StateRAMP posts first authorized vendor list
StateRAMP, the nonprofit developing a standard method of verifying cloud security for state and local government agencies, has announced its first set of authorized vendors.
The StateRAMP security standards are based on National Institute of Standards and Technology’s Special Publication 800-53; StateRAMP’s compliance verification is modeled in part after the Federal Risk and Authorization Management Program. Like FedRAMP, StateRAMP leverages third-party assessment organizations to conduct audits for its program management office to review.
State and local governments can work with StateRAMP to manage the risk profiles of cloud service providers with software-as-a-service, platform-as-a-service or infrastructure-as-a-service offerings.
StateRAMP’s authorized vendor list includes companies with products in security statuses ranging from ready to authorized. It also includes businesses whose product authorization is in progress. Even after being authorized, providers must comply with continuous monitoring requirements to maintain a verified security status.
Twenty-four companies providing 51 products are featured on StateRAMP’s first authorized vendor list, including Avaya, Cisco, Google, Microsoft, Okta, Qualsys, Zscaler and others.
The list of verified and in-progress products is updated weekly. See the most recent list here.
StateRAMP currently has more than 200 members, including state and local governments and the providers who serve them.
Connect with the GCN staff on Twitter @GCNtech.