Small Business & StateRAMP
We're here to help.
StateRAMP wants to work with everyone, and we want to make sure our services are affordable for every company.
StateRAMP understands small business partners are critical for State and Local government. No government can survive without the industry expertise that small business leaders provide. With StateRAMP, small business leaders have a true ally to expand public-private partnerships and securely serve State and Local government.
Business leaders from all industries have a role to play in helping to secure our nation’s cyber posture. StateRAMP invites leaders from traditionally underutilized businesses to explore the ways StateRAMP can build paths to effectively serve government.
Use the StateRAMP resources below to discover the opportunities for small businesses, government, and citizens to strengthen our nation’s cyber security.
Check to see if your government partners are participating members
How to Get Started
StateRAMP is working to bring innovation to governments faster, growing the pool of qualified products available to serve governments with a standardized process for verifying cloud security. StateRAMP works with governments to help standardize cybersecurity processes across the United States.
StateRAMP membership recognizes providers as a partner in the mission. Membership benefits include participation on the Provider Leadership Council, input on policies and processes, and more, including the StateRAMP Progressing Security Snapshot Program and verified statuses of StateRAMP Ready and Authorized.
- Watch the Getting Started with StateRAMP webinar below.
- Become a Member of StateRAMP ($500 annual membership dues).
- Request a StateRAMP Security Snapshot.
- Enroll in Progressing Security Snapshot Program.
- Improve Security Posture.
See more details on StateRAMP’s Service Provider Process.
Watch the Getting Started webinar below to learn about StateRAMP’s mission and the vital steps small business can take to meet modern cyber challenges and efficiently serve government.
How can StateRAMP help?
Many small businesses that want to expand often don’t have the resources available to do so. Consulting fees can be prohibitively expensive for small businesses. In an economy where small businesses are often overlooked, how do we level the playing field so that small businesses can be compared to market leaders?
StateRAMP’s Snapshot and Progressing Snapshot Program aren’t just solutions for solicitations; we have a dedicated team to assist in evaluating the total security of our product. Your product will be evaluated using standardized metrics to demonstrate your product provides the same level of security as major tech organizations.
Verify Once, Serve Many
With StateRAMP’s secure approach, your organization doesn’t have to repeat the unique assessment processes individual States mandate. Once you start the process, your product is listed publicly on the StateRAMP Authorized Product List with its current authorization level. While only the governments you serve will have access to your product’s continuous monitoring, anyone can view the Authorized Product List or Progressing Offerings and see your product.
StateRAMP is not limiting competition, it is merely adding a specification that would ensure the correct amount of confidentiality, integrity, and security is applied to contracts involving government data and we want you to be a part of that competition. Our goal is to ensure that your personal data is protected too!
We value small businesses and strive to play a part in your continued success. Through the Provider Leadership Council, we offer you a platform to voice the challenges that you face and a means to foster partnerships with governments that result in productive conversations to address those challenges. The Provider Leadership Council promotes information sharing among public and private-sector members, providing expertise and advice to StateRAMP.
How Snapshot Helps Small Businesses Serve
State and local governments are requiring their awarded vendors’ products to become StateRAMP Ready or Authorized in an ongoing effort to manage risk. However, governments cannot stop doing business while they wait for products to become StateRAMP Authorized, and there are concerns about whether some small businesses are equipped at present to achieve a StateRAMP Ready or Authorized security status.
In 2022, StateRAMP Leadership sought to answer these questions:
- What to do in the interim?
- How can StateRAMP help providers and governments get started today?
Those questions led to discussions around how StateRAMP could provide consistent and reliable visibility for governments into risk today and how the program could help suppliers mature their cyber posture most efficiently.
In early 2023, StateRAMP launched the Progressing Security Snapshot Program. Any provider may procure an individual StateRAMP Security Snapshot or enroll in the StateRAMP Progressing Security Snapshot Program to receive quarterly Security Snapshots and participate in monthly consultative calls.
Assessment: StateRAMP Security Snapshot (updated quarterly)
The Security Snapshot is a mini-audit, going beyond self-attestation with evidence presented for each criterion. A Snapshot can be conducted within three weeks of a completed request and results in a gap analysis score of the product’s cyber posture relative to being able to meet the most minimum critical NIST controls for cloud security.
Consulting: Monthly Progress Calls Focused on Practical Guidance to Improve Security
Following the initial StateRAMP Security Snapshot, the product security team begins hour-long monthly consultative calls with the PMO security team who will educate on the gaps and provide guidance on how to address those gaps most efficiently.
For the most up-to-date pricing information, please review the 2023 StateRAMP Fee Schedule (pdf).
External Funding Options:
Small Business Administration (sba.gov)
One of the perks of being a StateRAMP member is that you can use your membership as a FastTrack option to other RAMPs such as FedRAMP, AZ RAMP and TX RAMP. Rather than having to repeat the verification and validation process, you will only have to provide your StateRAMP documentation and artifacts. If there are controls not included in the StateRAMP process, then those will be the only NEW documentation and artifacts that you will have to provide.
Download the Center for Digital Government's Best Practice Guide for Cloud and As-a-Service Procurements
See all of StateRAMP's accredited Third Party Assessment Organizations
Get Started Today
Everyone has a role to play in fortifying our nation’s cyber defenses, including small business leaders. Trust StateRAMP as a true partner to help your small business find the right path to serve government.
Our specialized team is standing by to help your small business.
The scoring methodology for the StateRAMP Security Snapshot is based on critical NIST 800-53 Rev. 5 requirements. Review the StateRAMP Security Snapshot Criteria and Scoring document (pdf) for more information
A letter will be issued to the Provider from the StateRAMP PMO with a product’s security maturity score. Scores are not publicly posted and any sharing of score is at the discretion of the provider.
Providers can begin the Security Snapshot process by becoming a member of StateRAMP and submitting a Security Snapshot Request. After submission, providers will receive more information from the security team at the Program Management Office regarding payment and how to schedule a meeting to begin the intake process.
Prior to the 1-hour intake meeting, we encourage you to have read and understood the scoring criteria so you are prepared to provide artifacts for each criterion you meet. The required team members should be available on the Snapshot call to answer any follow-up questions.
Fill out the Snapshot request form to get started.
Receive StateRAMP Updates
Interested in StateRAMP? Sign up below to receive StateRAMP Updates.