Who We Are

Who We Are

StateRAMP™, an independent not-for-profit organization, provides an efficient and cost-effective solution for verifying cyber security of cloud service providers for state and local government.

The StateRAMP™ model helps state and local governments by creating a level playing field for cloud service providers to take a standardized approach to Cloud security and risk assessment. StateRAMP™ does not recreate the wheel. Rather, StateRAMP™ builds upon the already existing third-party assessment organization (3PAO) ecosystem.

Leveraging proven and consistent security authorizations, following existing State policy baseline standards, which are currently NIST 800-53, StateRAMP™ ensures consistent application of State approved standards.

Our Goals Are Simple

  • Enable state and local procurement officials to confidently contract with secure thirdparty cloud service providers in a manner that won’t jeopardize government and citizen data 
  • Provide a strong framework that saves state and local governments time, money, and personnel from conducting redundant cloud security assessments 
  • Make it easier for thirdparty cloud service providers to work with governments through a clear framework and transferable certification process 
  • Help State and local government cost effectively avoid unnecessary cyber risks.   

Comprised of government, commercial and academic experts in the fields of cyber security, government procurement and public policy, the committee is responsible for establishing procedures and policies for:

  • Long-Term Governance and Best Practices
  • Internal Controls Ensuring Transparency and Credibility for All Stakeholders
  • Partner Engagement Process, including: States, Third Party Cloud Vendors and Third-Party Assessment Organizations (3PAOs)
  • Program Management Office (PMO) Process and Administration Functions
  • Cost Model Evaluation and Recommendations

Steering Committee Members

Joe Bielawski

President, Knowledge Services

Tony Bai

Federal Practice Lead, A-LIGN

Paul Baltzell

Vice President of Strategy and Business Development, Salesforce

Rich Banta

CISO, Data Center Architect, Lifeline Data Centers, L.L.C.

Ted Cotterill

State Chief Privacy Officer, State of Indiana/General Counsel for Indiana MPH

Dan Lohrmann

Chief Strategist and CSO, Security Mentor

Steve Nettles

Statewide Procurement Group Manager, State of Arizona

Jason Oksenhendler

Senior Manager, Cyber Risk Advisory, Coalfire

Craig Orgeron

CIO, State of Mississippi

Dugan Petty

Cooperative Contract Coordinator ICT, NASPO ValuePoint

Tim Roemer

Chief Information Security Officer, State of Arizona

Jaime Schorr

Chief Procurement Officer, State of Maine

J.R. Sloan

Chief Information Officer, State of Arizona

Paul Toomey

Founder and CEO, Geographic Solutions

Jay White

Chief Information Security Officer, State of Mississippi