From Confirmation to Collaboration: The Role of the StateRAMP PMO

Published on Aug 7, 2024
by Leah McGrath

The need for standardized, rigorous security protocols has never been more critical. At StateRAMP, our mission is to promote cybersecurity best practices among state and local governments and their service providers. A key element in achieving this mission is the StateRAMP Project Management Office (PMO), which plays a pivotal role in ensuring service providers meet our security program requirements. Managed through a PMO Charter Agreement with Knowledge Services, the StateRAMP PMO is a cornerstone of our efforts to enhance cybersecurity across the public sector. 

The StateRAMP PMO: Ensuring Trust and Security 

As the founding StateRAMP PMO, Knowledge Services offers a comprehensive suite of services designed to guide service providers through various stages of security assessment and certification. These services ensure providers meet and maintain high cybersecurity standards. The PMO provides security evaluations and reviews for the following StateRAMP Security Program statuses: 

  • Single Security Snapshot: This initial assessment conducted by the PMO provides a baseline evaluation of a service provider’s security posture on the top 40 risk controls of NIST (National Institute of Standards and Technology) 800-53 Rev. 5, identifying areas of strength and opportunities for improvement.  
  • Progressing Security Snapshot: Built on the Security Snapshot, this program includes quarterly evaluations to update a product’s Snapshot score and monthly PMO consulting meetings with the provider to guide them toward a more mature cloud security program.   
  • StateRAMP Ready: This designation indicates that a service provider has undergone a thorough Ready Assessment Review by a third-party assessing organization (3PAO) validated by the StateRAMP PMO. Those with a StateRAMP Ready status participate in monthly continuous monitoring reporting to the PMO and complete an annual 3PAO audit to maintain the Ready status. The StateRAMP Ready assessment is a good indicator that the product is ready for a full security assessment for Authorization. 
  • Authorized/Provisional Status: This is often the ultimate goal for service providers, indicating full compliance with StateRAMP’s stringent security requirements based on NIST 800-53 standards. This status signifies that a provider has met all requirements at the selected impact level. Similar to StateRAMP Ready, these providers have completed a Security Assessment Review by a 3PAO, validated by the StateRAMP PMO. Those with a StateRAMP Authorized/Provisional status participate in monthly continuous monitoring reporting to the PMO and complete an annual 3PAO Audit to maintain their status. These products are fully authorized to serve state and local governments. Provisional Status indicates a product meets requirements for Authorized but has interconnected or reliant technologies that are not yet FedRAMP or StateRAMP Authorized.  

Fred Brittain, Executive Advisor to StateRAMP, underscores the importance of these services:

“The StateRAMP PMO is more than just an oversight body; it is a trusted partner in security. By providing comprehensive support and clear guidelines, we educate and empower service providers to achieve and maintain high levels of information security, which in turn supports the public sector in their commitment to protecting valuable information.” 

Through these meticulous services, StateRAMP aims to build a community of trusted providers who can confidently offer their services to state and local governments. To build resilient and secure digital infrastructures, trust is key. 

From Confirmation to Collaboration 

While confirming a product has achieved a StateRAMP Security Status is a critical component of our mission, it is only the beginning.  Collaboration and learning are fundamental to StateRAMP’s success in maintaining and advancing cybersecurity practices. This is where the StateRAMP Cyber Summit comes into play. 

The StateRAMP Cyber Summit: A Platform for Collaboration and Learning 

Scheduled for September 12th in Indianapolis, IN, the inaugural StateRAMP Cyber Summit is designed to foster collaboration and facilitate knowledge sharing among cybersecurity professionals, service providers, and government officials. This event is a significant milestone for StateRAMP, providing a unique opportunity for stakeholders to come together, share insights, and discuss the latest trends and challenges in cybersecurity. 

The summit will feature a diverse range of sessions and panels led by experts in the field. Attendees from both the public and private sectors will gain valuable insights into the latest cybersecurity trends, best practices, and regulatory updates.  

The StateRAMP Cyber Summit is more than just an event; it is a catalyst for ongoing collaboration and innovation. It offers attendees the opportunity to learn about StateRAMP’s standards and processes, engage in meaningful discussions, and build partnerships that will drive forward our shared goal of a secure digital future. 

Conclusion 

At StateRAMP, our mission is to enhance cybersecurity through rigorous certification processes and ongoing collaboration. The StateRAMP PMO, managed by Knowledge Services, is a testament to this commitment, providing essential support and guidance to service providers. As we look forward to the inaugural StateRAMP Cyber Summit, we invite you to join us on this journey of learning, collaboration, and innovation. Together, we can build a safer, more secure digital landscape for the public sector.