Small Business & StateRAMP
We're here to help.
StateRAMP wants to work with everyone, and we want to make sure our services are affordable for every company.
Small business partners are critical for state and local government – no government can survive without the industry experience and background that small business leaders provide. StateRAMP understands, however, that developing and maintaining a strong cybersecurity posture can be difficult as a small business. With StateRAMP, small business leaders have an ally in the work to advance more secure public-private partnerships at the state and local levels.
Every business plays a role in securing our nation’s cybersecurity – no matter what size – and StateRAMP is excited to invite leaders from small and traditionally underutilized businesses to explore the ways StateRAMP can build paths to effectively serve government.
How Snapshot Helps Small Businesses Serve
State and local governments are requiring their awarded vendors engage with StateRAMP as part of an ongoing effort to manage risk. However, governments cannot stop doing business while they wait for products to become StateRAMP Ready or Authorized, and there are also understandable concerns about the resource challenges small businesses may face in working towards a StateRAMP Ready, Provision, or Authorized security status.
In 2022, StateRAMP leadership sought to address these challenges:
- What can governments and providers do in the interim between pursuing Ready or Authorized status?
- How can StateRAMP help providers and governments get started today?
- How can small and underutilized businesses mature their security postures in a manageable way?
Those questions led to discussions around how StateRAMP could provide consistent and reliable visibility for governments into risk today and how the program could help suppliers mature their cyber posture most efficiently.
In early 2023, StateRAMP launched the Progressing Security Snapshot Program. Any provider may procure an individual StateRAMP Security Snapshot or enroll in the StateRAMP Progressing Security Snapshot Program to receive quarterly Security Snapshots and participate in monthly consultative calls to improve their cybersecurity posture.
The key benefit of the Security Snapshot Program is the ability to provide a point-in-time gap analysis – or think ‘cyber credit score’ – that helps identify high-level cyber risk exposure that provides an effective starting point for small businesses as they begin their cyber maturity journey.
Frequently Asked Questions
StateRAMP’s Security Snapshot and Progressing Snapshot Program are a competition amplifier in the security space, by providing a low-cost, low-barrier entry point to security posture maturing for small businesses. We want to make sure that small businesses have an enhanced ability to compete on the security front while ensuring that state and local governments are able to balance the needed levels of confidentiality, integrity, and security for their critical data.
As we continue to improve opportunities for small businesses, we want to make sure your voice is heard. Through the Provider Leadership Council, we offer you a platform to share the challenges that you face and a means to foster partnerships with governments that result in productive conversations to address those challenges. The Provider Leadership Council promotes information sharing among public and private-sector members, providing expertise and advice to StateRAMP.
StateRAMP membership dues are $500 and must be paid annually. The cost for an individual Snapshot is $500 for businesses with less than $1M in revenue; $1000 for businesses with between $1-5M in revenue; and $1,500 for businesses with over $5M in revenue. Progressing Snapshot is similarly dependent on business revenue but is broken down: $250/month for businesses with less than $1M in revenue; $500/month for businesses with between $1-5M in revenue; and $1,000/month for businesses with revenue above $5M.
The updated fee schedule for the StateRAMP Security Snapshot can be found here.
With StateRAMP’s secure approach, your organization doesn’t have to repeat the unique assessment processes individual state and local governments mandate. Once you start the process, your product is listed publicly on the StateRAMP Authorized Product List with its current authorization level. While only the governments you serve will have access to your product’s continuous monitoring, anyone can view the Authorized Product List or Progressing Offerings and see your product.
Receive StateRAMP Updates
Interested in StateRAMP? Sign up below to receive StateRAMP Updates.