Progressing Security Snapshot Program
Your guided starting point for GovRAMP.
The Progressing Security Snapshot Program helps service providers understand their security maturity, strengthen controls, and build a clear path toward GovRAMP verification.
Through a structured 40-control assessment and ongoing advisory support, you can make measurable progress—without taking on full compliance upfront.
A Practical Path to Verification
The Progressing Security Snapshot Program was designed to help providers take the first step into GovRAMP with clarity and confidence.
Instead of navigating complex requirements alone, you gain a structured, supported pathway to:
-
Understand your current security posture
-
Identify and prioritize gaps
-
Strengthen real controls—not just documentation
-
Demonstrate measurable progress over time
This is not a one-time assessment—it’s a continuous, guided approach to improving security and preparing for verification.
Proven Progress, Measurable Results
Providers participating in the Progressing Security Snapshot Program improve control performance by 40–60% within the first year—demonstrating meaningful advancement in both security maturity and readiness for verification.
Download the Progressing Snapshot Report
How to Participate
Getting started is simple and structured—designed to guide you from initial assessment through continuous improvement.
Step 3
Attend Intake Meeting
Prior to your one-hour intake meeting, you are encouraged to review the Progressing Security Snapshot Matrix to understand the 40 controls and prepare any supporting artifacts for each criterion met. During this meeting, the GovRAMP PMO will confirm scope, answer questions, and outline next steps in the assessment process.
Step 4
Receive Snapshot Score
Within approximately three weeks of your intake meeting, you will receive a private maturity score and findings report outlining your current security posture and key areas for improvement.
Step 5
Continue Advisory Engagement
For those enrolled in the Progressing Snapshot Program, monthly advisory calls and quarterly updated Snapshot scores provide continuous guidance and help measure progress toward verified status.
Designed for Growing Providers
The Progressing Security Snapshot Program was built with small and emerging providers in mind—offering a practical, accessible entry point into GovRAMP.
With structured guidance, predictable costs, and ongoing support, providers can improve security without needing a large internal team—while still scaling to support organizations of any size.
Show Your Progress
Providers participating in the program are listed on the Progressing Product List (PPL)—a public resource used by government organizations to identify vendors actively improving their security posture.
This visibility demonstrates commitment, builds trust, and helps position your organization for future opportunities.
“We love the Progressing Snapshot Program because our greatest hurdle, especially for initial GovRAMP audits, is helping first-time clients navigate the stringent requirements of NIST 800-53. With a progressive snapshot approach, clients who have worked through that process are already set up for success, which makes it much easier for us to hit the ground running on day one.”
Pete Dudek
Associate Director of Federal Services | A-LIGN
How GovRAMP and the GovRAMP PMO Work Together
Progressing Security Snapshot Program FAQs
-
What is the scoring methodology for the GovRAMP Security Snapshot?
GovRAMP’s Security Snapshot provides a structured, risk-based score that helps potential government and public-sector partners make informed decisions during procurement.
The scoring methodology is based on key NIST 800-53 requirements and evaluates both technical and procedural security controls. Scores are derived from:
-
The control’s impact on a provider’s readiness to advance in the GovRAMP verification process
-
Its influence on the provider’s overall cybersecurity posture
- The level of visibility and insight available to the GovRAMP PMO
For example, higher scores are earned for hosting in a GovRAMP Authorized IaaS environment, as the PMO has direct insight into that platform’s cybersecurity posture. Additional points may be earned for implementing recognized compliance frameworks, penetration testing, and strong organizational security training programs.
-
-
How much does a GovRAMP Progressing Security Snapshot subscription cost?
The Progressing Snapshot Program uses a tiered, Board-approved fee structure to ensure equitable access for providers of all sizes.
Participants pay for three months upfront upon enrollment, followed by monthly payments beginning in the fourth month.
-
$750 per month for providers with less than $1 million in annual revenue
-
$1,000 per month for providers with $1–$5 million in annual revenue
- $1,600 per month for providers with more than $5 million in annual revenue
-
-
Who sees my Snapshot scores?
Snapshot scores are confidential. Only the GovRAMP PMO, your assigned advisor, and your organization’s designated point of contact have access to your score.
GovRAMP does not share Snapshot results publicly. Providers may choose to disclose their scores at their discretion or when requested by a government agency as part of a procurement process.
-
Will I be listed on the Progressing Product List if I am enrolled in the Progressing Snapshot Program?
Yes, participation in the Progressing Snapshot Program qualifies providers to be listed on the Progressing Product List.
Beginning January 1, 2026, products must achieve a score above zero before being listed. This ensures that all listed products are actively demonstrating progress toward verified status.
-
What happens if our product doesn’t increase in score between quarterly reports—or our score decreases?
GovRAMP expects participants to show measurable improvement with each quarterly Snapshot. If a product’s score remains the same or declines, the PMO will follow the structured escalation process outlined in the Progressing Snapshot Program Requirements and Progressing Improvement Guide.
Consistent or declining scores may prompt the PMO to request additional documentation, hold a remediation meeting, or issue a formal notice to ensure corrective action is taken.
-
What is the new escalation process?
The escalation process is designed to ensure accountability while maintaining fairness and collaboration.
-
Initial Discussion: The PMO initiates an informal discussion with the provider’s product team to identify causes for stagnation or decline.
-
Formal Notice: If adequate improvement or engagement is not demonstrated, the PMO issues a formal remediation notice.
-
Final Action: If remediation is not completed as required, the product will be removed from the Progressing Product List, and any government partners with access to the product’s Snapshot Matrix will be notified of removal.
-
-
Does this program help satisfy TX-RAMP requirements?
Yes. Enrolling in the GovRAMP Progressing Snapshot Program qualifies providers for TX-RAMP Provisional status without the standard 18-month expiration date.
Additionally, participation in the program helps providers work toward achieving GovRAMP Core, Ready, or Authorized statuses, which are recognized as equivalent to TX-RAMP Level 2 requirements.
For additional details, visit the Texas GovRAMP Program page.
-
What’s changing in 2026?
Beginning January 1, 2026, all Progressing Snapshot participants must demonstrate active improvement between quarterly reports to maintain eligibility for listing on the Progressing Product List.
The new requirements strengthen accountability, align Snapshot participation with measurable progress, and help government partners identify providers who are actively maturing their security programs.
Sign Up for GovRAMP Program Updates
Receive the latest news and announcements about GovRAMP programs, resources, and security updates — including changes to the Progressing Snapshot Program and upcoming educational opportunities.