What Are States and Local Governments Doing to Mitigate Third-Party Risk?

Many state and local governments participate in StateRAMP to mitigate third-party risk in their supply chain. StateRAMP is a nonprofit organization that promotes best practices to help government agencies verify the cybersecurity of their provider’s cloud or internet-based solutions.

Key Takeaways

• A risk authorization management program (RAMP) is a program that manages vendor risk to verify third-party suppliers’ cybersecurity.
• StateRAMP’s security program is based on the National Institute of Standards and Technology (NIST). It provides on audited, verified and ongoing, continuous monitoring of the provider community.
• As a shared-services model for public sector members, StateRAMP enables providers to verify their products to serve multiple government customers.

Meet Our Speaker

Leah McGrath, Executive Director of StateRAMP

Having served municipalities with the Indiana Association of Cities and Towns and as Deputy Mayor of Fishers, Leah understands the daily cyber threat challenges the public sector faces. She has led StateRAMP as its Executive Director since its launch in 2021. Today, Leah and StateRAMP continue to streamline cybersecurity with a standardized approach and framework based on NIST SP 800-53.