Single Security Snapshot
A point-in-time view of your security maturity.
The Single Security Snapshot provides a one-time assessment of your product’s security posture—helping you understand where you stand and what to do next.
Through a structured evaluation aligned to GovRAMP standards, you receive a clear maturity score and actionable insights to support your path toward verification.
Understand Your Security Posture
The Single Security Snapshot provides a clear, objective view of your current security maturity—without committing to an ongoing program.
Through a structured assessment, you receive a detailed maturity score and findings report that helps you:
-
Validate your security posture beyond self-attestation
-
Identify gaps aligned to GovRAMP requirements
-
Understand readiness for future verification pathways
-
Make informed decisions about next steps
This is a fast, focused way to assess where you stand and determine what to do next.
How to Participate
The Single Security Snapshot follows a simple, structured process from request to results.
Step 3
Attend Intake Meeting
Prior to your one-hour intake meeting, you are encouraged to review the Progressing Security Snapshot Matrix to understand the 40 controls and prepare any supporting artifacts for each criterion met. During this meeting, the GovRAMP PMO will confirm scope, answer questions, and outline next steps in the assessment process.
Step 4
Upload Documentation Within 28 Days
After your intake meeting, you have 28 days to upload all required documentation. This ensures the PMO team can complete the assessment efficiently.
Step 5
Receive Product Security Maturity Score in Approximately Three Weeks
Service providers will receive a formal letter from the GovRAMP PMO containing their product’s security maturity score. Scores are not publicly disclosed, and sharing is at the discretion of the service provider.
Is This the Right Starting Point?
The Single Security Snapshot is best suited for providers who:
-
Want a one-time assessment of their security posture
-
Are early in their cybersecurity journey
-
Need clarity before committing to an ongoing program
-
Are evaluating readiness for GovRAMP participation
For providers looking for ongoing guidance and measurable progress over time, the Progressing Security Snapshot Program may be a better fit.
Prepare for What’s Next
While the Single Security Snapshot is a one-time assessment, it provides the foundation needed to move into structured pathways such as the Progressing Security Snapshot Program and other verification levels.
How GovRAMP and the GovRAMP PMO Work Together
Single Security Snapshot FAQs
-
What is the scoring methodology for the Security Snapshot based upon?
Effective, January 1, 2024, the Security Snapshot criteria and scoring are updated to align with baselines based on NIST 800-53 Rev. 5 and the MITRE ATT&CK framework control protection values. The updated criteria include the highest scoring MITRE ATT&CK control protection values from GovRAMP's Minimum Mandates for Ready (Rev. 5). Scoring is weighted depending on the control protection value assigned in the NIST/MITRE ATT&CK Framework study and is based on a percentage out of 100. The weighted scoring based on MITRE ATT&CK’s framework was selected to ensure the Security Snapshot criteria emphasizes best practices that have the greatest impact on improved security defense. Review the GovRAMP Security Snapshot Criteria and Scoring policy for more information.
-
How do Providers obtain access to the Snapshot score?
A letter will be issued to the Provider from the GovRAMP PMO with a product’s security maturity score. Scores are not publicly posted and any sharing of score is at the discretion of the provider.
-
What is the timeline for receiving a Snapshot score?
We will give our best effort to deliver Snapshot score within 3 weeks of payment. If you have any time constraints due to solicitations, please note them on the GovRAMP Security Snapshot request form and our security team at the Program Management Office will do their best to honor them.
-
How much does a Snapshot cost?
The updated GovRAMP fee schedule outlines the costs for the GovRAMP Security Snapshot.
-
How much effort is required to complete the Snapshot?
Providers can begin the Security Snapshot process by becoming a member of GovRAMP and submitting a Security Snapshot Request. After submission, providers will receive more information from the security team at the Program Management Office regarding payment and how to schedule a meeting to begin the intake process.
Prior to the 1-hour intake meeting, we encourage you to have read and understood the scoring criteria so you are prepared to provide artifacts for each criterion you meet. The required team members should be available on the Snapshot call to answer any follow-up questions.
-
How can I request a Snapshot?
Fill out the Snapshot request form to get started.
Sign Up for GovRAMP Program Updates
Receive the latest news and announcements about GovRAMP programs, resources, and security updates — including changes to the Progressing Snapshot Program and upcoming educational opportunities.