StateRAMP Assessment & Advisory Services
Expand Your State Government Business with a Kratos StateRAMP Assessment
Contact Us
Cloud Service Providers (CSPs) interested in providing Cloud Service Offerings (CSOs) to state government agencies can obtain a security authorization as part of the StateRAMP program. The StateRAMP program, modeled after the Federal Risk and Authorization Management Program (FedRAMP), was established in 2020 and is now being adopted by multiple state governments. StateRAMP provides a standardized approach to the cybersecurity standards required from CSPs, allowing them to demonstrate that their CSOs have the necessary level of cybersecurity.
FedRAMP ATO?
If you already have a FedRAMP ATO with a federal sponsor, that does not mean that you are good to go for all state government programs. However, a FedRAMP ATO will allow you access to StateRAMP Fast Track, which significantly reduces the StateRAMP process time from months to weeks. CSPs obtain StateRAMP much like they obtain FedRAMP status by engaging the services of a Third-Party Assessment Organization (3PAO) to conduct security assessments of the security controls for the CSO. 3PAOs plan and execute these assessments and then report vulnerabilities. These vulnerabilities can be remediated by the CSP ensuring the security of the CSOs.
Why Kratos for StateRAMP?
Selecting an experienced and proven 3PAO is critical to meeting StateRAMP standards in an efficient and timely manner. As one of the first accredited FedRAMP 3PAOs, Kratos leverages its extensive FedRAMP experience to provide tested and effective assessment methods for StateRAMP. Kratos has performed extensive information security work with industry leading CSPs, building a deep knowledge base that can now be leveraged to support CSPs interested in obtaining a StateRAMP authorization. In addition, Kratos is an accredited FedRAMP and StateRAMP 3PAO able to perform security assessments of CSOs.
StateRAMP Portfolio
Our StateRAMP portfolio is part of Kratos’ comprehensive security compliance services portfolio, which includes consulting services, assessments, and ongoing re-assessments for FedRAMP, Cybersecurity Maturity Model Certification (CMMC), Department of Defense (DoD) Cloud Computing (CC) Security Requirement Guide (SRG), National Institutes of Science and Technology (NIST) Risk Management Framework (RMF), Federal Information Security Modernization Act (FISMA), Infrastructure Asset Pre-Assessment Program (IA-PRE) and HITRUST. Leveraging our experience and work concurrently conducted on other audits, decreases audit fatigue, duplication of efforts and evidentiary paperwork, and engages customer resources effectively.
Kratos provides assessment services for public, private, community, and hybrid cloud service offerings, including Infrastructure as a Service (IaaS), Platform as a Service (PaaS), and Software as a Service (SaaS). Kratos works with CSPs to help ensure their readiness to proceed with the 3PAO assessment process and the various StateRAMP verified statuses to achieve a successful StateRAMP authorization.