What is StateRAMP

StateRAMP brings state and local governments together to develop standards for cloud security, educate on best practices, and recognize a common method for verifying the cloud security of service providers who use or offer cloud solutions that process, store, and/or transmit government data including personally identifiable information (PII), personal health information (PHI), and payment card industry (PCI) information. StateRAMP is organized under the Indiana Nonprofit Corporations Act as a domestic nonprofit organization.

StateRAMP’s purpose is:

1. Help state and local government protect citizen data

2. Save taxpayer and service provider dollars with a “verify once, serve many” model

3. Lessen the burdens on State and Local Government

4. Promote education and best practices in cybersecurity among those it serves in industry and the government communities.

StateRAMP’s security verification model is based on the National Institute of Standards and Technology (NIST) publication 800-53 Rev. 4—the same publication the Federal Government used to develop FedRAMP, a similar cybersecurity program for federal entities.

Project Hosts is a StateRAMP Member

Project Hosts is now a StateRAMP Member and has begun the process of obtaining StateRAMP Security Status. Upon completion of the process, Project Hosts will be listed on the Authorized Vendor List (AVL). The StateRAMP service provider membership is granted at the organizational level and there is no limit to the number of products or services that can be validated and provided to State and Local Governments and Higher Education institutions.

FedRAMP Reciprocity

Because Project Hosts is a service provider that has a PaaS solution that has already been awarded a FedRAMP Ready, ATO, the same product can be reviewed by the same PMO under FedRAMP Reciprocity. According to StateRAMP’s governing body, as a StateRAMP member under FedRAMP Reciprocity, no additional security assessment is required to submit documentation for review.