About StateRAMP
Founded at the beginning of 2020, StateRAMP was born from the clear need for a standardized approach to the cybersecurity standards required from service providers offering solutions to state and local governments.
StateRAMP is a registered 501(c)(6) nonprofit membership organization comprised of service providers offering IaaS, PaaS, and/or SaaS solutions, third party assessment organizations, and government officials. Our members lead, manage, and work in various disciplines across the United States and are all committed to making the digital landscape a safer, more secure place.
Our Mission and Vision
Our mission is to promote cybersecurity best practices through education, advocacy, and policy development to support its members and improve the cyber posture of state and local governments and the citizens they serve. This standardized approach allows providers serving state and local governments to verify their security posture and prove their cybersecurity compliance to their government clients.
Making History: The StateRAMP Roadmap
February 2020
J.R. Sloan (CIO, State of Arizona) and Joe Bielawski (President, Knowledge Services) develop the idea of StateRAMP to meet the growing need, primarily within the public sector’s state and local governments, to manage third-party risk and efficiently verify cloud security services.
March 2020
Dozens of former and current state chief information and security officers, and procurement and privacy officials, join private industry leaders and cybersecurity assessors and innovators to form the steering committee that officially charters StateRAMP.
April 2020
The full StateRAMP Steering Committee convenes for the first time, amid the backdrop of the early days of the COVID-19 pandemic, electing Joe Bielawski as its chairman and formulating a schedule for priority discussions.
May 2020
The StateRAMP Steering Committee Charter is officially adopted, outlining a timeline featuring objectives for discovery and policy decisions.
September 2020
Following months of meetings and discussions on governance, processes, and security requirements, the steering committee adopts its first StateRAMP Security Assessment Framework.
December 2020
With an adopted framework for bylaws in place, the steering committee votes to formally launch StateRAMP in the next month and forms its inaugural board of directors with members J.R. Sloan, Joe Bielawski, and Ted Cotterill (Chief Privacy Officer, State of Indiana).
January 2021
StateRAMP officially launches under the leadership of Executive Director Leah McGrath and PMO Director Noah Brown with a focus on growing outreach and raising awareness among key stakeholders.
April 2021
Membership enrollment begins for state and local government officials and service providers, creating a shared service model for best practices and standardization in cloud security verification and validation.
August 2021
Published templates allow security assessments to get underway. For providers with products or services already under federal approval, the StateRAMP PMO’s Fast Track provides and verifies the necessary documentation already completed for federal authorization.
September 2021
StateRAMP announced the publication of its first Authorized Product List, which features 24 companies and a combined 51 products.
June 2022
New updates increase the value of information included on the StateRAMP Authorized Product List, including a revamped user interface highlighting information on a product’s position in the StateRAMP pipeline. A new Federal JAB status gives recognition to products that have received FedRAMP authorization through joint authorization board approval.
September 2022
StateRAMP is nominated as Innovation of the Year, while Joe Bielawski is nominated for Industry Leadership, at the prestigious CyberScoop 50 Awards.
December 2022
Providing a simpler first step toward achieving a verified StateRAMP security status, Security Snapshot debuts as a “pre-Ready” measurement and gap analysis providing insights to providers and the governments they serve.
January 2023
Celebrating 332 government members, 139 service providers, and a combined 79 products—and counting—StateRAMP strives to shift the culture of cybersecurity to one of continuous improvement.
March 2023
Another option to the StateRAMP Security Snapshot, the Progressing Security Snapshot Program provides quarterly assessments (Snapshots) and monthly consultative calls with the PMO security team.
May 2023
StateRAMP Symposium Brings Together Leading Cybersecurity Experts to Discuss Cyber Threats and Supplier Risk Management.
November 2023
StateRAMP Standards & Technical Committee completed a year-long review to align with Rev. 5.
December 2023
TX-RAMP recognizes StateRAMP Progressing Snapshot and StateRAMP Ready status for Provisionally Authorized Status with no expiration, a change from the usual 18- month limit. TX-RAMP Level 1 is for public/ non-confidential information or low impact systems, and Level 2 for confidential/regulated data in moderate or high impact systems.
January 2024
Effective, January 1, 2024, the Security Snapshot criteria and scoring are updated to align with baselines based on NIST 800-53 Rev. 5 and the MITRE ATT&CK framework control protection values..
Meet Our Staff
Leah McGrath
Ex-Officio Member
Jessica Van Eerde
Chance Grubb
Strategic Relations
Stacey Carswell
Adoption Consultant
Olivia Maple
Taylor Webster
StateRAMP Program Management Office (PMO)
Services provided by Knowledge Services through PMO Charter Agreement.