.
Introduction of StateRAMP Security Snapshot
After listening to our members’ feedback, our team developed a new, early-stage security maturity assessment tool for cloud products. The StateRAMP Security Snapshot was approved by the StateRAMP Standards & Technical Committee and adopted by the Board as a “pre-Ready” measurement.
The StateRAMP Security Snapshot offers providers the first step toward achieving a verified StateRAMP security status by providing them with a gap analysis that validates a product’s current maturity in relation to meeting Minimum Mandatory Requirements for StateRAMP Ready.
“The StateRAMP Security Snapshot will allow us to identify gaps so we can develop resources to help service providers achieve Ready status,” said Noah Brown, StateRAMP PMO Director.
For governments, the StateRAMP Security Snapshot can be utilized throughout the procurement process, as governments may utilize the Snapshot to clearly determine the risk associated for products being considered for procurement.
What’s In Store for 2023
Transition to NIST 800-53 Revision 5
2023 marks a significant year for StateRAMP, as the Standards & Technical committee will evaluate how to incorporate NIST 800-53 Rev. 5 into StateRAMP’s security requirements. StateRAMP’s baseline controls are the foundations of StateRAMP’s security requirements and during the month of February, we plan to invite all members to provide their feedback on the new baseline.
“The Standards & Technical Committee is currently working through the transition to NIST 800-53 Revision 5 requirements. Updating our control baselines will be crucial for protecting government data as Rev 5 is based on updated threat intelligence, places an emphasis on privacy, and adds more controls surrounding supply chain risk management,” said Noah Brown, PMO Director.
New Councils
The StateRAMP team is preparing to launch two new councils: StateRAMP’s Provider Leadership Council and 3PAO Advisory Council. The councils will promote information sharing among public and private-sector members, providing expertise and advice to StateRAMP
Every service provider member and StateRAMP-registered 3PAO will designate one representative to serve on these critical councils. The councils will conduct virtual meetings twice a year with ad hoc meetings as needed. Stay tuned for more information on how to get involved.
Continued StateRAMP Implementation Among Governments
This year, our team aims not only for more government adoption, but also complete StateRAMP implementation within participating governments. The launch of StateRAMP Security Snapshot and Fast Track Government Implementation will allow governments to place StateRAMP requirements into their solicitations and contracts, rapidly improving the cyber posture of all levels of government. Click here for more information on how to get started.
Overall, we are excited about what’s to come for StateRAMP this year! Our team will be at numerous conferences and meetings throughout the year, which can be found at stateramp.org/events. If you have any questions, please contact us at info@stateramp.org.