The newly formed StateRAMP Approvals Committee is making the path to cybersecurity validation simple and straightforward.
Formed by the StateRAMP Board and Nominating Committee, the Approvals Committee includes five members, uniting experience in state and local government and higher education. Their work will help service providers who offer or use IaaS, PaaS, or SaaS solutions that process, store, or transmit government data be sure their products meet stringent government industry verification standards and receive an Authorized status for their product.
Learn more about the StateRAMP Approvals Committee, including the specific ways it’s helping service providers verify their cybersecurity posture, the expertise each member brings to the organization, and how to engage the Approvals Committee to begin cybersecurity validation.
Over the past decade, state and local governments have taken steps to secure their systems and databases from cyberthreats but have struggled to validate security compliance or oversee third-party service providers who offer or use PaaS, IaaS, or SaaS. Often, these providers handle sensitive government data alongside PII, PCI, or PHI. This gap creates an enormous opportunity for cyber criminals to target governments, disrupting vital services and impacting entire communities.
StateRAMP was formed to help establish a standardized approach to cybersecurity thresholds for service providers who offer solutions to state and local governments. StateRAMP’s Board of Directors and its Nominating Committee recently formed the StateRAMP Approvals Committee, which is charged with serving as the body for Government Sponsorship for StateRAMP Authorized and StateRAMP Provisional Statuses.
The StateRAMP Approvals Committee possesses the necessary technical and government policy knowledge and the capabilities to provide States and Local Governments with industry verification standards and guidance related to cybersecurity and third-party solutions. The committee is comprised of leaders in government, education, and cybersecurity to bring proven experience and clear insight to the committee.
Committee members serve as authorizing officials on behalf of government if a provider is unable to secure a government sponsor. In some cases, StateRAMP’s Board of Directors may appoint a subject matter expert to the committee to aid in claims assessments as necessary.
Members of the StateRAMP Approvals Committee must:
The Approvals Committee will approve the processes and preferred timing for monthly reviews. The process for approvals may include:
The committee will begin processing security packages in March. Providers who are interested in submitting their product to the Approvals Committee for review should reach out to info@stateramp.org.
StateRAMP thanks the following individuals for serving on the inaugural StateRAMP Approvals Committee:
Antoine Charles
Third Party Risk Analyst
Oklahoma Office of Management and Enterprise Services
Ken Weeks
Chief Information Security Officer
New Hampshire Department of Information Technology
Todd Ryan
Chief Technology Officer
Fulton County
Adam Mikeal
Director of IT Policy, Risk, Identity, & Data Management
Texas A&M University Division of IT
Josh Kadrmas
Governance, Risk, & Compliance Team Lead
North Dakota Information Technology
If you’re a provider whose product has completed a StateRAMP PMO Authorization Review and awarded a temporary Ready status, you are eligible to submit your product(s) to the Approvals Committee for review. Please contact pmo@stateramp.org to schedule your product in the approvals queue.
If you’re a provider who has not yet engaged the StateRAMP PMO for an Authorization Review, but you do intend to leverage the Approvals Committee instead of an individual government sponsor, please indicate your preference for Approvals Committee review on your PMO Security Review Application at the time of your submission.
Whether you’re a service provider looking for clear ways to validate your product’s security posture, a government official researching how to protect citizen data, or a cybersecurity assessor researching the current ecosystem, StateRAMP has tools and resources to help.
StateRAMP offers membership options for government officials and members of private industry.
Read about the benefits of StateRAMP membership and register to become a member today by visiting the Registration page on the StateRAMP website. StateRAMP’s membership applications are quick and easy, and you can join StateRAMP to get access to the Member Portal, list your product on the Authorized Vendor List, and engage the StateRAMP PMO today!
The StateRAMP staff and PMO team host regular webinars to provide education and resources about StateRAMP, the mission of the nonprofit, how providers and governments can get involved, what the review process looks like, and how providers can assess their product to prepare for a PMO Security Review. Webinars are free and open to all. View all events at stateramp.org/events.
If you would like to learn more about StateRAMP and how you can get involved, email info@stateramp.org.