StateRAMP Main the Manner on Cyber Greatest Practices


As cyber threats in opposition to state and native governments improve, the necessity for a united entrance is extra essential than ever. StateRAMP, modeled on the Federal authorities’s FedRAMP program, is main the best way. By selling greatest practices by training, advocacy, and coverage growth, StateRAMP helps drive a standardized method to cybersecurity, leading to extra strategic and efficient cyber postures for state and native governments.

What’s StateRAMP?

Based in 2020, StateRAMP is a non-profit group providing cloud safety verification providers to state and native governments. It’s the brainchild of the State of Arizona’s CIO, J.R. Sloan who was a key driver in creating their state’s model of the U.S. Authorities’s FedRAMP program. Often known as AzRAMP, its success grew consciousness amongst different states that they might additionally profit from adapting the FedRAMP mannequin, as Arizona had finished.

As cyber assaults in opposition to native infrastructure, together with transportation, utilities, and public security ratcheted up, different state and native authorities IT leaders started to see the worth of standing collectively as a extra unified entrance. The consequence was StateRAMP and a “confirm as soon as, serve many” technique. Right this moment, the group’s membership contains service suppliers providing IaaS, PaaS, and/or SaaS options, plus third get together evaluation teams and authorities officers.

“Cisco’s been an early supporter of StateRAMP, having joined as a Member shortly after StateRAMP launched. StateRAMP offers an amazing alternative for states to undertake a standard cyber safety mannequin which is able to end in elevated confidence within the safety posture of cloud providers and supply efficiencies for state governments when conducting threat assessments.”

-Claudio Belloli, Cloud Relationship Supervisor, Cisco U.S. Pubic Sector

Whereas modeled on the U.S. Authorities’s Federal Danger and Authorization Administration Program (FedRAMP), which is necessary for Federal Businesses, StateRAMP is a voluntary validation program that states can decide to undertake. StateRAMP goals to offer states with widespread safety standards for standardizing cloud safety verification. It does this by:

  • Making a shared useful resource mannequin
  • Offering steady monitoring.

This method can help state and native leaders to raised perceive and simplify cloud compliance and threat administration. The tip consequence helps them to raised defend essential knowledge, methods, and infrastructure from cyber-attacks and ransomware.

Why StateRAMP?

Because the complexity of threats in opposition to authorities networks, customers, and knowledge will increase there’s an ongoing want for an equally decided validation mechanism for the cybersecurity options deployed to fulfill the problem. By way of standardization and validation, StateRAMP permits service suppliers to confirm their safety posture, giving prospects the reassurance of a predetermined degree of compliance. This assurance is elevated by establishing an unbiased, unbiased assessment of and systematic affirmation of any resolution’s capabilities through a third-party.

By working along with service suppliers and third-party evaluation teams, StateRAMP has been capable of develop a viable validation system, permitting their members to be assured that cloud suppliers and distributors meet stringent cybersecurity necessities, together with adhering to revealed greatest practices and insurance policies. The validation method, as outlined by StateRAMP under, contains:

  • Progressing Choices – StateRAMP acknowledges choices within the strategy of working towards a verified providing. To be listed in progress, the supplier have to be engaged with a 3rd get together assessing group (3PAO) for an unbiased audit. The progressing statuses embody Lively, In Course of, and Pending. Lively is working towards Prepared; In Course of is working towards Licensed; Pending has submitted a safety package deal to the Program Administration Workplace (PMO) and is awaiting a willpower for a verified standing.
  • Verified Choices – To be verified, the supplier should meet minimal safety necessities and supply an unbiased audit carried out by a 3rd get together assessing group (3PAO). StateRAMP acknowledges three verified statuses, together with Prepared, Provisional, and Licensed. Prepared meets minimal necessities. Provisional exceeds minimal necessities and has a authorities sponsor. Licensed satisfies all necessities and has a authorities sponsor. To make sure ongoing safety compliance and threat mitigation, suppliers should adjust to steady monitoring necessities to take care of a verified safety standing.

StateRAMP additionally offers its membership with a wide range of instruments and sources to assist information them to higher cyber resilience. Most essential amongst these is the StateRAMP Licensed Vendor (AVL) record. It particulars verified choices and people within the strategy of working towards an authorization.

Cisco congratulates StateRAMP

With twenty-three “Lively” options for StateRAMP (together with our hottest SaaS options like Cisco Webex,  Cisco Safe Endpoint, and Cisco SecureX), Cisco is happy to be part of this landmark effort to safe authorities. We congratulate StateRAMP’s management for innovating within the face of evolving challenges and pushing the safety of state and native governments ahead in such a brief time period.

Our StateRAMP Lively cloud options assist your company present stronger, risk-based safety that includes deeper visibility and automation. By partnering with Cisco, your transition to a hybrid working setting can embody enhanced safety, lowered dangers, and sooner deployment. Cisco consultants may also help you:

  • Harness the pliability of cloud applied sciences
  • Securely allow customers throughout the miles
  • Present coaching anyplace
  • Discover artistic options with multi-cloud confidence.

Plus, we may also help fast-track your IT modernization with Cisco Providers that assist you to get probably the most out of your present collaboration instruments and pace your improve path.

At Cisco, we additionally supply a wide range of FedRAMP Licensed and In-Course of options that state and native governments can leverage. These have been by a rigorous validation program that meets the stringent necessities of the U.S. Federal Authorities. This provides you the reassurance of belief, safety, and reliability you want to your each day operations.

At Cisco, we’re dedicated to serving to safe state and native networks, customers, knowledge, and infrastructure in opposition to the evolving dangers they face in in the present day’s risk panorama. Along with StateRAMP, we’re serving to outline the following technology of cybersecurity for presidency.

Extra sources



Please enter your comment!
Please enter your name here