Skip to content

Why top agencies are embracing StateRAMP 

Brian DaSilva, Senior Director, Governance, Risk, and Compliance  | 23 October 2023  |  3 minute read


Security breaches are increasingly common and costly for government agencies. From 2021 to 2022, cyber-attacks doubled for government facilities and quadrupled for emergency services. At the same time, most government agencies are ill-equipped to handle a cyber breach, with an average attack costing the public sector $2.6 million in 2023

1,000+ known cyberattacks against U.S. public safety agencies and local governments since 2021 

To help mitigate these risks for state and local government and education (SLED) organizations, the State Risk and Authorization and Management Program (StateRAMP) was launched to build a framework for a standardized approach to cybersecurity standards. Based on the Federal Risk and Authorization Management Program (FedRAMP), StateRAMP provides SLED organizations assurances that cloud technology providers meet cybersecurity standards through independent audits and ongoing continuous monitoring. There are currently 30 entities that have adopted StateRAMP, including states such as California, Massachusetts, and Texas. There are also several counties and higher education institutions such as Sacramento County, Fayetteville State University, and University of North Carolina System.  

While StateRAMP is a voluntary program, many state and local governments are choosing to adopt the standard and make it a requirement for SLED agencies to select certified cloud vendors. Even if your state has not adopted StateRAMP yet, selecting a StateRAMP Authorized technology vendor can give you peace of mind against threats by putting your organization at the frontier of cyber defenses. With a StateRAMP Authorized technology provider, you will have increased security, reduced risk of data breaches, and enhanced visibility of cybersecurity defenses. 

Increased security 

StateRAMP standards were set by leading experts in information security and based on FedRAMP’s rigorous guidelines, making it an industry-leading, best-in-class approach to security. StateRAMP improves defenses with a variety of controls, such as continuous monitoring and third-party penetration testing. When a technology vendor is authorized by StateRAMP, you can trust that the vendor abides by rigorous cybersecurity standards that will keep your sensitive information secure.  

Reduced risk of data breaches 

Part of the StateRAMP standards requires cloud providers to implement a variety of security controls to keep your information safe. Through independent audits, continuous monitoring, data encryption, and vulnerability management, you can feel safe that your systems are protected with a strong security posture against incoming threats. 

421 controls with a StateRAMP High Impact Authorization 

Enhanced Visibility for SLED organizations 

When a technology provider is StateRAMP Authorized, StateRAMP requires the provider to undergo continuous monitoring of their security program that is reviewed on a monthly basis. Continuous monitoring ensures a service provider’s solution is progressing with its security requirements and any risks are quickly identified and mitigated. This reduces the burden on SLED entities to create their own cybersecurity programs and conduct comprehensive risk management activities. This helps you and your organization save time and resources that can be used for other strategic initiatives. 

Don’t wait to strengthen your security posture 

As cyber breaches targeting government agencies continue to rise, agencies cannot ignore these debilitating threats. By promoting and adopting one, superior standard, StateRAMP simplifies the process for SLED entities by making it easy to identify secure technology providers and allows your IT teams to focus on other pressing priorities. As more states, local governments, and educational institutions adopt StateRAMP, you can stay ahead of the curve by doing the same.  

As you look to strengthen the security posture for your agency, make sure you look for and think about the following:  

  • How can I trust that the technology provider will keep my sensitive data secure?
  • Do I have the resources to conduct my own comprehensive security assessment on each cloud provider to the degree that StateRAMP otherwise guarantees? 
  • Is my state adopting StateRAMP for technology providers? 
  • Is this technology provider already StateRAMP Authorized? 
  • How will I know if my current provider is meeting our security requirements? 

As the first public safety technology company to achieve StateRAMP High Impact Level Authorization, Mark43 brings the most mature security controls to Computer-Aided Dispatch, Records Management System, and Analytics platforms delivered on Amazon Web Services (AWS) GovCloud. Reach out for a demo using the form on this page. 

Request a Demo