The organization vets the security of vendors’ cloud services, to create an approved list of suppliers that states and municipalities can trust to meet basic cybersecurity standards. The project is modeled after FedRAMP, which verifies technology firms wishing to sell to the federal government.
That initiative is intended to help state and local governments identify safe solutions, while also saving time and effort for vendors which then only need to go through one vetting process — rather than a separate audit for each state.
Such concerns are especially important as governments face rising cybersecurity threats, use more cloud services and collect more resident data that they must then be sure they can protect.
StateRAMP sees vendors undergo one-off audits and continuous monitoring, and aims to provide a standard cybersecurity validation approach that is trusted across state borders.
A nascent effort like StateRAMP needs to win over two user bases simultaneously. It must get a sufficiently wide base of audited vendors to entice states to engage. Meanwhile, vendors will be most interested in undergoing those auditing processes and paying the associated fees and membership dues if they know many states are signed on.
As of this latest announcement, StateRAMP is active with 10 states:
- Arizona
- California
- Florida
- Georgia
- Massachusetts
- Michigan
- New Hampshire
- Oklahoma
- North Carolina
- Texas
“At launch one year ago, our goal was to work with three to five states in the first year,” StateRAMP Executive Director Leah McGrath said in a press release. “The level of interest in StateRAMP is far surpassing our expectations and incredibly exciting.”