How StateRAMP Works

StateRAMP is a platform that provides States a mechanism for efficiently and effectively verifying whether cloud service providers (CSPs) meet a State’s published cybersecurity policies.

StateRAMP helps States reduce cyber risks from unsecure cloud solutions and protects data. Like FedRAMP, StateRAMP simplifies the cybersecurity process by providing a standardized approach for validating cyber-readiness for cloud applications.

StateRAMP stores, maintains, and publishes the security status of cloud service providers and offers States and municipalities a centralized source to access CSP cybersecurity certifications along with status updates and compliance changes.

Read more details about the StateRAMP process in the Security Assessment Framework.

StateRAMP in Action 

In today’s society, we require professional service providers to have licensing validation. That includes accountants, airlines, healthcare, public safety and so forth. In the digital age, validation of cybersecurity is critical and needs to go beyond checking a box. State and local governments need unbiased proof that their cloud vendors are secure and capable of safely storing government and citizen data.

21st Century Cyber Standards

Most States have adopted requirements for third party cloud providers to meet cybersecurity standards developed by the National Institute of Standards & Technology. StateRAMP ensures those requirements are met.

Trust But Verify

By partnering with accredited third party assessment organizations (3PAOs) for auditing and reporting, StateRAMP provides states a simple way to verify that cloud service providers meet and maintain security standards.

Transparency & Confidence

The level of scrutiny and the types of information reviewed during an audit depend on the sensitivity of the State data handled by the cloud service provider. Cloud service providers already FedRAMP Authorized will inherit the equivalent level of StateRAMP Authorization.

Transferable Verifications

StateRAMP will maintain a list of verified providers, giving procurement officials the confidence of their vendors’ cyber preparedness. Read more about third party assessment organizations and providers already authorized by FedRAMP in the Marketplace.