StateRAMP for Service Providers

Empowering Providers Who Put Cybersecurity First

Save Time and Demonstrate Your Security Edge

  • Service Providers in StateRAMP can leverage verified IaaS, PaaS, and SaaS solutions across multiple government and education contracts.
  • StateRAMP allows small businesses to compete equally with larger organizations for government and education contracts.
  • Access to the complete Member Directory and a public product profile on the Authorized Product List helps private and public sector organizations connect.

Already FedRAMP Authorized or Pursuing Authorization? Get on the Fast Track!

If a provider has a product, service, or offering with a federal authorization or is pursuing a federal authorization, that offering is eligible for the StateRAMP Fast Track process. 

Providers will work with the StateRAMP Program Management Office (PMO) to provide and authenticate the necessary security documentation they’ve already completed for federal authorization.

Learn more about StateRAMP Fast Track.

Getting Started with StateRAMP

Download the Free Guide for Service Providers

StateRAMP verification can be a significant competitive advantage for cybersecurity-minded service providers seeking work with state or local governments and public sector entities. Learn more about the best-practice recommendations for achieving verification and accomplishing items on the StateRAMP Implementation Checklist with our free download, “Getting Started with StateRAMP: A Guide for Service Providers.”

Program Offerings

Single Security Snapshot

An early stage security maturity assessment tool for cloud products, the Security Snapshot helps providers begin their cybersecurity journey and take the first step toward achieving a verified StateRAMP security status.

Progressing Security Snapshot Program

A subscription-based program combining trust-but-verify principles and a mentoring approach to improving cybersecurity maturity, Progressing Security Snapshot includes quarterly assessments and monthly consultative calls with the StateRAMP PMO team.

StateRAMP Ready

StateRAMP Ready is a verified security status attained by meeting the StateRAMP minimum mandatory requirements, demonstrated by a readiness assessment report conducted by a 3PAO.

No contract or government sponsor is required for Ready status. StateRAMP Ready indicates a product is likely well positioned to comply with the full authorization requirements.

StateRAMP Authorized/Provisionally Authorized

StateRAMP Authorized/Provisionally Authorized is a verified security status that indicates the product meets all the required security controls by impact level. 

Authorized/Provisionally Authorized Status requires a 3PAO attestation, StateRAMP PMO verification, and acceptance by a government sponsor or the StateRAMP Approvals Committee.

StateRAMP Service Provider Membership Tiers

StateRAMP Service Provider Memberships are designed specifically for cloud service providers and other IT vendors that wish to demonstrate compliance with StateRAMP’s security standards. As part of our commitment to continuous improvement and better service delivery, we’ve recently implemented a significant operational change. The membership renewal date will be June 1st every year instead of rolling renewals based on individual joining dates beginning June 1, 2024.

Basic

  • Standardized approach to cloud security for government
  • Guided path through StateRAMP Security Snapshot Program
  • Product listing on the Authorized Product List 
  • Transferrable credentials
  • Access to the complete Member Directory
  • Access to RAMPxchange (Additional fees may apply)
  • One (1) Member Rate for Annual Summit
  • And much more
  • $1,500 annual dues

Prime

Basic Membership benefits, plus:

  • Two (2) Member Rates for Annual Summit
  • Access to RAMPxchange (No additional fees)
  • Bi-Annual Call with StateRAMP Executive Staff
  • $2,500 annual dues

Premier

Basic and Prime Membership benefits, plus:

  • Four (4) Member Rates for Annual Summit
  • Social Media Spotlight / Blog Panelist Feature
  • Invitation to Special Roundtable Available for Government Members and Premier and Champion-level Provider Members
  • Receive First-Right-of-Refusal for Event Sponsorships
  • Special Listing on Website
  • Limited to 25 active memberships
  • $10,000 annual dues

Champion

Basic, Prime, and Premier Membership benefits, plus:

  • Six (6) Member Rates for Annual Summit
  • Guest Speaker, as part of a Bi-Annual Virtual Education Series
  • 1:1 Monthly Call with StateRAMP Executive Director
  • Limited to five active memberships

StateRAMP for Small Business

Small business partners are critical for the public sector. StateRAMP understands, however, that developing and maintaining a strong cybersecurity posture can be difficult as a small business. With StateRAMP, small business leaders have an ally in the work to advance more secure public-private partnerships at the state and local levels.

Frequently Asked Questions

To become a StateRAMP service provider member, visit the Service Provider Membership page. There, you can find detailed information about the benefits of membership and the registration process. Simply follow the instructions to complete your membership application and join our community of cybersecurity professionals dedicated to enhancing security and compliance in the public and private sector.

  • StateRAMP Single Security Snapshot
    • Applicable for products that have not yet achieved StateRAMP Verified Status.
      • $500 for providers with less than $1 million annual revenue.
      • $1,000 for providers with annual revenue between $1-5 million.
      • $1,500 for providers with annual revenue greater than $5 million.
    • Progressing Security Snapshot Program (Subscription)
      • Applicable for products that have not yet achieved StateRAMP Verified Status (Includes monthly progress reports and updated Snapshots as requested).
    • Ready Review
      • Applicable for products that have had a 3PAO conduct a readiness assessment review.
    • Authorized Review
      • Applicable for products that have had a 3PAO conduct a security assessment review.
    • Continuous Monitoring
      • Applicable for products with Ready, Authorized, or Provisional Status (includes monthly reporting and annual audit
        reviews).