MCG Energy is Preparing for StateRAMP

Getting Ready for StateRAMP

MCG Energy is pleased to announce that we are in the final review stage for FedRAMP authorization, and we are also getting our systems and applications ready for StateRAMP. With StateRAMP gaining momentum through a number of state and local governmental entities, MCG Energy is preparing our dynamic and natively integrated Energy Software Suite for this program.

Contact Us about our energy SaaS Security Procedures

What Is StateRAMP?

Created in 2021, StateRAMP is a cybersecurity certification program designed to enforce standards for cloud hosting for state governments. It is a nonprofit organization that provides oversight through independent audits and continuous monitoring of cloud security that unites state governments and their suppliers.

Created as a shared service for governments and a streamlined service for suppliers, StateRAMP enables a single verification of products and a reusable certification for the governmental entities served. StateRAMP also provides an Authorized Product List (APL) that logs the products that have earned security status and products that are currently in the process of receiving the same security process.

Which States Use StateRAMP?

StateRAMP has been making significant strides since its inception, garnering support from numerous states and local governments. The number of participants who are utilizing StateRAMP for validation of their third-party suppliers has experienced a significant surge as a result of the National Association of State Procurement Officials (NASPO) recent naming StateRAMP as a strategic partner.

The rigorous standards and uniformity introduced by this framework have motivated several states to opt into StateRAMP. Currently, 22 states have signed on to StateRAMP as the benchmark for cloud security standardization:

  • Alabama
  • Maine
  • New Hampshire
  • Arizona
  • Massachusetts
  • North Carolina
  • Arkansas
  • Michigan
  • North Dakota
  • California
  • Minnesota
  • Oklahoma
  • Colorado
  • Missouri
  • Oregon
  • Florida
  • Nebraska
  • Texas
  • Georgia
  • Nevada
  • Vermont
  • West Virginia


There are also several participating local governments/organizations:

K-12 and Higher Education

  • Southwest Arkansas Education Cooperative (Arkansas)
  • City of Chandler (Arizona)
  • Fayetteville State University (North Carolina)
  • Sacramento County (California)
  • University of North Carolina System (North Carolina)
  • Arapahoe County (Colorado)
  • Clarendon College (Texas)
  • Hillsborough County Sheriff’s Office (Florida)
  • City of Fishers (Indiana)
  • New York State Local Government Information Technology Directors’ Association (New York)


What Is the Difference Between StateRAMP and FedRAMP?

There are some clear differences between StateRAMP and FedRAMP. While the two appear to share several fundamental characteristics, they are structured and operate independently.

FedRAMP is derived from the financial support of the Office of Management and Budget that provides security assessments of cloud services only for the federal government. Unlike StateRAMP the project management office for FedRAMP only functions as a reviewing body and its documentation is limited to federal agencies that cooperate with providers. In this federal oriented system, providers that earn Ready status are relegated to a 12-month window to secure a sponsor agency to achieve authorization.

What Is FedRAMP?

StateRAMP has been organized as a 501c, non-profit, entity that is overseen by a Board of Directors. Their goal is to improve the standards of cybersecurity for state and local governments through advocacy, education, and policy. This framework operates as a shared resource between governments and providers and enables those particular state and local entities to be granted visibility of the continuous monitoring of their specific vendors.

Learn more about MCG Energy’s Private Cloud Security

The Benefits of Being StateRAMP Authorized

StateRAMP authorization offers numerous advantages, primarily stemming from its ability to establish a concrete and enforceable standard in cyber and cloud security. Furthermore, this framework provides an efficient mechanism for achieving a streamlined and transparent authorization process. These benefits extend further, as they can be measured through heightened security in everyday business operations. Organizations aligning with StateRAMP not only raise their security standards but also seamlessly incorporate these elevated standards into their daily security requirements.
A centralized Project Management Office (PMO) plays a pivotal role in providing collaborating entities with crucial information about vendors with strong cyber and cloud security practices. Through StateRAMP, the PMO ensures consistent and accurate reporting while offering education on security requirements and best practices.

Looking ahead, we anticipate that government-endorsed regulations will become more prevalent in government-utility partnerships. MCG Energy is proactively preparing for this paradigm shift by readiness for StateRAMP and FedRAMP authorization.