StateRAMP, Subnetworks, and Boundary Security

StateRAMP guidelines include network security standards from NIST 800-53, with specific requirements for implementing those guidelines based on the application and data processing. Implementing boundary controls is one of the more relevant and sometimes challenging aspects of compliance network security. Here, we will dig into how StateRAMP (and FedRAMP, to some extent) approach subnetworks and… Read More

StateRAMP and Personnel Security

As the old saying goes, the weakest link in any security system is the user. This isn’t an insult but rather a commentary on the impossibility of eliminating every vulnerability in a system that humans have to use daily. In terms of actually mitigating direct security threats associated with users, however, there can be no… Read More

What Is StateRAMP Fast Track?

Much hay has been made about how cloud providers can take advantage of the new StateRAMP program. Only a few years into operations, there are already questions about how governments and cloud providers can leverage the requirements to bring top-tier cybersecurity to a local level. One of these questions involves the adoption of StateRAMP standards… Read More

StateRAMP and Authentication: What You Need to Know

Providers looking into StateRAMP authentication standards may find themselves staring into a stack of requirements documents across multiple security frameworks and government contexts. Not only is this unhelpful for these providers, but it also makes the process sound much more intimidating than it needs to be. In this article, we’ll take a high-level view of… Read More

What Is the StateRAMP Security Snapshot?

Regarding cybersecurity and compliance, there is a massive benefit in having a deep field of providers and offerings that can serve large federal customers alongside smaller offerings that can serve the state, local, and municipal customers. It’s essential, however, to ensure that maintaining a competitive marketplace doesn’t compromise security. This means helping small or young… Read More

What Is A Vulnerability Deviation Request in StateRAMP Authorization?

When we talk about scans, tests, and authorization in the context of StateRAMP assessment, we tend to think that the process (and all its moving parts) are relatively stable and predictable. And, for the most part, this thinking is correct. However, it’s normal, and in some ways expected, to run into issues where scans and… Read More

StateRAMP Requirements for Vulnerability Scanning

Ongoing maintenance and upkeep are a cornerstone of all cybersecurity regulations and frameworks. And for a good reason. The rapidly changing threat landscape that businesses and government agencies face daily necessitates an ever-vigilant approach to cybersecurity. Vulnerability scanning is an important part of compliance and security across almost every data-driven industry. Here, we’re discussing what StateRAMP… Read More

StateRAMP and Monitoring: Breaking Down the StateRAMP Continuous Monitoring Process

StateRAMP takes several of its requirements from FedRAMP, and perhaps one of the most important requirements is continuous monitoring. Continuous monitoring ensures that systems that earned StateRAMP Authorization remain in compliance year after year, avoiding gaps in security and protecting the interest of state and local governments.  

What are Impact Levels in StateRAMP Compliance?

As Cloud Service Providers (CSPs) work with State agencies, many of them are undergoing StateRAMP certification. Fortunately, StateRAMP is much like FedRAMP in that it follows several of the same guidelines, requirements, and process structures. Here, we’ll break down one of the basic aspects of StateRAMP Impact Levels. The StateRAMP Impact level directly relates to… Read More