StateRAMP Public Documents
| Title | Summary | Categories | Link | hf:doc_categories |
|---|---|---|---|---|
| 3PAO Accreditation Process | StateRAMP recognized FedRAMP authorized third party assessment organizations (3PAOs) to conduct independent audits. | Governance | governance | |
| Appeals Committee Charter | The Appeals Committee serves as the adjudication board for the Program Management Office determinations. | Governance | governance | |
| Baseline Controls | This document provides the security control baselines. All of the security controls listed in the table are outlined in NIST 800-53 Rev. 4. (Retired October 1, 2024) | Baseline Requirements | baseline-requirements | |
| Center for Digital Government Best Practice Guide for Cloud and As-a-Service Procurements | The Best Practice Guide was created to provide government and industry with consensus-based advice and terms and conditions for cloud solution procurement models. | Government Document | government-document | |
| Continuous Monitoring Escalation Process | This document explains the actions taken when a service provider fails to maintain an adequate continuous monitoring program. | Continuous Monitoring | continuous-monitoring | |
| Continuous Monitoring Guide | Continuous monitoring review procedures outline the process to examine each monthly package. | Continuous Monitoring | continuous-monitoring | |
| Data Classification Tool | This document helps service providers and governments determine what StateRAMP security category requirements to use to ensure their data is protected. | Baseline Requirements | baseline-requirements | |
| FedRAMP JAB Attestation | In an effort to provide recognition to those providers whose products have achieved a FedRAMP Authorization through Joint Authorization Board (JAB) approval, a new Federal JAB status has been created for providers who wish to list their product on the StateRAMP website. | Governance | governance | |
| Get Started With StateRAMP – Government Guide | This guide explains the StateRAMP implementation process for governments. | Government Document | government-document | |
| Incident Communications Procedures | This document describes the process for StateRAMP stakeholders to use when reporting information concerning information system security incidents or suspected information system security incidents. | Continuous Monitoring | continuous-monitoring | |
| Minimum Mandates for Ready Status at Low Impact | To achieve StateRAMP Ready status at a Low Impact Level, a service provider must meet the minimum mandatory requirements outlined in this document. | Program Document | stateramp-program-document | |
| Minimum Mandates for Ready Status at Moderate and High Impact | To achieve StateRAMP Ready status at a Moderate or High Impact Level, a service provider must meet the minimum mandatory requirements outlined in this document. | Program Document | stateramp-program-document | |
| Provider Leadership Council Charter | This charter outlines the duties and responsibilities of the StateRAMP Provider Leadership Council. | Governance | governance | |
| Ready Minimum Mandatory Requirements for Low Impact Levels | To achieve Ready Status for Low Impact levels, a service provider must meet the minimum mandatory requirements outlined in this document. (Rev. 4 – Retired Oct. 1, 2024) | Ready Requirements | ready-requirements | |
| Ready Minimum Mandatory Requirements for Moderate and High Impact Levels | To achieve Ready Status for Moderate/High Impact levels, a service provider must meet the minimum mandatory requirements outlined in this document. (Rev. 4 – Retired Oct. 1, 2024) | Ready Requirements | ready-requirements | |
| Security Assessment Framework | This document describes a general governance and security framework for StateRAMP. | Baseline Requirements | baseline-requirements | |
| Significant Change Form Template | Service providers are requirements to submit this completed form to StateRAMP and receive StateRAMP approval prior to implementing a significant change to a system with an existing StateRAMP Authorization. | Provider Templates | provider-templates | |
| Sponsoring Government Brochure | Learn about sponsoring government eligibility, how to become a sponsor, sponsor commitments, and how the StateRAMP PMO works to serve state and local governments. | Government Document | government-document | |
| Standards & Technical Committee Charter | The Standards & Technical Committee makes recommendations for best practices and policies that guide cloud security requirements and verification. | Governance | governance | |
| StateRAMP Adopted Bylaws | This framework for bylaws was developed by the StateRAMP Steering Committee. As the Board of Directors is formed in late 2020, one of their first actions will be to adopt the bylaws for the organization. | Governance | governance | |
| StateRAMP Approvals Committee Charter | This charter outlines the duties and responsibilities of the StateRAMP Approvals Committee and their role in providing approvals for product security packages seeking an Authorized status. | Governance | governance | |
| StateRAMP Overview | This document provides information about the StateRAMP organization, how to become a member, the process for engaging the PMO to complete a security review, requirements for government sponsorship, and how to list products on the Authorized Product List. | Program Document | stateramp-program-document | |
| StateRAMP PMO Charter | The PMO Charter defines the objectives, roles, and responsibilities associated with the StateRAMP Program Management Office (PMO). | Governance | governance | |
| StateRAMP PMO Fee Schedule | This document provides an updated StateRAMP Program Management Fee Schedule, effective January 1, 2023. | Program Document | stateramp-program-document | |
| StateRAMP Provider Sponsor Requirements | This document outlines the process (including government sponsorship requirements) for a vendor’s offering to be listed as StateRAMP Authorized on StateRAMP’s Authorized Product List (APL). | Provider Document | provider-document | |
| StateRAMP Security Assessment Framework | This document provides a summary of the objectives, goals, and governance approach of StateRAMP, along with an outlined methodology to verify cloud security. | Program Document | stateramp-program-document | |
| StateRAMP Security Control Baselines Summary | This document provides a summary of NIST 800-53 Rev. 4 security controls required for verification, by Security Impact Level Category. This summary is the result of ongoing collaboration with State leaders and cybersecurity experts. | Program Document | stateramp-program-document | |
| StateRAMP Steering Committee Charter | The purpose of this charter is to define the objectives, membership, decision making, meeting schedule, and roles and responsibilities associated with the StateRAMP Steering Committee. | Governance | governance | |
| Vulnerability Deviation Request Form | When a service provider identifies a vulnerability that potentially warrants different handling than normally required by StateRAMP, they may submit a deviation request to StateRAMP using this form. | Provider Templates | provider-templates | |
| Vulnerability Scan Requirements Guide | This guide describes the requirements for all vulnerability scans provided by service providers to StateRAMP for products with a Ready, Provisional, or Authorized status. | Continuous Monitoring | continuous-monitoring |
Want to learn more about StateRAMP? Click below to watch our latest webinars and briefings in the video library.
Receive StateRAMP Updates
Interested in StateRAMP? Sign up below to receive StateRAMP Updates.