What Is A Vulnerability Deviation Request in StateRAMP Authorization?

vulnerability deviation featured

When we talk about scans, tests, and authorization in the context of StateRAMP assessment, we tend to think that the process (and all its moving parts) are relatively stable and predictable. And, for the most part, this thinking is correct. However, it’s normal, and in some ways expected, to run into issues where scans and tests return problems that can halt a StateRAMP authorization process–even if there isn’t a clear and unmitigated system failure. These instances fall under the category of a vulnerability deviation, and cloud service providers have a path toward working around these issues and gaining their StateRAMP ATO.


Read More

Why Adopt StateRAMP Regulations? A State Agency Introduction to StateRAMP Adoption

stateramp adoption security featured

We’ve written a few articles and resources on StateRAMP certification for Cloud Service Providers (CSPs). However, there are multiple parties involved in the process. One of the most important is the State agency searching for a secure CSP partner.  Here, we’ll discuss some of the high-level steps that a State agency must take to adopt StateRAMP requirements. This includes the necessary contacts, infrastructure, and documents needed to conform with StateRAMP.

Read More