StateRAMP launches for state and local government cloud authorization
- By Susan Miller
- Jan 14, 2021
An independent non-profit is planning to offer cloud security verification services to state and local government agencies. StateRAMP will provide a framework that reduces redundant cloud security assessments for governments and makes it easier for cloud service providers (CSPs) to transfer certificates and credentials across uniform standards.
Because many CSPs that work with state and local agencies have no federal contracts, governments that require authorization by the Federal Risk and Authorization Management Program (FedRAMP) would exclude many current and new CSPs. By growing the provider community and government, StateRAMP aims to improve cloud security for state and local agencies.
Building on best practices of FedRAMP, StateRAMP will use the FedRAMP-authorized third-party assessment organizations to accredit CSPs. Authorized services will be posted in a StateRAMP marketplace, and a program management office will guide the providers through the StateRAMP authorization process
Like FedRAMP, StateRAMP’s security requirements are aligned with the National Institute of Standards and Technology’s 800-53 rev. 4 standards. State and local governments may add additional controls if they need to comply with requirements for handling health care or criminal justice data and workloads.
Also similar to the federal program, vendors must demonstrate that their service’s security posture is continuously acceptable to maintain their authorizations. StateRAMP will begin a pilot program in 2021 that will focus on low and moderate impact level security controls.
CSPs that have achieved FedRAMP authorization will be recognized at the appropriate security impact level by StateRAMP. FedRAMP, however, does not recognize StateRAMP authorizations.
StateRAMP was formed in partnership with state government CIOs, chief information security officers, chief privacy officers, procurement officials and private industries experts who serve state governments.
Government Technology first reported on StateRAMP.
Susan Miller is executive editor at GCN.
Over a career spent in tech media, Miller has worked in editorial, print production and online, starting on the copy desk at IDG’s ComputerWorld, moving to print production for Federal Computer Week and later helping launch websites and email newsletter delivery for FCW. After a turn at Virginia’s Center for Innovative Technology, where she worked to promote technology-based economic development, she rejoined what was to become 1105 Media in 2004, eventually managing content and production for all the company's government-focused websites. Miller shifted back to editorial in 2012, when she began working with GCN.
Miller has a BA and MA from West Chester University and did Ph.D. work in English at the University of Delaware.
Connect with Susan at [email protected] or @sjaymiller.