StateRAMP Single Security Snapshot

Start Your Cybersecurity Journey Here

The First Step Toward Verifying Cloud Products for Government

A helpful moment-in-time representation of a product and provider’s cybersecurity maturity, the StateRAMP Security Snapshot helps providers
begin their cybersecurity journey. Service providers are given a detailed gap analysis that validates their product’s security maturity beyond self-attestation and in relation to meeting the minimum mandatory requirements for StateRAMP Ready status.

MITRE ATT&CK Framework and Scoring

Effective, January 1, 2024, the Security Snapshot criteria and scoring are updated to align with baselines based on NIST 800-53 Rev. 5 and the MITRE ATT&CK framework control protection values. The weighted scoring based on MITRE ATT&CK’s framework was selected to ensure the Security Snapshot criteria emphasizes best practices that have the greatest impact on improved security defense.

Learn More

The Single Security Snapshot Process

Step 1:

Become a StateRAMP Member
All service providers must become an active StateRAMP member before their cloud products and services can be validated by the program management office, obtain a StateRAMP security status, or become listed on the StateRAMP Authorized Product List (APL).

Step 2:

Submit a Security Snapshot Request Form
Answer a few short questions to get started. Following your submission, you will receive more information from the StateRAMP PMO security team, including details regarding payment, scheduling an initial intake meeting, and more.

Step 3:

Attend Intake Meeting and Answer Any Follow-Up Questions

Prior to your one-hour intake meeting, you are encouraged to read and understand the Security Snapshot scoring criteria to be prepared to provide artifacts for each criterion met.

Step 4:

Receive Product Security Maturity Score in Approximately Three Weeks

Service providers will be issued a formal letter from the StateRAMP PMO containing their product’s security maturity score. Scores are not disclosed or posted publicly, and any sharing of the received score is at the discretion of the service provider.

Frequently Asked Questions

Effective, January 1, 2024, the Security Snapshot criteria and scoring are updated to align with baselines based on NIST 800-53 Rev. 5 and the MITRE ATT&CK framework control protection values. The updated criteria include the highest scoring MITRE ATT&CK control protection values from StateRAMP’s Minimum Mandates for Ready (Rev. 5). Scoring is weighted depending on the control protection value assigned in the NIST/MITRE ATT&CK Framework study and is based on a percentage out of 100. The weighted scoring based on MITRE ATT&CK’s framework was selected to ensure the Security Snapshot criteria emphasizes best practices that have the greatest impact on improved security defense. Review the StateRAMP Security Snapshot Criteria and Scoring policy for more information.

A letter will be issued to the Provider from the StateRAMP PMO with a product’s security maturity score. Scores are not publicly posted and any sharing of score is at the discretion of the provider.  

We will give our best effort to deliver Snapshot score within 3 weeks of payment. If you have any time constraints due to solicitations, please note them on the StateRAMP Security Snapshot request form and our security team at the Program Management Office will do their best to honor them.  

The updated StateRAMP fee schedule outlines the costs for the StateRAMP Security Snapshot. 

Providers can begin the Security Snapshot process by becoming a member of StateRAMP and submitting a Security Snapshot Request. After submission, providers will receive more information from the security team at the Program Management Office regarding payment and how to schedule a meeting to begin the intake process.

Prior to the 1-hour intake meeting, we encourage you to have read and understood the scoring criteria so you are prepared to provide artifacts for each criterion you meet. The required team members should be available on the Snapshot call to answer any follow-up questions.

Fill out the Snapshot request form to get started.

Request Your Snapshot