StateRAMP for State and Local Governments & Education

Proactive Protection Against Cyber Threats at Home

Build a Solid Foundation for Risk Management

  • StateRAMP is based on the current version of the National Institute of Standards and Technology (NIST) publication 800-53, the same publication used to establish FedRAMP.
  • StateRAMP’s security verification model allows SLED (State, Local, and Education) organizations to
    trust potential vendors’ commitment to providing
    secure products.
  • Public sector members can review the authorized product list and view continuous monitoring of products through a secure portal.

Getting Started with StateRAMP

Download the StateRAMP Adoption Resource Guide

StateRAMP helps the public sector protect its sensitive data, saving taxpayer and vendor dollars, while relieving organizations’ burden of managing cybersecurity risk.

Learn more about the process of adopting StateRAMP standards with “Getting Started with StateRAMP: A Guide for Government.”

Adopting StateRAMP

StateRAMP Adoption is where governments and public sector organizations can begin, whether starting from scratch or expanding your already existing third-party risk program.

We recognize that no two organizations are the same and that no two adoptions will be the same. Regardless of how you chose to adopt, by leveraging StateRAMP you can expect the following results:

  • Your policymakers can be assured your providers are meeting best in-class standards throughout contract lifespan.
  • You gain insight into your provider’s products before you sign a contract, allowing you to make informed decisions, under tight timelines, for low costs, while keeping competition open to providers of all sizes.
  • You can move from an assessor to an oversight role through access to our continuous monitoring portal, reviewing current and past records as required for your day-to-day contract management or for your auditing needs.
  • StateRAMP Adoption is so simple you can easily do it yourself, even standing up your program within a few weeks; however, we know sometimes you need an extra set of hands or just have questions. As such, your own dedicated Government Engagement Director stands ready to help you however they can.

Contact the Government Engagement Team to learn more.

Committee Structure

Board and Committee positions are two-year terms, beginning February 1, 2025.

Nominations are open from June 1 – August 1, 2024. The Nominating Committee will review nominations and make recommendations for a slate to the Board. All who have submitted a nomination form will be notified following committee review, no later than November 30, 2024. Nominations not recommended for 2025 will stay on file and active for the Nominating Committee’s reference should a vacancy occur. If you have any questions, please contact our staff at info@stateramp.org.

StateRAMP Task Forces

StateRAMP CJIS-Aligned Task Force

The StateRAMP CJIS-Aligned Task Force is comprised of State and Local Government stakeholders, industry leaders, and FBI CJIS advisors. The mission is to craft an innovative overlay for StateRAMP’s Moderate Impact Level baseline controls, aligning seamlessly with CJIS requirements. While a formal CJIS certification may not exist, our CJIS-focused overlay serves as a beacon, illuminating a product’s likelihood for CJIS conformance.

StateRAMP/NASPO Procurement Task Force

The StateRAMP/NASPO Procurement Task Force convenes government procurement and IT professionals to foster collaboration on best practices in IT procurement. Their mission includes developing standardized templates and resources aimed at helping governments nationwide streamline cloud service acquisition. By leveraging collective expertise, the task force aims to enhance efficiency and effectiveness in government IT procurement processes across the nation.

Frequently Asked Questions

StateRAMP simplifies security by providing state and local governments, education institutions, special districts, and more public sector organizations by providing a common method for independent verification and validation of cloud security providers. With StateRAMP, procurement officials, privacy officers, and information security specialists can be confident in their third-party vendors. Officials can rest assured that providers offering SaaS, PaaS, or IaaS solutions for storing, processing, or transmitting sensitive data—including personally identifiable information, protected health information, or payment card industry data—meet and maintain the government’s strict published cybersecurity policies.

To become a StateRAMP public sector member, visit the Government Membership page. There, you can find detailed information about the benefits of membership and the registration process. Simply follow the instructions to complete your membership application and join our community of cybersecurity professionals dedicated to enhancing security and compliance in the public sector. Or, reach out to our Government Engagement Team at get@stateramp.org for assistance.

To become a StateRAMP private education member, visit the Private Education Membership page. This page provides comprehensive information on the benefits of membership and the steps to join. Follow the detailed instructions to complete your membership application and join our network of educational institutions committed to advancing cybersecurity and compliance. Or, reach out to our Government Engagement Team at get@stateramp.org for assistance.

To include StateRAMP requirements in your next RFP, start by visiting exploring our resources available for government members. You can find templates, guidelines, and support materials designed to help integrate StateRAMP standards into your procurement processes. Additionally, you can contact StateRAMP directly for personalized assistance and to ensure your RFP aligns with the best practices in cybersecurity and compliance.