About Us - GovRAMP

About GovRAMP

Founded at the beginning of 2020, GovRAMP was born from the clear need for a standardized approach to the cybersecurity standards required from service providers offering solutions to state and local governments.

StateRAMP (dba GovRAMP) is a registered 501(c)(6) nonprofit membership organization comprised of service providers offering IaaS, PaaS, and/or SaaS solutions, third party assessment organizations, and government officials. Our members lead, manage, and work in various disciplines across the United States and are all committed to making the digital landscape a safer, more secure place.

Our Mission and Vision

Our mission is to promote cybersecurity best practices through education, advocacy, and policy development to support its members and improve the cyber posture of state and local governments and the citizens they serve. This standardized approach allows providers serving state and local governments to verify their security posture and prove their cybersecurity compliance to their government clients.

Making History: The GovRAMP Roadmap

Where We’ve been Shapes Where We’re Going

February 2020

An Idea Sparks

J.R. Sloan (CIO, State of Arizona) and Joe Bielawski (President, Knowledge Services) develop the idea of StateRAMP (dba GovRAMP) to meet the growing need, primarily within the public sector’s state and local governments, to manage third-party risk and efficiently verify cloud security services.

February 2020

March 2020

Steering Committee Formed

Dozens of former and current state chief information and security officers, and procurement and privacy officials, join private industry leaders and cybersecurity assessors and innovators to form the steering committee that officially charters GovRAMP.

March 2020

April 2020

First Committee Meeting

The full GovRAMP Steering Committee convenes for the first time, amid the backdrop of the early days of the COVID-19 pandemic, electing Joe Bielawski as its chairman and formulating a schedule for priority discussions.

April 2020

May 2020

Charter Adoption

The GovRAMP Steering Committee Charter is officially adopted, outlining a timeline featuring objectives for discovery and policy decisions.

May 2020

September 2020

First Framework Approval

Following months of meetings and discussions on governance, processes, and security requirements, the steering committee adopts its first GovRAMP Security Assessment Framework.

September 2020

December 2020

Governing Board Forms

With an adopted framework for bylaws in place, the steering committee votes to formally launch GovRAMP in the next month and forms its inaugural board of directors with members J.R. Sloan, Joe Bielawski, and Ted Cotterill (Chief Privacy Officer, State of Indiana).

December 2020

January 2021

Launch Initiated

GovRAMP officially launches under the leadership of Executive Director Leah McGrath and PMO Director Noah Brown with a focus on growing outreach and raising awareness among key stakeholders.

January 2021

April 2021

Membership Opens

Membership enrollment begins for state and local government officials and service providers, creating a shared service model for best practices and standardization in cloud security verification and validation.

April 2021

August 2021

Assessments Begin

Published templates allow security assessments to get underway. For providers with products or services already under federal approval, the GovRAMP PMO’s Fast Track provides and verifies the necessary documentation already completed for federal authorization.

August 2021

September 2021

Inaugural Authorized Product List (APL)

GovRAMP announced the publication of its first Authorized Product List, which features 24 companies and a combined 51 products.

September 2021

June 2022

APL 2.0

New updates increase the value of information included on the GovRAMP Authorized Product List, including a revamped user interface highlighting information on a product’s position in the GovRAMP pipeline. A new Federal JAB status gives recognition to products that have received FedRAMP authorization through joint authorization board approval.

June 2022

September 2022

Industry Accolades Roll In

GovRAMP is nominated as Innovation of the Year, while Joe Bielawski is nominated for Industry Leadership, at the prestigious CyberScoop 50 Awards.

September 2022

December 2022

Introducing StateRAMP Security Snapshot

Providing a simpler first step toward achieving a verified GovRAMP security status, Security Snapshot debuts as a “pre-Ready” measurement and gap analysis providing insights to providers and the governments they serve.

December 2022

January 2023

Growth & Ongoing Improvement

Celebrating 332 government members, 139 service providers, and a combined 79 products—and counting—GovRAMP strives to shift the culture of cybersecurity to one of continuous improvement.

January 2023

March 2023

Introducing StateRAMP Progressing Snapshot Program

Another option to the GovRAMP Security Snapshot, the Progressing Security Snapshot Program provides quarterly assessments (Snapshots) and monthly consultative calls with the PMO security team.

March 2023

May 2023

First Symposium

GovRAMP Symposium Brings Together Leading Cybersecurity Experts to Discuss Cyber Threats and Supplier Risk Management.

May 2023

November 2023

Security Program Rev. 5 Updates

GovRAMP Standards & Technical Committee completed a year-long review to align with Rev. 5.

November 2023

December 2023

TX-RAMP Accepts StateRAMP

TX-RAMP recognizes GovRAMP Progressing Snapshot and GovRAMP Ready status for Provisionally Authorized Status with no expiration, a change from the usual 18- month limit. TX-RAMP Level 1 is for public/ non-confidential information or low impact systems, and Level 2 for confidential/regulated data in moderate or high impact systems.

December 2023

January 2024

Snapshot 2.0

Effective, January 1, 2024, the Security Snapshot criteria and scoring are updated to align with baselines based on NIST 800-53 Rev. 5 and the MITRE ATT&CK framework control protection values..

January 2024