What does a StateRAMP PMO do exactly? When state and local governments begin the process of becoming StateRAMP members, they not only take action to safeguard their cloud-hosted data and protect their infrastructure, but they also focus on serving their constituents more effectively.
By becoming members of StateRAMP, state and local government leaders benefit from the organization’s dedicated Program Management Office (PMO): Knowledge Services. With more than a quarter century of experience serving governments, Knowledge Services is the largest government Managed Service Provider (MSP) in the nation. We serve more than a dozen state accounts, and as the PMO for StateRAMP, we are committed to helping members stay at the forefront of information security compliance.
At the Forefront of Cloud Security Compliance
Knowledge Services’ President, Joe Bielawski, understands the unique challenges state and local governments face in verifying cloud security standards. Bielawski and his team recognized that many government leaders realize the importance of verifying cloud security standards. However, they are hampered by:
- Ambiguous security thresholds
- A lack of available cybersecurity professionals
- Limited budgets
To make StateRAMP cloud security verification simple and streamlined, Bielawski began working with his Chief Information Officer and Information Security team to conduct security reviews and validate cybersecurity posture for clients, bringing the same security parameters FedRAMP utilizes to state and local governments. By managing security assessments, StateRAMP and its PMO remove a host of administrative and technological burdens from members, allowing them to focus on serving their community.
With deep experience in government workforce solutions, Knowledge Services understands the importance of cybersecurity standards in IaaS, PaaS, and SaaS environments and recommends appropriate security statuses by:
- Reviewing all continuous monitoring documentation
- Providing monthly product updates
- Alerting government sponsors of any critical changes to their risk profile
StateRAMP PMO Expertise at Every Step
As the StateRAMP PMO, Knowledge Services takes the burden of cloud security verification off government members. We are committed to helping members every step of the way, from initially joining StateRAMP to ensuring ongoing adherence to new security standards.
Knowledge Services creates processes to allow clients to comply with StateRAMP security authorization requirements, including:
- Aligning agency-specific security and privacy requirements with StateRAMP authorization fundamentals
- Enabling agencies, state and local governments, and service providers to begin the security authorization process
- Offering guidance to satisfy StateRAMP security requirements when a desired service provider has not been prioritized for review by the PMO
The StateRAMP PMO also gathers and prioritizes authorization requests and assessment results for review using prioritization criteria provided by the StateRAMP board. The PMO also maintains the StateRAMP approval queue on an ongoing basis.
Knowledge Services has implemented a secure credentialing management system to catalog authorization requests, government-preferred security packages, and packages approved by the Board. When acquiring cloud services, the PMO uses templates approved by StateRAMP to satisfy security authorization requirements using standard contract language and service-level agreements. All security documentation managed and maintained by the PMO is housed in a FedRAMP Moderate solution tightly controlled with strict access security standards and information-sharing protocols.
The PMO also attends committee meetings, including the StateRAMP Standards & Technical Committee and Appeals Committee sessions to stay at the forefront of emerging cybersecurity issues.
It All Begins with Membership
Agencies, state and local governments, and service providers interested in learning more about StateRAMP or Knowledge Services’ work as its PMO can receive a free consulting session. Here you’ll learn more about security categories and determine which classification is appropriate for you. To engage the PMO beyond this initial meeting, you must first be a member of StateRAMP. Contact StateRAMP today to learn more about how your organization can benefit from Knowledge Services’ expertise, insight, and innovation.
