Our team expanded at the end of 2022, and we are thrilled to start the new year with unique perspectives and exciting updates! Read below to dive deeper into a recap of 2022 and to learn more about what’s to come for GovRAMP in 2023.
Overview of 2022
Formalization of GovRAMP Approvals Committee
At the beginning of 2022, GovRAMP’s Board of Directors and Nominating Committee formed the GovRAMP Approvals Committee, which offers service providers another option for government sponsorship. The committee reviews security packages on a monthly basis and since beginning reviews, the GovRAMP Approvals Committee has sponsored 13 products.
“We are so grateful for the members of our GovRAMP Approvals Committee. The committee streamlines sponsorship, allowing more service providers to achieve GovRAMP Authorization and broadening the pool of secure cloud service offerings for government,” said Leah McGrath, GovRAMP Executive Director. You can read more about the GovRAMP Approvals Committee here.
Additionally, 2022 was the first year GovRAMP accepted nominations from our members. We had an incredible response with 53 people submitting nominations for our 4 standing committees and Board of Directors. We are grateful for the cybersecurity community’s dedication to protecting government data.
Expanded Membership
In 2022, 17 states, 4 local governments and 2 higher education institutions publicly recognized GovRAMP. To increase understanding of GovRAMP’s direct value, the GovRAMP team attended dozens of conferences and speaking engagements across the country, establishing several new strategic partnerships, such as National Association of State Procurement Officials (NASPO), National Association of State Chief Information Officers (NASCIO), and K12 Security Information eXchange (K12 Six). The feedback from the 23 engaged jurisdictions provided insight into how GovRAMP can better serve the government in years to come.
At the end of 2022, GovRAMP had 139 service provider members representing 1,295 people. There were 37 products on the Authorized Product List and 42 on the Progressing Product List.
Introduction of GovRAMP Security Snapshot
After listening to our members’ feedback, our team developed a new, early-stage security maturity assessment tool for cloud products. The GovRAMP Security Snapshot was approved by the GovRAMP Standards & Technical Committee and adopted by the Board as a “pre-Ready” measurement.
The GovRAMP Security Snapshot offers providers the first step toward achieving a verified GovRAMP security status by providing them with a gap analysis that validates a product’s current maturity in relation to meeting Minimum Mandatory Requirements for GovRAMP Ready.
“The GovRAMP Security Snapshot will allow us to identify gaps so we can develop resources to help service providers achieve Ready status,” said Noah Brown, GovRAMP PMO Director.
For governments, the GovRAMP Security Snapshot can be utilized throughout the procurement process, as governments may utilize the Snapshot to clearly determine the risk associated for products being considered for procurement.
What’s In Store for 2023
Transition to NIST 800-53 Revision 5
2023 marks a significant year for GovRAMP, as the Standards & Technical committee will evaluate how to incorporate NIST 800-53 Rev. 5 into GovRAMP’s security requirements. GovRAMP’s baseline controls are the foundations of GovRAMP’s security requirements and during the month of February, we plan to invite all members to provide their feedback on the new baseline.
“The Standards & Technical Committee is currently working through the transition to NIST 800-53 Revision 5 requirements. Updating our control baselines will be crucial for protecting government data as Rev 5 is based on updated threat intelligence, places an emphasis on privacy, and adds more controls surrounding supply chain risk management,” said Noah Brown, PMO Director.
New Councils
The GovRAMP team is preparing to launch two new councils: GovRAMP’s Provider Leadership Council and 3PAO Advisory Council. The councils will promote information sharing among public and private-sector members, providing expertise and advice to GovRAMP.
Every service provider member and GovRAMP-registered 3PAO will designate one representative to serve on these critical councils. The councils will conduct virtual meetings twice a year with ad hoc meetings as needed. Stay tuned for more information on how to get involved.
Continued GovRAMP Implementation Among Governments
This year, our team aims not only for more government adoption, but also complete GovRAMP implementation within participating governments. The launch of GovRAMP Security Snapshot and Fast Track Government Implementation will allow governments to place GovRAMP requirements into their solicitations and contracts, rapidly improving the cyber posture of all levels of government. Click here for more information on how to get started.
Overall, we are excited about what’s to come for GovRAMP this year! Our team will be at numerous conferences and meetings throughout the year, which can be found at govramp.org/events. If you have any questions, please contact us at info@stateramp.org.