North Carolina adopts GovRAMP cloud security framework for state vendors

Editorial brief

North Carolina will align its cloud product security requirements with the GovRAMP framework, standardizing expectations for providers and reducing duplicative security reviews. The updated requirements take effect April 1, 2026, and apply to all vendors selling cloud services to state agencies. GovRAMP and North Carolina plan educational webinars for providers ahead of the effective date.