Mar 1, 2023
Tevora’s Federal Division Keeps Pace with the Rapidly Evolving StateRAMP
StateRAMP vs. FedRAMP – Here is what you need to know
Irvine, CA – January 13, 2023 – Over the past year, the buzz surrounding StateRAMP, a relatively new 501(c)(6) founded in 2020, has surged. From its inception, StateRAMP was designed with the mission to promote cybersecurity best practices by improving the security posture of state and local governments throughout the country. Through 2022, we observed StateRAMP quickly establish a solid footprint with a growing number of state governments.
With an ever-expansive footprint held by StateRAMP, we can expect cloud service providers (CSPs) to expedite their adherence to the newly developed regulation if they desire to work with state and local governments. Between President Biden signing the FedRAMP Authorization Act into law on December 26, 2022, which mandates cloud-enabled solutions desire to work with the government to be FedRAMP authorized, and StateRAMP rolling out newly developed regulations for state and local governments, we expect a stampede of CSPs to enter the StateRAMP and FedRAMP realm in the coming months.
But why is StateRAMP so important? “Although significant cyber incidents of 2021 give the impression that cyber security in the government sector is only a concern for the federal government…public-sector cybersecurity is very much a concern for state and local governments, with experts describing them as “under siege,” said Verizon in a 2022 update. StateRAMP leverages the pre-approved FedRAMP processes, while enabling state and local governments to adopt a common framework (National Institute of Standards and Technology (NIST) 800-53) to strengthen their security posture and consistently evaluate the risk associated with cloud-enabled solutions.
Not everyone has followed the continuous updates from StateRAMP over the year, so Tevora breaks down the key differences between StateRAMP and FedRAMP to bring CSPs, government agencies, and 3PAOs up to speed.
- What: Nonprofit 501(c)(6) governed by a board of directors
- Funding: StateRAMP membership fees
- Who: State and local governments
- Authorized Products: Available on the StateRAMP Authorized Products List
- Ready Status: Does not expire
- PMO: Designed to be a shared resource between Cloud Service Providers (CSPs) and government bodies
- State and local governments have visibility into continuous monitoring (ConMon)
- Provisional status is awarded by the government sponsor
- What: Federally funded government program signed into law on December 26, 2022
- Funding: Office of Management and Budget
- Who: Federal government agencies and downstream contractors
- Authorized Products: Available on the FedRAMP Marketplace
- Ready Status: Expires within 12 months
- PMO: Serves purely as a review body
- Required to do business with government agencies (as of December 26, 2022)
- Federal government agencies have visibility into continuous monitoring (ConMon)
- Provisional status is awarded by the Joint Authorization Board (JAB) vs. Agency
We can expect that StateRAMP will continue to mature as evidenced by the consistent updates the 501(c)(6) is announcing. StateRAMP is streamlining cloud security for state and local governments through the adoption of a common framework, allowing for more formalized and expedited processes for CSPs so that they can seek and utilize their StateRAMP certification for multiple agencies, and ultimately improving cyber security for state and local governments. “As with any of our services, we help our clients by building out a compliance plan, providing advisory services, creating supporting documentation, preforming gap assessments, and conducting formal audits,” said Jeremiah Sahlberg. “With each client, we create a customized plan of services to help our clients meet their goals.”
Tevora is a specialized management consultancy focused on cybersecurity. Tevora’s objective is to help keep your organization compliant, and your brand safe. As a certified FedRAMP 3PAO and StateRAMP assessor, our federal services division provides advisory, preparatory, and formal assessment services for clients seeking FedRAMP and StateRAMP authorization.
If you have questions or would like help bringing your organization into compliance, our team of experienced security experts can help. Just give us a call at (833) 292-1609 or email us at email@example.com.