Certifications Mark an Era of Greater Responsibilities for States
While such certification creates a new requirement for vendors, some in the vendor community agree the time is right for states to raise the cyber bar.
“States have realized how important they are in delivering citizen services, and that became even more self-evident throughout the pandemic,” says Kevin Tunks, chief architect and national technical adviser at Red Hat. “If you are going to modernize, you need to have some security and privacy standards you are looking to meet in order to make the innovation happen faster and more equitably.”
In Texas, Rainosek saw firsthand the need for better safeguards on the vendor side. “We’ve had some security issues in Texas that have happened as a result of a vendor not having necessary controls in place,” she says.
TX-RAMP provides “a standardized approach for security assessment, authorization and continuous monitoring of cloud computing services that process the data of a state agency,” says the Texas Department of Information Resources. To address the need (and meet the legislative requirement), Rainosek’s team first needed to create a rule in the Texas Administrative Code, which took several months. Then it took a staged approach to standing up the program.
“Starting in January 2022, we required Level 2 certifications for cloud services that host confidential data or high-impact systems,” Rainosek says. “Level 1, which is for public or nonconfidential data or low-impact systems, will come under the program beginning Jan. 1, 2023.”
More than 1,200 products already have TX-RAMP certification, and Rainosek says that number could reach 3,000 to 4,000.
Click the banner below to explore ways to improve your cybersecurity strategy.