StateRAMP Security Snapshot
The StateRAMP Security Snapshot is a new early-stage security maturity assessment for cloud products. The criteria were designed to provide a gap analysis that validates a product’s current maturity in relation to meeting the Minimum Mandatory Requirements for StateRAMP Ready.
The Security Snapshot helps providers begin their cybersecurity journey while offering governments insight into the risk maturity of supplier cloud products.
Watch this video to hear StateRAMP Executive Director Leah McGrath and Program Management Office Director Noah Brown explain why the Standards & Technical Committee and StateRAMP Board of Directors created the StateRAMP Security Snapshot.
Progressing Security Snapshot Program:
Assessment + Consulting
In addition to procuring a single Security Snapshot, providers can also enroll in the Progressing Security Snapshot Program. The StateRAMP Progressing Security Snapshot Program combines trust but verify principles and a consultative approach to improve cyber maturity for providers and begin information sharing critical to effective risk management for government.
The Program includes quarterly assessments (Snapshots) and monthly consultative calls with the PMO security team. You will gain insight into gaps in achieving NIST-based security practices and guidance on how to best address those gaps, with a focus on what matters most for improved security outcomes.
Assessment: Quarterly Updates to the StateRAMP Security Snapshot
As a provider, you can procure a single StateRAMP Security Snapshot or enroll in the StateRAMP Progressing Security Snapshot Program to receive quarterly Security Snapshots and participate in monthly consultative calls.
Consulting: Monthly Progress Calls Focused on Practical Guidance to Improve Security
Following the initial StateRAMP Security Snapshot, the product security team begins hour-long monthly consultative calls with the PMO security team who will educate on the gaps and provide guidance on how to address those gaps most efficiently.
Ready to get started with the Progressing Security Snapshot Program? Click below to email us. A member of the StateRAMP team will contact you with next steps.
Watch the Webinar
How are governments planning to use StateRAMP Security Snapshot?
The StateRAMP Security Snapshot may be utilized throughout the procurement process, as governments can utilize the Snapshot to determine the risk associated with products being considered for procurement. Governments can also use the Security Snapshot to assess progress toward StateRAMP Authorization for products once contracted.
The scoring methodology for the StateRAMP Security Snapshot is based on critical NIST 800-53 Rev. 5 requirements. Review the StateRAMP Security Snapshot Criteria and Scoring document (pdf) for more information
A letter will be issued to the Provider from the StateRAMP PMO with a product’s security maturity score. Scores are not publicly posted and any sharing of score is at the discretion of the provider.
The updated StateRAMP fee schedule outlines the costs for the StateRAMP Security Snapshot.
Providers can begin the Security Snapshot process by becoming a member of StateRAMP and submitting a Security Snapshot Request. After submission, providers will receive more information from the security team at the Program Management Office regarding payment and how to schedule a meeting to begin the intake process.
Prior to the 1-hour intake meeting, we encourage you to have read and understood the scoring criteria so you are prepared to provide artifacts for each criterion you meet. The required team members should be available on the Snapshot call to answer any follow-up questions.
Fill out the Snapshot request form to get started.
Receive StateRAMP Updates
Interested in StateRAMP? Sign up below to receive StateRAMP Updates.