Jamie Bennet
The State Risk and Authorization Management Program, the regional version of the Federal Risk and Authorization Management Program, will require greater accountability from organizations supporting or providing cybersecurity services to the U.S. government, said Ted Cotterill, Indiana’s chief privacy officer and general counsel for the Management Performance Hub.
Speaking to Bill Sullivan, vice president and general manager of U.S. federal business at Denodo, Cotterill provided an overview of the StateRAMP model implementation in different states as well as private sector cooperation with the program.
StateRAMP gives agencies confidence that their cloud service providers will undergo continuous monitoring.
“Technology is not standing still and cyber risks aren’t standing still. So a point in time is not going to work. You have to have continuous monitoring to really get effective governance over your cloud service providers’ cyber posture,” he said.
FedRAMP-certified businesses will be able to fast-track StateRAMP approval into a six-week processing time, accounting for all the investment that they’ve already made in their FedRAMP journey, Cotterill stated.
