Skip to form
StateRAMP Security Review Request Form
First Name
*
Last Name
*
Email
*
Phone Number
*
Please format as XXX-XXX-XXX ext. XXXX
Position or Title
*
Ex: Chief Information Security Officer
Company Name
*
Is your organization a StateRAMP member?
*
Yes
No
I don't know
What is the name of the product, service, or offering being assessed?
*
Please provide a brief description to be included in your product's Authorized Product List profile.
*
Please select the categories that best match your product.
*
Please select at least 2 of the options below. If you would like to include an extra category for your product, please select "Other" and specify your preference in the free text field.
Access Management
Application Security
Audit Management
Automation
Business & Communications Systems
Capital Planning & Construction Management
Case Management
Cloud Security
Cloud Services
Communications Systems
Content Collaboration
Customer Engagement
Customer Management and Experience Solutions
Cyber Training and Awareness
Data Loss Prevention
Data Management
Disaster Recovery
Document Management
E-Discovery
Encryption and Decryption Services
E-Procurement & Compliance
General Support System
GRC Management
Identity and Access Management
Incident Response and Management
Infrastructure
Learning Management System
Legal & Compliance Software
Mobile Device Management
Network Security
Networking
Risk Management
Security Information and Event Management
Vendor Management
Vulnerability Assessment
Workforce Management
Other
Is the product part of an RFP response for a government agency which requires or prefers StateRAMP security validation?
*
Yes
No
Please select the type of review you would like the PMO to conduct.
*
A state or local government, tribal agency, or public higher education institute (SLED) is required to act as a government sponsor to complete a standard Authorization Review or Fast Track for StateRAMP Authorization.
Please Select
Ready Review
Authorization Review
StateRAMP Fast Track for Ready
StateRAMP Fast Track for Authorized
Do you have a government sponsor who has agreed to receive and sign-off on your product's security documentation?
*
A government sponsor must be an individual or agency representing a state, local, or tribal government or public higher education institute. A government sponsor is required to obtain a StateRAMP Authorized or Provisional status.
Yes
No
I want to send my product to the Approvals Committee
Information System Management Lead for the product
*
This is the executive responsible for overseeing the IT and Security groups at your organization.
Please provide the Information System Management Lead's email.
*
This is the executive overseeing IT and Security groups email.
Information System Technical Lead for the product
*
This is the IT leader responsible for the System Administrator team at your organization.
Please provide the Information System Technical Lead's email.
*
This is the IT leader's email responsible for the System Administrator team.
Security Lead for the product
*
This is the individual who is responsible for the StateRAMP security program at your organization.
Please provide the Security Lead's email.
*
This is the individual who is responsible for the StateRAMP security program
3PAO Name
*
Please Select
A-Lign
Booz Allen Hamilton
Burke Consortium
Coalfire
Control Case
DataLock
Deloitte
Earthling Security
EmagineIT
EmeSec
Excentium
First Information Technology Services (FITS)
Fortreum
Ignyte
Information Technology Company
InfusionPoints
Kompleye
Kratos Defense
Lazarus Alliance
Linford & Co
Lunarline
MBL Technologies
MegaPlanIT
MindPoint Group
NCC Group
RSM
Schellman & Company
SecureIT
Securisea
Sentar
Sera-Brynn
Talatek
Tevora
The Cadence Group
Vaultes
Your 3PAO's primary point of contact
*
Your 3PAO's point of contact email.
*
Impact Level
High
Moderate
Low
Unknown
Select the operational status that best describes the product being assessed.
*
Operational: The system is operating and in production.
Under Development: The system is being designed, developed, or implemented.
Major Modification The system is undergoing a major change, development, or transition.
Please Select
Operational
Under Development
Major Modification
Other
Product Architecture
*
Please Select
Software as a Service (SaaS)
Platform as a Service (PaaS)
Infrastructure as a Service (IaaS)
Other
Deployment Model
*
Public: Cloud services and infrastructure support multiple organizations and government clients.
Private: Cloud services and infrastructure are dedicated to a specific organization or government.
Government Only Community: Cloud services and infrastructure are shared by several organizations or governments with the same policies and compliance considerations.
Hybrid: Cloud services and infrastructure are used for secured applications and data where required, and a public cloud for other applications and data.
Please Select
Government Only Community
Public
Private
Hybrid
Billing Point of Contact Name
*
Billing Point of Contact Email
*
Company Billing Street address
*
Company Billing City
*
Company Billing State/Region
*
Company Billing Country/Region
*
Company Billing Postal code
*
Company Billing Postal Code Extension
What is your annual revenue?
*
Less than $1 Million
Between $1 Million to $5 Million
More than $5 Million
PMO Security Review Payment options
*
Payment options for the PMO to conduct the review. You can pay via credit card or be invoiced.
Please Select
Pay by Credit Card
Pay by Invoice
Continuous Monitoring Payment Options
*
If awarded a status, ConMon will begin 30 Days from your Status Award Date
Please Select
Pay Monthly balance via CC
Pay Annual balance via Invoice
Do you require a non-disclosure agreement (NDA)? If so, we will send you our standard NDA for review upon submission of this form.
Yes
No
By checking the box, you agree to the following terms of use (“Terms”):
You attest that you represent a service provider offering IaaS, PaaS, and/or SaaS solutions that process, store, and/or transmit state and local government data including, but not limited to, PII, PHI, and PCI and that all information provided through this site (“Site”) is complete and accurate. You agree to pay the appropriate fees to the StateRAMP PMO before any review or assessment is done on any submitted security packet. You understand all submitted documents must be in the correct StateRAMP document templates and that review and/or assessment can be suspended until such time as the submitted documents are provided in the correct format. You understand the 3PAO who completed the security assessment for your product, service, or offering is the only entity who can submit documents to the StateRAMP portal. You understand the StateRAMP PMO only accepts and reviews security packets submitted by StateRAMP-approved 3PAOs.
You agree to upload all requested information (“Information”) into the StateRAMP PMO Site. By accessing or using this Site, you acknowledge that you have read, understood, and agree to be bound by these Terms and all applicable laws and regulations. The Terms govern your use of the Site and any Content that StateRAMP may make available through the Site. StateRAMP may change the Terms from time to time in its sole discretion without notice. StateRAMP reserves the right to terminate or modify the Site including any of its content, in whole or in part, in any manner in StateRAMP’s sole discretion, without notice. Access to the Site is granted at StateRAMP’s sole discretion and may be revoked at any time.
As a condition of your use of this Site, you will not use the Site for any purpose that is unlawful or prohibited by these terms, conditions, and notices. You may not use the Site in any manner that could damage, disable, overburden, or interfere with any other party’s use and enjoyment of the Site.
Content on the Site is not promised or guaranteed to be correct, current, or complete and the Site may contain technical inaccuracies or other errors. StateRAMP assumes no responsibility for updating the Site to keep information current or to ensure the accuracy or completeness of any posted information. You should confirm the accuracy and completeness of all posted information before making any decision related to any services, products or other matters described in the Site.
*
If you choose, or you are provided with, a username, password, or other information as part of StateRAMP’s security procedures, you must treat such information as confidential and you must not disclose it to any third party. You agree that you are solely responsible to us for all activities identified with your account. You agree to immediately notify StateRAMP of any unauthorized use of your username or password or any other breach of security. You must logout from your account at the end of each session. You should use particular caution when accessing your account from a public or shared computer so that others are not able to view or record your password or other personal information. StateRAMP has the absolute right to disable any username or password, at any time, for any reason, including, if in our sole discretion we believe that you have failed to comply with any provision of these Terms.
You agree that you are solely responsible for any activity associated with your account and any Information that you submit or otherwise upload to the Site. By uploading any such Information to the Site, you hereby grant StateRAMP an irrevocable, perpetual, non-exclusive, worldwide, fully-paid and royalty-free right and license to use, copy, modify, reproduce, translate and publish any such Information only for StateRAMP’s business purposes. All Information submitted via the Site is hosted by a third party service provider, not StateRAMP, and StateRAMP shall have no liability whatsoever for the security or storage of such Information. You understand that the Site is neither intended nor designed for the uploading, collection, storage or protection of any protected health information (“PHI”) governed by the Health Insurance Portability and Accountability Act and its implementing regulations (“HIPAA”), nor does it need or request any non-public consumer personally identifiable information or financial information governed by the Gramm-Leach-Bliley Act (“GLBA”) or payment card information covered by the Payment Card Industry Data Security Standards (“PCI DSS”). You should never disclose, or allow to be disclosed, PHI, information protected by PCI DSS or GLBA, or other sensitive information to StateRAMP. In the event that you disclose such information (which would be a violation of these Terms), you, on behalf of your organization, acknowledge that StateRAMP does not take steps to ensure its products are HIPAA or PCI compliant. All obligations of the aforementioned regulations remain solely with you.
UNDER NO CIRCUMSTANCES SHALL STATERAMP BE LIABLE FOR ANY TYPE OF DAMAGES OR CLAIMS RELATED TO THE SITE, INCLUDING BUT NOT LIMITED TO, INCIDENTAL, SPECIAL, PUNITIVE, INDIRECT OR CONSEQUENTIAL DAMAGES, EVEN IF STATERAMP OR ITS REPRESENTATIVES HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES OR CLAIMS.
*
Submit