In March, StateRAMP dba GovRAMP brought together cybersecurity leaders from across the public and private sectors for the 2025 Framework Harmonization Symposium in Washington, D.C. — a half-day event hosted in partnership with Billington CyberSecurity, ahead of their State & Local CyberSecurity Summit.
The goal? To tackle one of today’s biggest cybersecurity challenges: the lack of alignment across frameworks like FedRAMP, CJIS, CMMC, and more. Over 250 attendees joined us to discuss how we can move toward a more unified, efficient, and secure future for government cloud security. We’re grateful to our sponsors, A-LIGN and Carahsoft, for helping make the event a success.
Watch the full event recording: View on YouTube
A Defining Moment: StateRAMP Becomes GovRAMP
During the symposium, we officially announced a major milestone: StateRAMP is becoming GovRAMP.
This change reflects the momentum we’ve built beyond just state-level use. As more federal, state, local, and education partners align on a common approach to cloud security, GovRAMP better captures our broader mission — to create a unified, nationally recognized standard that works across jurisdictions.
What We Heard: The Call for Alignment Is Clear
The symposium featured three conversations that cut straight to the heart of the issue: how do we streamline security requirements without compromising on risk?
Each panel brought a different perspective — from federal leadership to local practitioners and private sector partners — but all agreed: it’s time to stop duplicating efforts and start trusting assessments that meet shared standards.
Panel 1: Advancing a Unified Standard for the Public Good
Moderated by Teri Takai (Center for Digital Government), this panel featured:
- Chris DeRusha, Director of Global Public Sector Compliance, Google
- Josh Leiling, Assistant Director, IT & Cybersecurity, U.S. Gov’t Accountability Office
- J.R. Sloan, CIO, State of Arizona
- Alex Whitaker, Director, Government Affairs, NASCIO
They talked about the urgent need for reciprocity similar to GovRAMP’s Fast Track process across frameworks and better coordination between federal and state agencies. With recent FedRAMP updates, there’s growing support for reusing existing authorizations rather than rebuilding them from scratch.
Panel 2: Building Bridges through Public-Private Partnerships
Moderated by Dan Lohrmann (Presidio), this panel showcased collaboration in action, featuring:
- Leah McGrath, Executive Director, StateRAMP dba GovRAMP
- Chris Weatherly, Information Security Officer, Federal Bureau of Investigation (FBI)
- Tony Sauerhoff, CISO, State of Texas
- Brian Gardner, Deputy CIO, City of Austin, Texas
- Petar Besalev, EVP Cybersecurity & Compliance Services, A-LIGN
The panel highlighted how partnerships — like the CJIS-Aligned Task Force — are already reducing friction and improving outcomes across jurisdictions.
Interactive Session: Shaping What Comes Next
In the final session, leaders including Alan Fuller (CIO, State of Utah), Ryan Murray (Deputy Director & CISO, State of Arizona), and Jessica Van Eerde (COO & General Counsel, GovRAMP) facilitated a working group discussion to crowdsource priorities for what comes next:
- Standardizing reusable cloud security assessments
- Prioritizing state-federal coordination
- Embedding harmonization into procurement policies
This wasn’t just a panel — it was a collaborative moment to shape the road ahead.
What’s Next: The Push for Harmonization Continues
The conversations at the Symposium reinforced a growing consensus: framework fragmentation is creating barriers, not improving outcomes. It’s time to align standards, simplify procurement, and make security the common denominator — not the exception
GovRAMP will continue to lead these conversations, driving toward a harmonized, scalable framework that supports innovation while protecting public data. If your organization is navigating cloud security requirements or looking to align with a more unified cybersecurity framework, we’re here to help. Contact us at info@stateramp.org to learn more.