GovRAMP Participating Government & Education Memberships 1-Pager
Overview of the GovRAMP Participating Government & Education Memberships, including key benefits, engagement opportunities, and support available to public-sector organizations adopting secure cloud services.
GovRAMP Core Controls
This document outlines the 60 prioritized security controls required for GovRAMP Core Status. These controls are selected from the NIST SP 800-53, Rev. 5 framework and aligned with the Moderate Impact Baseline. Service providers pursuing Core should use this resource to understand the control expectations and begin preparing evidence for PMO-led review.
Templates for GovRAMP Statuses
3PAO Package for Moderate Impact with CJIS Overlay
This package includes required templates and sample policies for every NIST 800-53 control family, along with templates for Rules of Behavior, Incident Response Plan, Configuration Management Plan, Information System Contingency Plan, and Supply Chain Risk Management.
Moderate Impact Service Provider Package with CJIS Overlay
This package offers service providers the documentation, policies, procedures, and resources required to meet GovRAMP security requirements for systems processing, storing, or transmitting moderate-impact government data with additional compliance considerations aligned to the FBI’s Criminal Justice Information Services (CJIS) Security Policy.
Moderate Impact Service Provider Package for GovRAMP Core, Ready & Authorized
This package provides service providers with the comprehensive documentation, policies, procedures, and tools needed to meet GovRAMP security requirements for systems processing, storing, or transmitting moderate-impact government data.