Forge your path to StateRAMP
Introducing the State Risk and Authorization Management Program (StateRAMP) – a cutting-edge initiative forged in the spirit of the legendary FedRAMP®. StateRAMP brandishes its digital katana, slicing through the chaos of cybersecurity to establish a uniform protocol for assessing, authorizing, and constantly monitoring cloud service providers (CSPs) in the realm of state and local governments. To enter the hallowed halls of government contracts, a CSP must demonstrate the strength and precision of a cyber-samurai, ensuring their digital defenses are unyielding and impenetrable, capable of safeguarding client infrastructures.
Enter bladestack.io, the master sensei of StateRAMP authorization. With unparalleled expertise and seasoned guidance, bladestack.io prepares CSPs for the trials ahead, honing their skills and transforming them into formidable cyber-warriors. By achieving StateRAMP authorization, CSPs unlock the coveted treasure trove of state and local government agency revenue streams, ascending to new heights in the cybernetic landscape.
You must understand that there is more than one path to the top of the mountain .” – Miyamoto Musashi
Our cyber-samurais are equipped and credentialed with the top industry recognized certifications. We are prepared to cut, slice and dice through the cyber fog of war to ensure you come out on top.
StateRAMP Advisory
bladestack.io advises clients on achieving StateRAMP authorization using a proven, time-tested methodology along with established subject matter expertise to enable our clients to go to market faster and more securely, as well as using internal resources more effectively.
We maintain a strong relationship with StateRAMP’s executive leadership and PMO. This unparalleled knowledge base covers every angle for meeting security requirements for state and local governments.
In addition, we’ve leveraged our experience as the top FedRAMP advisory firm to easily develop custom StateRAMP solution for clients, so our comprehensive turnkey StateRAMP security packages are assessment-ready and offer actionable solutions to get you to market and achieve a faster return on your security investments.
Why bladestack.io ?
-
- bladestack.io, akin to a modern-day cyber-samurai, has stood at the forefront of StateRAMP’s inception, leveraging our proficiency in a dynamic way as it unfolds. Our involvement continues to sculpt the cybersecurity landscape, one triumphant endeavor at a time.
-
- As pioneers in the digital domain, we are among the first firms to actively engage as part of the StateRAMP Service Vendors as a advisory-only firm. Our clientele holds a significant presence on the StateRAMP Authorized Vendor list
-
- 68% of StateRAMP-ready systems have been forged in the crucible of bladestack.io’s expertise, a testament to our unrivaled prowess as the leading advisory in the realm of cybersecurity.
Navigating StateRAMP
StateRAMP is a cutting-edge non-profit organization that emerged in early 2021 with the objective of establishing a standardized approach to cloud cybersecurity authorization specifically for State and Local governments. You might wonder, why establish another governing body when a proven framework like FedRAMP already exists? Well, just like cyber samurais have their own unique blade styles, each industry and governing body needs to have its distinct approach to ensure maximum security and compliance. Therefore, the StateRAMP program is designed to provide CSPs with the opportunity to showcase their innovative, futuristic solutions tailored specifically for State and Local governments. As a result, CSPs should keep a close eye on StateRAMP for potential future business opportunities in this rapidly growing market.
StateRAMP vs FedRAMP
The question on everyone's mind is, why bother with a StateRAMP program when FedRAMP and other frameworks already exist? One could argue that the same question could be asked of CMMC and other similar programs. While FedRAMP was developed with the Federal Government and downstream contractors in mind, StateRAMP was created to cater to the unique needs of State and Local Governments, while still maintaining the common thread of NIST 800-53.
However, one significant challenge we've observed is that CSP FedRAMP authorization packages, including ConMon, are solely available to the Federal Government, depriving State and Local entities of the valuable insights and ongoing visibility they require.
"Without FedRAMP authorization, State and Local entities are left in the dark without the necessary visibility into the authorization package (inclusive of ConMon)."
Despite having similar security requirements under NIST 800-53, there are a few key variables to consider, as outlined below.
In the age of cybernetic samurais and dystopian megacities, it's essential to stay ahead of the game and adapt to changing circumstances, such as the unique security challenges faced by State and Local Governments. Thus, the StateRAMP program offers a promising opportunity for CSPs to showcase their innovative solutions and gain a foothold in this burgeoning market.
Your organization has two primary options for StateRAMP authorization. The first is for a cloud service offering that lacks a pre-existing FedRAMP ATO, while the second is for a cloud service offering that already possesses a FedRAMP ATO and qualifies for a accelerated StateRAMP Fast Track.
StateRAMP Authorization
(No FR Authorization)
The StateRAMP authorization process involves becoming a member of the StateRAMP Governing Body and engaging with a 3PAO to prepare for StateRAMP Ready. The next steps include achieving StateRAMP "Active" Status in the Marketplace, undergoing sponsorship engagement, 3PAO assessment, StateRAMP PMO review, and a sponsoring government review. At this point, either StateRAMP "Authorized" Status or StateRAMP "Provisional" Status in the Marketplace is granted. Finally, the post-authorization process involves ongoing continuous monitoring, quarterly POAM, and an annual assessment.
Planning:
- StateRAMP Membership: Become a member of the StateRAMP Governing Body
- StateRAMP 3PAO Engagement: Engage with a 3PAO in preparation for StateRAMP Ready
- StateRAMP "Active" Status in the Marketplace
In Process:
- Sponsorship Engagement: State, Local, Tribal, Government Agency or Higher Ed Engagement
- StateRAMP 3PAO Assessment: Undergo 3PAO Assessment
- StateRAMP "In Process" Status in the Marketplace
- StateRAMP PMO Review: StateRAMP PMO Review, with the intent to be approved
- Sponsoring Government Review: Government review, with the intent to be approved
- StateRAMP "Authorized" Status in the Marketplace OR StateRAMP "Provisional" Status in the Marketplace
Ongoing:
- Post-Authorization: Ongoing Continuous Monitoring (Monthly ConMon, Quarterly POAM)
- Annual Assessment
StateRAMP Accelerated
Great news for CSPs with a pre-existing FedRAMP ATO - your efforts can be utilized towards StateRAMP authorization with a few additional steps. While the process involves a review and negotiation of reciprocity terms, your existing FedRAMP ATO serves as a valuable asset towards attaining StateRAMP authorization.
CSPs with a Current FedRAMP Ready/Authorization:
- StateRAMP Membership:
- Become a member of the StateRAMP Governing Body
- Engage the StateRAMP PMO:
- Engage the StateRAMP PMO for a security package review (pay fee)
- Complete Required Documentation:
- Submit required security package with 90 days of ConMon and StateRAMP temp
- Note: StateRAMP 1 equals FedRAMP Low, StateRAMP 3 equals FedRAMP Mod, and StateRAMP 3 equals FedRAMP High
- Submit required security package with 90 days of ConMon and StateRAMP temp
You wil either go into Ready Review or Authorization Review
- Ready Review:
- StateRAMP PMO Reviews Ready Status
- Authorization Review:
- StateRAMP PMO Reviews Authorization Status
In Process:
- StateRAMP PMO Review/Feedback:
- StateRAMP PMO reviews and provides feedback with the intent to get approval
- You will either go into
- StateRAMP "Ready"
- StateRAMP "Authorized"
- StateRAMP "Provisional Authorization"
- Leveraged StateRAMP Authorizations
- State, Local, Tribal Government leverage authorizations
On-Going
Post-Authorization:
- Ongoing Continuous Monitoring (Monthly ConMon, Quarterly POA&M)
- Annual Assessment
Note: This StateRAMP authorization process timeline assumes that you do have an existing FedRAMP Authorization.
Unsheathe your BLADES.
Contact us to get started. The first step is a one hour introductory and readiness session, to understand your business landscape and gather technical details, while also making sure that we’re a mutual fit. We also offer unbilled follow up calls if you have any additional questions or need consulting advice as you gear up for the StateRAMP marathon.
Following our initial meetings, formal proposals and pricing are submitted within approximately one week. We can kick-off with a dedicated senior-level team within two to three weeks of contract signature.