State and local government agencies must verify the cybersecurity posture of their cloud solution providers (CSPs) to protect critical data, systems, and infrastructure from ransomware attacks. StateRAMP creates standardized security requirements to help agencies manage supplier risk and authenticate cloud security solutions.
StateRAMP is a non-profit organization that serves state and local governments by evaluating technology contractors through verification, continuous monitoring and reporting. StateRAMP verifies vendor security through independent audits from third party assessment organizations (3PAOs).
StateRAMP connects agencies with secure IT service providers offering IaaS, PaaS, and SaaS technologies. Carahsoft provides cloud service offerings (CSOs) for StateRAMP’s three verification levels:
StateRAMP Authorized: Satisfy all requirements and has a government sponsor.
StateRAMP In Process: Working towards Authorized status.
StateRAMP Ready: Meets minimum requirements.
StateRAMP Active: Working towards Ready status.
StateRAMP Pending: Currently being reviewed by the StateRAMP PMO and awaiting a determination for a verified status.
StateRAMP Progressing, Snapshot: Security maturity assessment for cloud products to validate a product's current maturity in relation to meeting the Minimum Mandatory Requirements for StateRAMP Ready.
StateRAMP Provisional: Assigned to a product that meets Authorization requirements and has a StateRAMP Security Snapshot but the CSO's interconnected technologies are not StateRAMP or FedRAMP authorized.
Explore Carahsoft’s portfolio of StateRAMP approved solutions below.
Currently, StateRAMP is active in 19 states, 4 local governments, and 2 higher education institutions. Explore the interactive map below to discover which agencies are participating in StateRAMP.
State | Description |
---|---|
Arizona |
|
Arkansas |
|
California |
|
Colorado |
|
Florida |
|
Georgia |
|
Maine |
|
Massachusetts |
|
Michigan |
|
Nebraska |
|
New Hampshire |
|
New York |
|
North Carolina |
|
North Dakota |
|
Oklahoma |
|
Texas |
|
Vermont |
|
West Virginia |
|
Minnesota |
|
Nevada |
|
By becoming StateRAMP authorized, your organization can market and sell to state and local governments more effectively. Explore our partner page and connect with a Carahsoft expert to learn more about StateRAMP requirements and how your organization can become certified.
Education organizations are using StateRAMP to establish security standards for their cloud solutions. Higher Education institutions working with StateRAMP include Fayetteville State University, NC and the University of North Carolina System. Additionally, StateRAMP partners with the non-profit K12 Security Information eXchange (K12 SIX) to deliver cybersecurity best practices for K-12 schools.
March 9th, 2023
With the introduction of Security Snapshot, CSPs can ease their concerns, knowing they will receive detailed, personalized support to help them qualify for StateRAMP's verification.
March 14th, 2022
Learn ways state and local government agencies can turn to StateRAMP to provide education and cost-effective solutions for verifying multicloud security.
March 8th, 2021
Learn about StateRAMP's goal to create a framework for continuous improvement in cybersecurity for governments and providers on Carahsoft's Community Blog.