StateRAMP Templates and Resources
Welcome to the StateRAMP Templates and Resources Page. Security templates are developed based on policies adopted by the Board of Directors and recommended by the Steering Committee and Standards & Technical Committee.
Security Policies
Documents & Templates
StateRAMP verification relies on independent audits that are conducted by Third Party Assessing Organizations (3PAOs). StateRAMP 3PAOs will use the following templates to report audit findings.
Providers will need to complete their StateRAMP System Security Plan (SSP), SSP Attachments and have policies and procedures in order before engaging a Third-Party Assessment Organization (3PAO) for an audit.
StateRAMP System Security Plan (SSP) Template
StateRAMP SSP Attachments
Configuration Management Plan (CMP) Template
Incident Response Plan (IRP) Template
StateRAMP has worked with the Program Management Office (PMO) to develop sample policy and procedure templates to serve as a resource for providers.
AC – Access Control Policy Template | AC – Access Control Procedure Template
AT – Awareness & Training Policy Template | AT – Awareness & Training Procedure Template
AU – Audit & Accountability Policy Template | AU – Audit & Accountability Procedure Template
CA – Security Assessment and Authorization Policy Template | CA – Security Assessment and Authorization Procedure Template
CM – Configuration Management Policy Template | CM – Configuration Management Procedure Template
CP – Contingency Planning Policy Template | CP – Contingency Planning Procedure Template
IA – Identification & Authentication Policy Template | IA – Identification & Authentication Procedure Template
IR – Incident Response Policy Template | IR – Incident Response Procedure Template
MA – Maintenance Policy Template | MA – Maintenance Procedure Template
MP – Media Protection Policy Template | MP – Media Protection Procedure Template
PE – Physical & Environmental Policy Template | PE – Physical & Environmental Procedure Template
PL – Planning Policy Template | PL – Planning Procedure Template
PS – Personnel Policy Template | PS – Personnel Procedure Template
RA – Risk Assessment Policy Template | RA – Risk Assessment Procedure Template
SA – System & Services Acquisition Policy Template | SA – System & Services Acquisition Procedure Template
SC – System & Communications Protection Policy Template | SC – System & Communications Protection Procedure Template
SI – System & Information Integrity Policy Template | SI – System & Information Integrity Procedure Template
Authorized Vendor List
The first Authorized Vendor List (AVL) will be published in summer 2021 and will include a listing of Subscriber Members who are actively pursuing third party verification for their offerings. Follow the steps below to be listed on the upcoming Authorized Vendor List.
Find a StateRAMP 3PAO
Assessors play an important role in conducting independent security audits.
Government Sponsors
A government sponsor is required for providers wishing to submit a request for authorization.
Connect with the
StateRAMP PMO
StateRAMP is proud to partner with Knowledge Services to serve as the PMO.