TMCnet News

Announcing First StateRAMP Authorized Vendor List
[September 14, 2021]

Announcing First StateRAMP Authorized Vendor List


INDIANAPOLIS, Sept. 14, 2021 /PRNewswire/ -- The leadership of StateRAMP is pleased to announce the first publication of its Authorized Vendor List (AVL). 

StateRAMP is a nonprofit formed earlier this year by leaders from state and local governments, industry experts, and private businesses who joined efforts to help state and local governments manage their third party supplier cybersecurity risks. StateRAMP's mission is to promote cybersecurity best practices through education, advocacy, and policy development to support its members and improve the cyber posture of state and local governments and the citizens they serve.

In an effort to support this mission, StateRAMP brings together public and private voices to establish a common set of security criteria so a standard method of verifying cloud security can be recognized. This standardized approach allows providers serving state and local governments to verify their security posture and prove their cybersecurity compliance to their government clients.

The StateRAMP security standards are based on the widely recognized National Institute of Standards and Technology (NIST) Special Publication 800-53. Compliance verification is modeled in part after FedRAMP and leverages an independent audit conducted by a third party assessment organization and delivered to the StateRAMP Program Management Office (PMO) for review.

The AVL includes products with verified security statuses ranging from Ready to Authorized, as well as in progress statuses for providers who are in the process of working toward an authorization. To ensure ongoing security compliance and risk mitigation, providers must comply with continuous monitoring requirements to maintain a verified security status.

State and local governments can work with StateRAMP to understand and manage the risk profiles of their third-party providers utilizing or offering software as a service (SaaS), platform as a service (PaaS), or infrastructure as a service (IaaS) to manage the government's data. StateRAMP currently has more than 200 members who represent state and local government and the providers who serve them.

The first AVL was published September 14, 2021 and is updated weekly at: https://stateramp.org/vendor-list/.



(See below for quotes and the Authorized Vendor Listing)

Quotes on StateRAMP & the First Authorized Vendor List


Joe Bielawski, President of Knowledge Services and StateRAMP Founding Board Member
"This is an important milestone in the development of StateRAMP and demonstrates the strong commitment of the provider community to verifying cloud security for state and local governments.

J.R. Sloan, CIO for the State of Arizona and President of the StateRAMP Board of Directors
"The continuous monitoring function of StateRAMP is the real difference maker for state and local governments seeking to trust but verify their providers have security controls and processes in place to ensure the data we are placing with them is protected. Gone are the days of checking a box through self-attestation or submitting a one-and-done SOC 2 Report to validate security. We must adapt to meet the evolving cyber threats, and that requires constant monitoring and reporting so that, as users of technology, state and local governments can be prepared to take action quickly to protect their systems and data, when needed."

Stephen Kovac, Vice President of Global Government and Head of Corporate Compliance, Zscaler
"Zscaler is committed to partnering with government agencies to improve cyber defenses and secure the public sector. We were involved with FedRAMP from the beginning and are very encouraged to see and support this approach being taken at the state level. StateRAMP is an excellent example of how compliance programs can be incredibly efficient, speed up innovation, and build upon the partnership between private industry and the government."

Joshua Krueger, ISSO/DPO/FSO, Project Hosts
"Like many cloud service providers, Project Hosts provides solutions to a number of US states.  Historically, the different compliance standards for each state have led to complications, procurement delays, and higher costs.  By establishing a common compliance standard for multiple states, StateRAMP is accelerating the compliant cloud adoption process while lowering the cost both for providers and states."

Leah McGrath, Executive Director of StateRAMP
"The States of Arizona and Texas have made headlines this year with their adoption of vendor verification requirements for cybersecurity, and our team is excited to work with their leadership."

"There is no question that state and local governments are under attack, and the threats to our communities' infrastructure, utilities, and information are very real. StateRAMP is an important step that state and local governments can take today to work toward a more secure future."

First Publication of the StateRAMP Authorized Vendor List (AVL)

Congratulations to the following 24 companies who have a combined 51 products on the first publication of the StateRAMP Authorized Vendor List.

Aurigo Software Technologies Inc.
Avaya
BlackBerry
Boomi
Cisco Systems, Inc.
DataBank Holdings
Duo Security
Geographic Solutions, Inc.
Google
Knowledge Services
Lookout Inc.
McAfee Enterprise
Microsoft
Mimecast Ltd.
OCLC
Okta
ORock Technologies, Inc.
Project Hosts, Inc.
Qualys
Smartronix
Sophos
TTEC
ZibaSec
Zscaler

The first AVL was published September 14, 2021 and is updated weekly at: https://stateramp.org/vendor-list/.  The list includes verified products, as well as products in progress. 

About StateRAMP

In 2020, a steering committee of government CIOs, CISOs, and Procurement and Privacy officers joined industry leaders from cloud providers and cybersecurity assessment organizations to charter StateRAMP. StateRAMP simplifies security by providing state and local governments a standardized approach for protecting their data in the cloud, with a security framework built on the National Institute of Standards and Technology (NIST) Special Publication 800-53 rev. 4. StateRAMP helps state and local governments reduce cyber risks from unsecure cloud solutions, and benefits service providers by creating a "verify once, use many" approach to cloud security and risk assessment. StateRAMP is a 501c6 nonprofit organization and governed by a board of directors with a majority representation from state and local government officials. Learn more at http://www.stateramp.org

 

Cision View original content to download multimedia:https://www.prnewswire.com/news-releases/announcing-first-stateramp-authorized-vendor-list-301376416.html

SOURCE StateRAMP


[ Back To TMCnet.com's Homepage ]