TX-RAMP Overview

What is a RAMP?
• A Risk and Authorization Management Program focuses on assessing the
potential for negative consequences relating to information assets, ensuring that
systems are formally approved prior to operationalizing, and monitoring the
security posture of those systems on a continuous basis to minimize those
potential negative outcomes.
• DIR was charged with building a statewide RAMP (TX-RAMP) by December 1,
2021, via SB 475 of last session.
• Texas is one of the first states to implement a statewide RAMP, taking inspiration
from FedRAMP, StateRAMP, and AZRAMP

 

Texas Risk & Authorization Management Program
• Who does this apply to?
• State Agencies
• Public Institutions of Higher Education
• Public Community Colleges
• Cloud Service Providers
• What does this apply to?
• Contracts to purchase cloud computing services for the state organization.
• SB 475 also requires agencies to include contract language regarding required security
controls expected of third parties (cloud or otherwise).
• When does this take effect?
• The program took effect January 1, 2022
• Minimum certification level requirements prior to entering or renewing a contract are
staggered

 

 

Get started today!