New States Leveraging GovRAMP for Cyber Verification

Announcing more states later this summer! 

Today GovRAMP announced its growing list of states who are working with GovRAMP to validate the cybersecurity posture of their third-party suppliers who use or offer cloud products to deliver services.

GovRAMP launched in early 2021 and one year later, an expanded list of state and local municipalities are working with GovRAMP to validate provider’s cloud-based solutions to ensure all baseline cyber requirements are met.

Leading states include:

• Arizona
• California
• Florida
• Georgia
• Massachusetts
• Michigan
• New Hampshire
• Oklahoma
• North Carolina
• Texas

With responsibilities for critical infrastructure, vital services, and mass storage of confidential data, government, at all levels, is a prime target for cybercrime.

“2021 was a record-breaking year for data breaches and software supply chain attacks,” said Steve Nichols, Chief Technology Officer at the Georgia Technology Authority. “As cybersecurity threats and risks have increased, state and local governments must ensure the suppliers they work with are able to meet minimum cyber requirements.”

GovRAMP provides state and local governments assurance that the suppliers they are working with meet the minimum cybersecurity standards through independent audits and ongoing continuous monitoring.

“Until GovRAMP, there was not a standardized method to provide state and local governments consistent, independent, and ongoing validation of a product’s cyber posture,” said J.R. Sloan, Chief Information Officer for the State of Arizona. “That left states on their own, expending valuable resources evaluating vendor compliance. GovRAMP allows us to work together with our counterparts in other states and in the vendor community toward a common standard.”

GovRAMP is designed as a shared service for government and a streamlined service for suppliers who can verify their products one time and reuse that certification with each government agency they serve.

“Cybersecurity is a team sport. The bad actors are working together, why can’t we?” said Chance Grubb, Senior Staff Officer/OK-ISAC Lead, Oklahoma Cyber Command, Office of Management and Enterprise Services. “Being able to partner with GovRAMP allows us to better protect citizen data and infrastructure.”

“GovRAMP is a great example of what needs to take place to help us defend against attack,” said Rob Main, State Chief Risk Officer for the State of North Carolina.

“At launch one year ago, our goal was to work with three to five states in the first year. The level of interest in GovRAMP is far surpassing our expectations and incredibly exciting,” said Leah McGrath, Executive Director of GovRAMP. “Our team feels truly honored to be a part of this effort helping strengthen cybersecurity across the nation.”

About GovRAMP

GovRAMP is a nonprofit organization that launched in early 2021 and brings state and local governments together with the suppliers who serve them to recognize best practices in cloud security and provides a standardized approach to cloud cybersecurity verification. GovRAMP helps state and local governments reduce cyber risks from unsecure cloud solutions, and benefits service providers by creating a “verify once, use many” approach to cloud security and risk assessment.

GovRAMP maintains an Authorized Vendor List (AVL) which lists products that have achieved a security status and those products going through the process. Learn more at www.govramp.org, and register to attend a virtual event at www.govramp.org/events