When we talk about scans, tests, and authorization in the context of StateRAMP assessment, we tend to think that the process (and all its moving parts) are relatively stable and predictable. And, for the most part, this thinking is correct. However, it’s normal, and in some ways expected, to run into issues where scans and tests return problems that can halt a StateRAMP authorization process–even if there isn’t a clear and unmitigated system failure. These instances fall under the category of a vulnerability deviation, and cloud service providers have a path toward working around these issues and gaining their StateRAMP ATO.

Read More

Part of StateRAMP compliance certification is the practice of continuous monitoring, where Cloud Service Providers (CSPs) and Third-Party Assessment Organizations (3PAOs) work together to ensure secure cloud environments that meet requirements for data protection. 

Read More

We’ve written a few articles and resources on StateRAMP certification for Cloud Service Providers (CSPs). However, there are multiple parties involved in the process. One of the most important is the State agency searching for a secure CSP partner.  Here, we’ll discuss some of the high-level steps that a State agency must take to adopt StateRAMP requirements. This includes the necessary contacts, infrastructure, and documents needed to conform with StateRAMP.

Read More