StateRAMP Authorization for State Government Cloud Platform
Engagement Type: StateRAMP Authorization Advisory
Client: State Government SaaS Provider
Engagement Start: February 2024
Authorization Achieved: September 2024
Framework: StateRAMP Moderate (NIST SP 800-53)
Krieger Security was engaged by a SaaS provider serving multiple state government agencies to guide their StateRAMP authorization. The client had an established FedRAMP-adjacent security posture but needed to adapt their documentation and control implementation to meet StateRAMP-specific requirements and achieve listing on the StateRAMP Authorized Products List (APL).
Krieger Security leveraged the client’s existing security investments to streamline the StateRAMP authorization process, minimizing redundant documentation effort while ensuring full compliance with StateRAMP requirements.
THE CHALLENGE
The client’s existing security documentation was written for commercial customers rather than government frameworks, requiring a full restructuring of their SSP, policies, and evidence libraries to align with StateRAMP’s NIST SP 800-53 baseline requirements.
The organization also required guidance on state procurement processes and relationship management with the StateRAMP Program Management Office (PMO), which has different workflows than the federal FedRAMP program.
THE STRATEGY
Krieger Security conducted a gap assessment against StateRAMP Moderate baselines, developed a comprehensive SSP and all required attachments, and coordinated with a StateRAMP authorized assessor to ensure readiness prior to formal assessment.
Our team managed all StateRAMP PMO communications, coordinated the assessment process, and supported POA&M remediation. The client achieved StateRAMP Moderate authorization and marketplace listing within seven months.
THE CHALLENGE
Adapting commercial-grade security documentation to meet StateRAMP government compliance requirements while managing active state agency customer relationships.
Project Gallery
CLIENT’S TESTIMONIALS
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident. Krieger Security provided ongoing advisory support throughout the StateRAMP continuous monitoring phase, ensuring the client maintained their authorization status and remained current with StateRAMP program updates.
Benjamin Tickle, Project Manager
Company Name Inc