The 2023 National Defense Authorization Act requires organizations to obtain FedRAMP authorization before they can earn any federal business. StateRAMP, recognized in over half the states, is the gold standard for state and local governments.
Key Takeaways
- StateRAMP and FedRAMP authorizations are based on the National Institute of Standards and Technology (NIST) Special Publication 800-53 framework.
- Both risk authorization management programs (RAMPs) require providers to keep detailed documentation, including various security plans and incident response plans.
- The StateRAMP and FedRAMP authorization processes require assessment by an independent third-party assessment organization (3PAO) which reviews documentation, conducts tests, and interviews personnel.
- Approved FedRAMP Packages can be authorized by a Federal Agency or the Joint Authorization Board (JAB), while StateRAMP Packages can be approved by a StateRAMP Agency or the StateRAMP Approvals Committee (SAC).
Meet Our Speaker
David Resler, Director of Information Security, Knowledge Services
David brings over 30 years of IT expertise, with nearly two decades focused on information security. For the past 17 years, he’s been dedicated to enhancing cybersecurity in the public sector. His deep understanding of the unique challenges faced by public institutions makes him a valuable asset in protecting critical information and infrastructure.