StateRAMP

StateRAMP was developed with procurement and IT officials in mind – to bridge the gap between the two offices and provide a framework of cybersecurity standards for government contractors. All too often, procurement officials are challenged with procuring the best cloud services and software for the lowest price, without the tools or resources to verify cybersecurity compliance.

While state and local governments have begun to take steps to secure their own databases, not much has been done to validate the oversight and protection of third-party cloud service providers with whom they do business.

Modules include:

System Security Plan (SSP) High-Moderate-Low
System Security Plan (SSP)
Security Assessment Report (SAR)
Security Assessment Plan (SAP)
Plan of Action and Milestones (POA&M)
Customer Responsibility Matrix
Electronic Authentication (E-Authentication) Plan
Privacy Impact Assessment (PIA)
Rules of Behavior (RoB)
Information System Contingency Plan (ISCP)
CIS for SSP Low, Moderate, or High Baselines
Integrated Inventory Workbook
Information System Security Policies and Procedures
Configuration Management (CM) Plan
Control Implementation Summary (CIS)
CIS Worksheet
IT Contingency Plan (CP)
Incident Response Plan (IRP)
Rules of Behavior (ROB)
AC Access Control
AT Awareness and Training
AU Audit and Accountability
CA Certification, Accreditation, and Security Assessment
CM Configuration Management
CP Contingency Planning
IA Identification and Authentication
IR Incident Response
MA Maintenance
MP Media Protection
PE Physical and Environmental Protection
PL Planning
PS Personnel Security
RA Risk Assessment
SA System and Services Acquisition
SC System and Communications Protection
SI System and Information Integrity
PM Project Management

ConMon

Continuous Monitoring Activities & Deliverables: Continuous
Continuous Monitoring Activities & Deliverables: Weekly
Continuous Monitoring Activities & Deliverables: 10 days
Continuous Monitoring Activities & Deliverables: Monthly
Continuous Monitoring Activities & Deliverables: 60 days
Continuous Monitoring Activities & Deliverables: Quarterly (90 days)
Continuous Monitoring Activities & Deliverables: Annual
Continuous Monitoring Activities & Deliverables: Every 2 years
Continuous Monitoring Activities & Deliverables: Every 3 years
Continuous Monitoring Activities & Deliverables: Every 5 years
StateRAMP Significant Change Request Form
StateRAMP Significant Change Request Form: Attachment A

Policies and Procedures

AC – Access Control Policy
AC – Access Control Procedure
AT – Awareness & Training Policy
AT – Awareness & Training Procedure
AU – Audit & Accountability Policy
AU – Audit & Accountability Procedure
CA – Security Assessment and Authorization Policy
CA – Security Assessment and Authorization Procedure
CM – Configuration Management Policy
CM – Configuration Management Procedure
CP – Contingency Planning Policy
CP – Contingency Planning Procedure
IA – Identification & Authentication Policy
IA – Identification & Authentication Procedure
IR – Incident Response Policy
IR – Incident Response Procedure
MA – Maintenance Policy
MA – Maintenance Procedure
MP – Media Protection Policy
MP – Media Protection Procedure
PE – Physical & Environmental Policy
PE – Physical & Environmental Procedure
PL – Planning Policy
PL – Planning Procedure
PS – Personnel Policy
PS – Personnel Procedure
RA – Risk Assessment Policy
RA – Risk Assessment Procedure
SA – System & Services Acquisition Policy
SA – System & Services Acquisition Procedure
SC – System & Communications Protection Policy
SC – System & Communications Protection Procedure
SI – System & Information Integrity Policy
SI – System & Information Integrity Procedure

Your Roadmap to Risk Reduction!

StateRAMP

What are you waiting for?

Download our company brochure.

Amazing Benefits