Connecting state and local government leaders
An independent non-profit, StateRAMP will offer cloud security verification services to state and local government agencies.
An independent non-profit is planning to offer cloud security verification services to state and local government agencies. StateRAMP will provide a framework that reduces redundant cloud security assessments for governments and makes it easier for cloud service providers (CSPs) to transfer certificates and credentials across uniform standards.
Because many CSPs that work with state and local agencies have no federal contracts, governments that require authorization by the Federal Risk and Authorization Management Program (FedRAMP) would exclude many current and new CSPs. By growing the provider community and government, StateRAMP aims to improve cloud security for state and local agencies.
Building on best practices of FedRAMP, StateRAMP will use the FedRAMP-authorized third-party assessment organizations to accredit CSPs. Authorized services will be posted in a StateRAMP marketplace, and a program management office will guide the providers through the StateRAMP authorization process
Like FedRAMP, StateRAMP’s security requirements are aligned with the National Institute of Standards and Technology’s 800-53 rev. 4 standards. State and local governments may add additional controls if they need to comply with requirements for handling health care or criminal justice data and workloads.
Also similar to the federal program, vendors must demonstrate that their service’s security posture is continuously acceptable to maintain their authorizations. StateRAMP will begin a pilot program in 2021 that will focus on low and moderate impact level security controls.
CSPs that have achieved FedRAMP authorization will be recognized at the appropriate security impact level by StateRAMP. FedRAMP, however, does not recognize StateRAMP authorizations.
StateRAMP was formed in partnership with state government CIOs, chief information security officers, chief privacy officers, procurement officials and private industries experts who serve state governments.
Government Technology first reported on StateRAMP.