5 Things to Know about StateRAMP

Julie Butterfield May 20, 2022

    While workers were shifting to remote work in droves in 2020, cybercriminals were paying attention to the cloud security vulnerabilities that created. In the second quarter of 2020, there was an astonishing 605% increase in cyberattacks that targeted remote workers, according to TechRepublic.

    With growing numbers of people working remotely and moving to the cloud, attacks on local and state governments are becoming more common as well. But there hasn’t been a standardized approach to cybersecurity standards required from cloud software providers offering solutions to state and local governments.

    Enter StateRAMP
    Standards set by StateRAMP are based on the Federal Risk and Authorization Management Program (FedRAMP), which is a set of cybersecurity standards for federal government agencies.

    StateRAMP is a nonprofit organization that provides a uniform cybersecurity assessment program for state and local governments. The goal of StateRAMP is to reduce the risk of cyberattacks and ensure the security of sensitive data held by state and local government organizations. It provides a set of compliance standards that cloud service providers must meet before they can do business with state and local governments.

    “At launch one year ago, our goal was to work with three to five states in the first year,” said Leah McGrath, Executive Director of StateRAMP in a press release. “The level of interest in StateRAMP is far surpassing our expectations and [it’s] incredibly exciting.”

    StateRAMP’s standards are important because they:

    1. Help protect sensitive data
    2. Reduce the risk of cyberattacks
    3. Provide a clear, standardized approach to cybersecurity for state and local governnments
    4. Ensure that cloud service providers are compliant with StateRAMP’s standards
    5. Offer training and resources to help cloud service providers understand and comply with the standards

    If you’re a cloud service provider offering solutions to state and local governments, and you’re not in compliance with StateRAMP standards, it could mean lost business. That’s because StateRAMP formalizes processes that allow third party assessment organizations (3PAOs) to provide assurance that state and local government procured solutions that meet published cybersecurity policies.

    360 Advanced can help with your StateRAMP readiness until it goes into effect. Meanwhile, we hosted a webinar May 25, which covered:

    • When StateRAMP is required
    • StateRAMP vs FedRAMP
    • StateRAMP & NIST 800-53 Revision 4
    • How StateRAMP is organized
    • StateRAMP security levels
    • Key differences by state including TexRAMP
    • Auditor selection process
    • Process timeline & overview
    • Projected costs
    • Getting started with StateRAMP

    Watch the webinar recording here