stateramp/regulator/
11 states adopt GovRAMP to cut redundant vendor security reviews
Editorial brief
Arizona, Indiana, Massachusetts, Minnesota, Nevada, New Hampshire, North Carolina, North Dakota, Oregon, Texas, and Utah are using GovRAMP to streamline vendor security assessments and reduce duplicative reviews in cloud procurement, according to an April 22 GovRAMP roundup. Nevada will require GovRAMP-based vendor security evaluations beginning July 1, 2026. The program gives state CIOs and CISOs a single, nationally aligned framework for third-party risk management, replacing state-specific assessment programs such as Arizona's AZRAMP.
Published ·Updated