Assessment + Advisory = Progress
Combining trust-but-verify principles and a consultative approach to improving cybersecurity maturity, the StateRAMP Progressing Snapshot is an ongoing, iterative program including quarterly assessments (Snapshots) and monthly progress calls between providers and the StateRAMP PMO security team. The results include improved cyber maturity for providers and information sharing that’s critical to working with public sector organizations.
Why Choose the Progressing Security Snapshot Program?
While a single Snapshot is a helpful moment-intime representation of a product and provider’s cybersecurity maturity, enrollment in the StateRAMP Progressing Security Snapshot program includes an ongoing, iterative approach.
Following a providers’ initial StateRAMP Security Snapshot, product security teams begin hour-long monthly consultative calls with the PMO security team.
The StateRAMP team offers unique insights and helps educate providers on their security gaps, providing guidance on how to best address them most efficiently and effectively.
The Progressing Security Snapshot Process
Step 1:
Step 2:
Step 3:
Prior to your one-hour intake meeting, you are encouraged to read and understand the Security Snapshot scoring criteria to be prepared to provide artifacts for each criterion met.
Step 4:
Service providers will be issued a formal letter from the StateRAMP PMO containing their product’s security maturity score. Scores are not disclosed or posted publicly, and any sharing of the received score is at the discretion of the service provider.
Step 5:
Following the initial StateRAMP Security Snapshot, the product security team begins hour-long monthly consultative calls with the PMO security team who will educate on the gaps and provide guidance on how to address those gaps most efficiently. Updated Snapshots will be available quarterly or upon request.
Frequently Asked Questions
StateRAMP Security Snapshot provides a risk score that allows potential government and public sector partners to make an informed decision during procurement. The scoring criteria and methodology for the StateRAMP Security Snapshot is based on critical NIST 800-53 requirements. Scores are derived from a combination of the impact they have on the provider’s ability to move forward with a StateRAMP assessment, their impact on security, and the insight and information the StateRAMP PMO can provide to the associated government procurement and security teams.
For example, providers receive higher scores for hosting in a StateRAMP Authorized IaaS, as the PMO has direct insight into the cybersecurity posture of the underlying cloud solution. More points can be earned for other regulatory compliance frameworks, penetration tests, security training efforts, and more.
The costs for the program are tiered based on revenue making the program accessible to businesses of all sizes. You will pay three months upfront upon enrollment and then monthly fees beginning in the fourth month. For more information, see the StateRAMP Fee Schedule.
Only the StateRAMP PMO who is working on your analysis, your appointed advisor, and the main POC for your company can see your scores. StateRAMP does not share your score with anyone. It is up to you to share your score as you see fit or as is required by the government agency you wish to do business with.
Yes, by enrolling in the Progressing Snapshot Program, your product will be listed on the Progressing Product List.
YES! Enrolling in StateRAMP’s Progressing Snapshot program will qualify you for TX-RAMP Provisional status without the 18-month expiration date otherwise imposed. Additionally, the program will help you achieve Ready or Authorized, which equate to TX-RAMP Level 1 and Level 2, should those be required under your TX contract. All enrollments are automatically sent to DIR on a weekly basis and there is nothing else you need to do to achieve TX-RAMP Provisional status. For more information, please watch this webinar.