StateRAMP is now nearly two years old, and the small project is quickly becoming a mainstay in the security industry. State and local governments are looking for a solid cybersecurity framework that they can use to vet and certify cloud providers that they may work with.
In this article, we’ll talk about the basics of StateRAMP, specifically the Security Assessment Framework, and the processes and documents required therein.
One of the earliest tasks that Cloud Service Providers, 3PAOs, and state agencies complete are determining the security levels required to protect data in a cloud environment. FedRAMP uses federal standards and documentation to outline Impact Levels based on the importance of the data. StateRAMP follows suit by defining Impact Categories based on FedRAMP.
StateRAMP, like any other compliance framework, includes several reports to document a provider’s progress through certification for the Program Management Office (PMO). As of February 2021, however, the PMO is still spinning up its resources and and StateRAMP reports templates. As such, many required report templates are slated for availability on the StateRAMP website but are as of yet not published.