Document Category: Baseline Requirements


pdf
Baseline Controls

This document provides the security control baselines. All of the security controls listed in the table are outlined in NIST 800-53 Rev. 4. (Retired October 1, 2024)

Download
pdf
Data Classification Tool

This document provides instructions for using the GR-199 worksheet to identify data types, review impact levels, and determine the appropriate GovRAMP security category for a product.

Download
xlsx
GR-199 — Data Classification Determination Tool

This tool helps service providers and governments determine the appropriate GovRAMP security impact level for a product based on the types of data it processes, stores, or transmits.

Download
pdf
Security Assessment Framework

This document describes a general governance and security framework for GovRAMP.

Download
pdf
StateRAMP Authorization Boundary Guidance

This document is to provide service providers guidance for developing the authorization boundary for their cloud offering.

Download
pdf
StateRAMP Penetration Test Guidance

This document is to provide guidance to service providers and 3PAOs for a penetration test.

Download
6 documents