StateRAMP Authorization Services
What is StateRAMP?
StateRAMP was founded in 2020 to provide a consistent and effective way to verify and validate the security of cloud solutions being offered to State, Local, and Education (SLED) organizations throughout the United States. The program is based on guidance documented in the most recent version of National Institute of Standards and Technology (NIST) Special Publication 800-53. Cloud products undergo a rigorous assessment and authorization process before being posted in the StateRAMP Authorized Product List (APL). Many SLED organizations adopt the use of StateRAMP standards each year since the inception of the program to support existing cybersecurity efforts and improve procurement practices.
CSP Seeking StateRAMP Compliance
COACT offers consulting and assessment services for Cloud Service Providers that are pursuing StateRAMP authorization and different verification statuses (i.e., Ready, Provisionally Authorized, or Authorized). Our qualified staff of consultants can help you understand the requirements, support the implementation of security controls, and document system and security information using the required templates. We can also assist you in navigating the assessment and authorization process from initiation to the receipt of a verification status and the listing of your cloud service in the StateRAMP APL.
StateRAMP Consulting
CSPs may not have the resources or expertise needed to understand the risk and security posture of a cloud service offering. COACT consultants are available to assist with the implementation, documentation, and evaluation of security controls needed to meet StateRAMP requirements. Our consulting and security package preparation services include security engineering support and subject matter expertise related to the development of compliant systems and security documentation. The outcome of consulting services align with CSP compliance goals at different stages throughout the assessment and authorization process.
Our StateRAMP Consulting Services Include:
- StateRAMP Security Snapshot 2.0 support
- StateRAMP Progressing Snapshot support
- Compliance roadmap and security engineering support
- System and security documentation development
- Pre-assessment and remediation assistance
- Vulnerability scanning
- Penetration testing
StateRAMP Assessment and Authorization Support
COACT, as an accredited StateRAMP Third Party Assessment Organization (3PAO), is available to assess cloud systems and continuously monitor the security posture of cloud systems in accordance with StateRAMP requirements. Our team of qualified assessors can test and validate the implementation of security controls to provide the information needed to make critical risk-based decisions and demonstrate compliance with StateRAMP. COACT follows the StateRAMP Security Assessment Framework to ensure testing is targeted, effective, and produces actionable information for Authorizing Officials and other stakeholders.
Our StateRAMP Assessment and Authorization Support Services Include:
- Security Control Assessment
- Vulnerability scanning
- Penetration testing
- Plan of Action and Milestone (POA&M) development and update/tracking
- Remediation recommendations provided to security and system stakeholders
- Continuous monitoring and ongoing authorization services
For further information about StateRAMP, you can visit the Official StateRAMP web page or feel free to reach out to us directly with any questions regarding the program requirements, assessment and authorization process, and services that we can provide.
For information on how COACT can assist you with StateRAMP consulting and 3PAO assessments, please reach out to a COACT representative using the email info@coact.com.