May 3, 2023

StateRAMP Security Snapshot Tool Kick-starts Your Certification Process

What is StateRAMP, and what is this new Security Snapshot Tool? 

StateRAMP is a nonprofit membership organization modeled in part after its Federal counterpart, FedRAMP. The cloud-oriented program is based on the National Institute of Standards of Technology (NIST) Special Publication 800-53 and offers continuous monitoring, security assessments, and authorization for security providers.

On December 6, 2022, StateRAMP announced  another update to the StateRAMP program when Leah McGrath, Executive Director, announced the addition of the StateRAMP Security Snapshot Tool. With all the buzz surrounding the program over the past year, cloud service providers and government entities  have begun inquiring how cloud service providers can get started with StateRAMP and how government entities will assess risk maturity for these prospective cloud-enabled solutions.

As Noah Brown, StateRAMP PMO director, expressed,

“I compare the StateRAMP Security Snapshot to the 2-mile run on the Army ACFT. Before you begin a training program, you need to run two miles and score your time. Before beginning the StateRAMP Readiness Assessment Report, the snapshot can help service providers identify where they are in comparison to StateRAMP ready requirements.” 

What does this mean for Cloud Security Providers (CSPs)? 

These are great strides in the development of the StateRAMP program. Since the inception of the 501(c)(6) in 2020, StateRAMP is rapidly spreading across state and local governments; the much-desired tools are now in place to see StateRAMP become a reality for providers and government agencies. For some time, the difficulty with StateRAMP was how to assess one’s readiness – these additions to the programmatic planning are now going to give CSPs an additional starting point to begin the process. 

Recommendations for CSPs

Are you a Cloud Service Provider, curious how to start your journey in StateRAMP? Look no further. A good starting point for those seeking certification is to self-assess using the Minimum Mandatory Requirements posted by StateRAMP. The file below contains these requirements in  questionnaire form with a checklist for convenience.

Tevora recommends completing all 25 (32 if you offer an IaaS) questions and using the  score to determine your readiness. Reach out using the contact information labeled below, and the Tevora team will help analyze and understand your score. Tevora’s consulting services can be provided to further your service’s progress towards StateRAMP certification.

About Tevora

Tevora is a specialized management consultancy focused on cybersecurity. Tevora’s objective is to help keep your organization compliant and your brand safe. As a certified StateRAMP 3PAO, our federal services division provides advisory, preparatory, and formal assessment services for clients seeking StateRAMP authorization. 

Contact Us

If you have any questions about StateRAMP, or would like help bringing your organization into compliance, just give us a call at (833) 292-1609 or email us at