StateRAMP May Strengthen Bonds Between States and Contractors
By establishing StateRAMP, states move closer to the requirements rather than relying on FedRAMP, which was developed by an outside organization. State governments have finer control over cybersecurity compliance, and this creates a closer working relationship with their vendor partners. The strengthening of this relationship, along with more transparency around the work, will draw more states into the StateRAMP organization.
In September, StateRAMP first published its authorized vendor list. The consortium refreshes the list weekly, and it currently lists 73 certified vendors. Among those certified to date are recurring state and local vendors including Cisco, Google, Microsoft, VMware and Zoom. The StateRAMP member organization includes service providers offering Infrastructure as a Service, Platform as a Service and Software as a Service, as well as third-party organizations and state and local government officials.
Prominent vendor breaches in the past several years have produced a new age of awareness for vulnerabilities. While news may focus on the impact of such breaches on federal agencies, state agencies also have suffered. According to a 2020 survey on FedRAMP, state and local agencies are more likely to host all of their IT systems in the cloud than federal agencies. With StateRAMP, states gain additional protections they once lacked.
Arizona has long been a leader in adopting new technology, establishing a cloud-first policy several years ago to speed transformation and streamline management of IT resources. With StateRAMP, Arizona and other states will lead the way to greater assurance in cloud adoption.
This article is part of StateTech’s CITizen blog series. Please join the discussion on Twitter by using the #StateLocalIT hashtag.