StateRAMP is a consortium of cybersecurity officials across the public and private sectors, who have come together to “promote cybersecurity best practices through education, advocacy, and policy development.” Formed in late 2020, the organization is charged with assisting state and local governments in vetting third party vendors’ cyber and cloud security posture. As such, it has leveraged the structure from its federal counterpart FedRAMP basing the methodology holistically on FedRAMP’s framework. This will allow state and local governments to be able to authorize vendors that do not work with Federal Agencies using a baseline that follows the stringent example set at the Federal Level, where State and Local governmental organizations do not have the ability to act as Federal sponsors to Cloud Service Providers.
StateRAMP has 4 key goals, as set forth in its Start Guide:
It’s no secret that government agencies are under constant threat of cybersecurity attacks. In 2020 alone, 79 ransomware attacks on local, state, and national governments amounted to an estimated $18.88 billion in damage, impacting 71 million people in the process. The FedRAMP authorization program was created to create security guidelines for cloud vendors working with the government, and while the framework has continued to mature and established itself as a beacon of security standards, it only applies to the Federal government. State and local governments therefore did not have guidelines of their own, and, thus, StateRAMP was born.
As the potential for cybersecurity attacks continue to increase across all government levels, it is only natural that StateRAMP will eventually become a key framework for cloud service providers who do work with any State and Local governments. Arizona recently announced its statewide pilot of the program, and other state and local government entities are sure to follow suit.
Want to learn more about StateRAMP and if authorization is appropriate for your business? Get in touch with a member of our team below.
Subscribe to our newsletter and get the latest cybersecurity insights, updates, and event invitations delivered straight to your inbox. Join our community and empower your security journey with RISCPoint's expert knowledge.
Join our newsletter for updates. Terms.