StateRAMP Security Snapshot
The StateRAMP Security Snapshot is a new early-stage security maturity assessment for cloud products. The criteria were designed to provide a gap analysis that validates a product’s current maturity in relation to meeting the Minimum Mandatory Requirements for StateRAMP Ready.
The Security Snapshot helps providers begin their cybersecurity journey while offering governments insight into the risk maturity of supplier cloud products.
Progressing Security Snapshot Program:
Assessment + Consulting
The StateRAMP Security Snapshot is an early-stage security maturity assessment for cloud products. The criteria were designed to provide a gap analysis that validates a product’s current maturity in relation to meeting the Minimum Mandatory Requirements for StateRAMP Ready.
The Security Snapshot helps providers begin their cybersecurity journey while offering governments insight into the risk maturity of supplier cloud products.
Service providers may choose to procure a single Security Snapshot, or they can also enroll in the Progressing Security Snapshot Program, which combines trust-but-verify principles and a consultative approach to improve cyber maturity for providers and information sharing critical to effective risk management for public sector organizations. The Program includes quarterly assessments (Snapshots) and monthly, hour-long consultative calls with the PMO Security Team. Providers gain insight into their products’ gaps in achieving NIST-based security controls and guidance on how to best address those gaps, with a focus on what matters most for improved security outcomes.
Assessment: Quarterly Updates to the StateRAMP Security Snapshot
As a provider, you can procure a single StateRAMP Security Snapshot or enroll in the StateRAMP Progressing Security Snapshot Program to receive quarterly Security Snapshots and participate in monthly consultative calls.
Consulting: Monthly Progress Calls Focused on Practical Guidance to Improve Security
Following the initial StateRAMP Security Snapshot, the product security team begins hour-long monthly consultative calls with the PMO security team who will educate on the gaps and provide guidance on how to address those gaps most efficiently.
Ready to get started with the Progressing Security Snapshot Program? Click below to submit the request form. A member of the StateRAMP team will contact you with next steps.
Snapshot FAQs
Effective, January 1, 2024, the Security Snapshot criteria and scoring are updated to align with baselines based on NIST 800-53 Rev. 5 and the MITRE ATT&CK framework control protection values. The updated criteria include the highest scoring MITRE ATT&CK control protection values from StateRAMP’s Minimum Mandates for Ready (Rev. 5). Scoring is weighted depending on the control protection value assigned in the NIST/MITRE ATT&CK Framework study and is based on a percentage out of 100. The weighted scoring based on MITRE ATT&CK’s framework was selected to ensure the Security Snapshot criteria emphasizes best practices that have the greatest impact on improved security defense. Review the StateRAMP Security Snapshot Criteria and Scoring policy for more information.
A letter will be issued to the Provider from the StateRAMP PMO with a product’s security maturity score. Scores are not publicly posted and any sharing of score is at the discretion of the provider.
The updated StateRAMP fee schedule outlines the costs for the StateRAMP Security Snapshot.
Providers can begin the Security Snapshot process by becoming a member of StateRAMP and submitting a Security Snapshot Request. After submission, providers will receive more information from the security team at the Program Management Office regarding payment and how to schedule a meeting to begin the intake process.
Prior to the 1-hour intake meeting, we encourage you to have read and understood the scoring criteria so you are prepared to provide artifacts for each criterion you meet. The required team members should be available on the Snapshot call to answer any follow-up questions.
Fill out the Snapshot request form to get started.
Progressing Snapshot FAQs
Once you enroll in the program, your advisor will work with you on your goals, including achieving a StateRAMP Authorized status. Any steps you take thereafter will be in furtherance of that goal.
The costs for the program are tiered based on revenue making the program accessible to businesses of all sizes. You will pay three months upfront upon enrollment and then monthly fees beginning in the fourth month. For more information, see the StateRAMP Fee Schedule.
Only the StateRAMP PMO who is working on your analysis, your appointed advisor, and the main POC for your company can see your scores. StateRAMP does not share your score with anyone. It is up to you to share your score as you see fit or as is required by the government agency you wish to do business with.
Yes, by enrolling in the Progressing Snapshot Program, your product will be listed on the Progressing Product List.
YES! Enrolling in StateRAMP’s Progressing Snapshot program will qualify you for TX-RAMP Provisional status without the 18-month expiration date otherwise imposed. Additionally, the program will help you achieve Ready or Authorized, which equate to TX-RAMP Level 1 and Level 2, should those be required under your TX contract. All enrollments are automatically sent to DIR on a weekly basis and there is nothing else you need to do to achieve TX-RAMP Provisional status. For more information, please watch this webinar.
First, become a StateRAMP member. Second, fill out the enrollment form and make your payment. Once that is complete, your Membership Engagement Specialist will reach out to schedule your kick-off call with your appointed advisor. This kick-off call will help you prepare for your first Snapshot.
Fill out this form to get started.
Watch the Webinar
Receive StateRAMP Updates
Interested in StateRAMP? Sign up below to receive StateRAMP Updates.