Gain a Competitive Edge With Higher Authorization
To achieve StateRAMP Authorized status, providers must complete all necessary documentation, including a 3PAO security assessment report. Government sponsorship is required to obtain Authorized status, with both the StateRAMP Project Management Office and the sponsoring government in agreement that the product in question meets all requirements.
Learn more in “Getting Started with StateRAMP: A Guide for Service Providers Pursuing Authorization.”
The StateRAMP Authorized Process
Frequently Asked Questions
Pricing is tiered as follows:
- $500 for providers with less than $1 million annual revenue.
- $2,500 for providers with annual revenue between $1-5 million.
- $3,750 for providers with annual revenue greater than $5 million.
The level of effort to participate in the StateRAMP Authorized process varies based on the complexity of the system being assessed and the maturity of the organizational information security program. Organizations that have a current FedRAMP Authorized status may leverage their existing documentation to obtain StateRAMP Ready status with minimal additional effort. Organizations that have conducted other framework assessments, such as a SOC2 or HITRUST will be familiar with providing evidence to demonstrate control compliance. Organizations that are not familiar with framework assessments will have a sharper learning curve.
StateRAMP provides many resources to help participating organizations. These include:
- Template forms and guidance documents on our website.
- Monthly StateRAMP Office Hours calls for service providers and 3PAOs, accessible through our events page.
- StateRAMP Security Snapshot.
- StateRAMP Progressing Snapshot with monthly advisory calls.
Fast Track Option*
If a provider has a product, service, or offering with a federal authorization or is pursuing a federal authorization, that offering is eligible for the StateRAMP Fast Track process. Providers will partner with the StateRAMP Project Management Office (PMO) to provide and authenticate the necessary security documentation they’ve already completed for federal authorization. The Fast Track process is detailed below.
*Attention Texas Vendors:
In 2021, Texas passed a law requiring all vendors who use a cloud solution to serve Texas to become TX-RAMP authorized. By administrative rule, TX-RAMP recognizes StateRAMP with automatic reciprocity. StateRAMP provides an efficient, reusable certification that applies in Texas and across our rapidly expanding list of participating governments.
StateRAMP provides a weekly sync with TX-RAMP, so StateRAMP Authorized Products appear on the TX-RAMP list with ease.