Raleigh, NC — [February 18, 2026] — The State of North Carolina has announced a new partnership with GovRAMP to strengthen and standardize cloud security requirements across state agencies, reinforcing its commitment to protecting digital services and safeguarding citizen data.
Through this partnership, North Carolina will align its cloud product security requirements with the GovRAMP framework, creating clearer expectations for providers, reducing duplicative security reviews, and supporting consistent, risk-based security practices across government.
The updated requirements will go into effect April 1, 2026.
“Cloud security plays a critical role in protecting the systems and services that governments provide to their communities,” said Leah McGrath, Executive Director of GovRAMP. “By aligning with GovRAMP, North Carolina is advancing a shared approach to security that strengthens resilience while helping agencies and providers move forward with greater clarity.”
“This is about more than compliance. It’s about trust and progress,” said NCDIT Secretary and State Chief Information Officer Teena Piccione. “The public expects secure, reliable services. By adopting a consistent approach, we are protecting the state’s digital assets while enabling agencies to deliver modern digital services for North Carolinians.”
“Cybersecurity is a shared responsibility,” said Bernice Russell-Bond, North Carolina’s Chief Information Security Officer. “This partnership esablishes a stronger foundation for resilience and trust, creating an environment where innovation and security move forward together.”
GovRAMP provides a standardized approach to validating cloud security through independent assessment, continuous monitoring, and shared security standards. North Carolina joins a growing community of public-sector organizations working collaboratively to harmonize cybersecurity expectations and promote trusted cloud adoption.
To support implementation, GovRAMP and North Carolina will host a series of educational webinars for vendors and stakeholders. These sessions will outline the new requirements, explain how GovRAMP security statuses align with state expectations, and provide guidance ahead of the April 1 effective date.
Additional details on webinar scheduling and implementation resources will be announced in the coming weeks.
For more information on the partnership and upcoming educational events, visit North Carolina’s GovRAMP program page.
About GovRAMP
GovRAMP is a nonprofit membership organization dedicated to advancing consistent, trusted cybersecurity practices across state, local, tribal, and educational government. Guided by its mission to make cybersecurity easier to understand, implement, and maintain, GovRAMP provides a standardized framework, independent validation, and community-driven education that help governments adopt secure cloud solutions with confidence while enabling service providers to demonstrate trusted security through clear, evidence-based practices. By bringing together public and private sector partners, GovRAMP supports policy collaboration, strengthens shared assurance, and helps build a more resilient cybersecurity ecosystem that protects government services, data, and the communities they serve. Learn more at GovRAMP.org.
About NCDIT
Among its many areas of responsibility, NCDIT leads the state’s efforts to deliver secure, modern and efficient technology services while also securing the state’s data, systems and networks. NCDIT is also responsible for ensuring state IT projects are appropriately procured, delivered and managed. Learn more at it.nc.gov/about.