The initial list of 24 vendors and 51 products, published last month, has since grown to 29 vendors and 58 products. That includes vendors who are currently in the process of verification.
As of this writing, these are the companies who have achieved a StateRAMP status:
"The continuous monitoring function of StateRAMP is the real difference maker for state and local governments seeking to trust but verify their providers have security controls and processes in place to ensure the data we are placing with them is protected,” said J.R. Sloan, Arizona’s CIO and the president of StateRAMP’s board of directors, in a statement. “Gone are the days of checking a box through self-attestation or submitting a one-and-done SOC 2 Report to validate security. We must adapt to meet the evolving cyber threats, and that requires constant monitoring and reporting so that, as users of technology, state and local governments can be prepared to take action quickly to protect their systems and data, when needed."
The list includes companies that range from giants such as Google and Microsoft down to smaller and newer companies such as ZibaSec. StateRAMP provided a pipeline for companies with FedRAMP designations to complete the process more quickly, and most of the companies on StateRAMP’s list so far have already entered the FedRAMP marketplace.
There are just four vendors on the list with a “verified” designation — Knowledge Services, OCLC, Project Hosts and Zscaler — but it’s possible some of the companies with a “progressing” designation have already been verified and are seeking a higher status.