StateRAMP, the nonprofit formed earlier this year by leaders from state and local governments and the private sector to help state and local governments manage their third party supplier cybersecurity risks, has released the initial roster of its Authorized Vendor List (AVL).

StateRAMP’s mission – modeled after the successful FedRAMP program run by the General Services Administration for the Federal government space – is to promote cybersecurity best practices through education, advocacy, and policy development. The organization supports its members to improve the cyber posture of state and local governments, and the citizens they serve.

“This is an important milestone in the development of StateRAMP and demonstrates the strong commitment of the provider community to verifying cloud security for state and local governments,” said Joe Bielawski, President of Knowledge Services and StateRAMP Founding Board Member.

In an effort to support this mission, StateRAMP brings together public and private voices to establish a common set of security criteria so a standard method of verifying cloud security can be recognized. This standardized approach allows providers serving state and local governments to verify their security posture and prove their cybersecurity compliance to their government clients.

The StateRAMP security standards are based on the widely recognized National Institute of Standards and Technology (NIST) Special Publication 800-53. Compliance verification is modeled in part after FedRAMP and leverages an independent audit conducted by a third party assessment organization delivered to the StateRAMP Program Management Office (PMO) for review.

“The continuous monitoring function of StateRAMP is the real difference maker for state and local governments seeking to trust but verify their providers have security controls and processes in place to ensure the data we are placing with them is protected,” said J.R. Sloan, CIO for the State of Arizona and President of the StateRAMP Board of Directors.

State and local governments can work with StateRAMP to understand and manage the risk profiles of their third-party providers utilizing or offering software as a service (SaaS), platform as a service (PaaS), or infrastructure as a service (IaaS) to manage the government’s data. StateRAMP currently has more than 200 members who represent state and local government and the providers who serve them.

The following 24 companies have a combined 51 products on the first publication of the StateRAMP Authorized Vendor List: Aurigo Software Technologies; Avaya; Blackberry; Boomi; Cisco Systems; Databank Holdings; Duo Security; Geographic Solutions Inc.; Google; Knowledge Services; Lookout Inc.; McAfee Enterprise; Microsoft; Mimecast; OCLC; Okta; ORock Technologies; Project Hosts Inc.; Qualys; Sophos; TTEC; ZibaSec; and Zscaler.

Zscaler said the authorization of its Zscaler Private Access and Zscaler Internet Access as StateRAMP Ready underscores the company’s commitment to helping secure state and local government employees and data.

“Zscaler is committed to partnering with government agencies to improve cyber defenses and secure the public sector,” commented Stephen Kovac, Chief Compliance Officer at Zscaler.

“We were involved with FedRAMP from the beginning and are very encouraged to see and support the ‘certify once use many’ approach that FedRAMP coined being adopted at the state level,” Kovac said. “FedRAMP and now StateRAMP are excellent examples of how policy driver compliance programs can be incredibly efficient, speed up innovation, and build upon the partnerships between private industry and the government.”

“StateRAMP will help state and local government agencies improve their cybersecurity posture and drive more consistent cyber defenses,” added David Cagigal, former Wisconsin state CIO. “With the ever-increasing cyber threats, attacks and breaches, participation and expertise from companies including Zscaler is critical to success,” he said. “It is encouraging to see government and industry come together and continually evolve to better serve constituents across the country.”

Read More About
John Thomas Flynn
John Thomas Flynn
John Thomas Flynn serves as a senior advisor for government programs at MeriTalk. He was the first CIO for the both the State of California and the Commonwealth of Massachusetts, and was president of NASCIO.