Rethinking the Role of Compliance


StateRAMP’s governance committees adopt policies and procedures that standardize security requirements for providers. StateRAMP’s Program Management Office then verifies those cloud offerings utilized by government satisfy adopted security requirements through independent audits and continuous monitoring. Products that are working towards or have achieved StateRAMP Authorizations are included on the Authorized Product List.


About StateRAMP

In the digital age, businesses require a certain level of cyber-hygiene from commercial organizations they employ. Local, state, and federal government entities need the same assurances to protect their interests and the citizens they represent. Risk is everywhere, which means it is imperative your organization, as well as the third-party organizations you work with, are secure either in the form of security audits or Authorizations to Operate (ATOs). This includes accountants, airlines, healthcare providers, banks, public safety organizations and many others. In the digital age, validation of cybersecurity is critical, and must go beyond compliance as a check-the-box exercise.

StateRAMP represents the vested interests of state and local governments, third party assessment organizations, and service providers with IaaS, SaaS, and PaaS solutions alike. Their goal is to streamline the cybersecurity process by providing a uniform approach for validating cyber-hygiene for cloud applications used by state and local governments. The approach is very similar to how the Federal Risk and Authorization Management Program (FedRAMP) streamlined the process for federal contracts.

Qmulos simplifies StateRAMP compliance in a few easy steps. To the right you can find a link to download the free product brief, addressing some of the confusion behind the new standard, as well as how our solution, Q-Compliance, can assist your organization in quickly becoming compliant and helping your organization and your chosen third-party auditor organization in assessing your level of compliance.

Frequently Asked Questions

StateRAMP represents the shared interests of state and local governments, third party assessment organizations, and service providers with IaaS, SaaS, and PaaS solutions. We believe in the values of transparency, standardization, and community. As an advocate for strong but fair cybersecurity standards, StateRAMP works to bring together service providers, policy makers, industry experts, and government officials to drive the future of cybersecurity. Our members lead, manage, and work in various disciplines across the United States and are all committed to making the digital landscape a safer, more secure place.

StateRAMP is built on the National Institute of Standards and Technology Special Publication 800-53 Rev. 4 framework, modeled in part after FedRAMP, and based on a “complete once, use many” concept that saves time and reduces costs for both service providers and governments. Like FedRAMP, StateRAMP relies on FedRAMP Authorized 3PAOs to conduct assessments.

The StateRAMP Authorized Product List is a list of service providers published on the StateRAMP website who have obtained a StateRAMP security status of Active, In-Process, Pending, Ready, Provisional, or Authorized. The StateRAMP Authorized Product List gives governments and procurement officials confidence in their service provider’s data security capabilities and provides a central location for sourcing service providers using or offering IaaS, SaaS, and/or PaaS solutions that process, store, and/or transmit government data including PII, PHI, and/or PCI who are StateRAMP verified. StateRAMP-approved 3PAOs are listed on the Assessors page of the StateRAMP website.

StateRAMP is governed by a Board of Directors comprised of a majority of state and local government officials and organized under the Indiana Nonprofit Corporations Act as a domestic nonprofit organization 501(c)6.

StateRAMP simplifies security by providing state and local governments a common method for verification of cloud security.

With StateRAMP, Procurement Officials, Privacy Officers, and Information Security Officers can be confident that government-selected third party providers using or offering IaaS, SaaS, and/or PaaS solutions that processes, stores, and/or transmit government data including PII, PHI, and/or PCI, meet and maintain the government’s published cybersecurity polici

StateRAMP documentation is maintained on the StateRAMP website documents page. Opportunities for public comment periods will be communicated via a number of methods, including the StateRAMP website and the StateRAMP mailing list which you can subscribe to using the form in the footer.

Schedule Your Demo Now!

Schedule your demo today to see how Q-Compliance can transform your compliance experience.

Play Video

Request a Demo

Learn how QMULOS can help your company grow by scheduling a demo with our team.