StateRAMP Single Security Snapshot

Start Your Cybersecurity Journey Here

The First Step Toward Verifying Cloud Products for Government

A helpful moment-in-time representation of a product and provider’s cybersecurity maturity, the StateRAMP Security Snapshot helps providers
begin their cybersecurity journey. Service providers are given a detailed gap analysis that validates their product’s security maturity beyond self-attestation and in relation to meeting the minimum mandatory requirements for StateRAMP Ready status.

MITRE ATT&CK Framework and Scoring

Effective, January 1, 2024, the Security Snapshot criteria and scoring are updated to align with baselines based on NIST 800-53 Rev. 5 and the MITRE ATT&CK framework control protection values. The weighted scoring based on MITRE ATT&CK’s framework was selected to ensure the Security Snapshot criteria emphasizes best practices that have the greatest impact on improved security defense.

The Single Security Snapshot Process

Frequently Asked Questions

Effective, January 1, 2024, the Security Snapshot criteria and scoring are updated to align with baselines based on NIST 800-53 Rev. 5 and the MITRE ATT&CK framework control protection values. The updated criteria include the highest scoring MITRE ATT&CK control protection values from StateRAMP’s Minimum Mandates for Ready (Rev. 5). Scoring is weighted depending on the control protection value assigned in the NIST/MITRE ATT&CK Framework study and is based on a percentage out of 100. The weighted scoring based on MITRE ATT&CK’s framework was selected to ensure the Security Snapshot criteria emphasizes best practices that have the greatest impact on improved security defense. Review the StateRAMP Security Snapshot Criteria and Scoring policy for more information.

A letter will be issued to the Provider from the StateRAMP PMO with a product’s security maturity score. Scores are not publicly posted and any sharing of score is at the discretion of the provider.  

We will give our best effort to deliver Snapshot score within 3 weeks of payment. If you have any time constraints due to solicitations, please note them on the StateRAMP Security Snapshot request form and our security team at the Program Management Office will do their best to honor them.  

The updated StateRAMP fee schedule outlines the costs for the StateRAMP Security Snapshot. 

Providers can begin the Security Snapshot process by becoming a member of StateRAMP and submitting a Security Snapshot Request. After submission, providers will receive more information from the security team at the Program Management Office regarding payment and how to schedule a meeting to begin the intake process.

Prior to the 1-hour intake meeting, we encourage you to have read and understood the scoring criteria so you are prepared to provide artifacts for each criterion you meet. The required team members should be available on the Snapshot call to answer any follow-up questions.

Fill out the Snapshot request form to get started.