www.wolterskluwer.com Open in urlscan Pro
2606:4700:4400::6812:2347  Public Scan

Form analysis
0 forms found in the DOM

Text Content

Only limited material is available in the selected language. All content is
available on the global site.
Close


WOLTERS KLUWER NAVIGATION

About Wolters Kluwer
 * Solutions Directory
 * Careers
 * Investors
 * Select Language

About Wolters Kluwer

Wolters Kluwer is a global provider of professional information, software
solutions, and services for clinicians, nurses, accountants, lawyers, and tax,
finance, audit, risk, compliance, and regulatory sectors.



ABOUT US

 * About Wolters Kluwer
 * Strategy
 * Our Organization
 * Management
 * Supervisory Board
 * Value Creation
 * Events

EXPERT INSIGHTS

 * All Expert Insights
 * Health
 * Tax & Accounting
 * Finance
 * Compliance
 * Legal

GET HELP

 * Contact Us
 * Login
 * View Solution List
 * eShop & Bookstores
 * Media Center
 * News & Press Releases


 * Solutions Directory
 * Careers
 * Investors

 * Select Language

PrimaryNav Button

Search Wolters Kluwer
/Feature/WoltersKluwer/OneWeb/SearchHeader/Search
/Feature/WoltersKluwer/OneWeb/SearchHeader/Search
No Suggestion

Expand Search


Visit our global site, or select a location

 * Americas
 * Europe
 * Asia & Pacific

BRAZIL

Home page:
 * Portuguese

CANADA

Home page:
 * English
 * French

LATIN AMERICA

Home page:
 * Spanish

UNITED STATES

Home page:
 * English

Current Page:
 * English

BELGIUM

Home page:
 * Dutch
 * French

CZECH REPUBLIC

Home page:
 * Czech

DENMARK

Home page:
 * Denmark

FRANCE

Home page:
 * French

GERMANY

Home page:
 * German

HUNGARY

Home page:
 * Hungarian

ITALY

Home page:
 * Italian

NETHERLANDS

Home page:
 * Dutch

NORWAY

Home page:
 * Norwegian

POLAND

Home page:
 * Polish

PORTUGAL

Home page:
 * Portuguese

ROMANIA

Home page:
 * Romanian

SLOVAKIA

Home page:
 * Slovak

SPAIN

Home page:
 * Spanish

SWEDEN

Home page:
 * Swedish

UNITED KINGDOM

Home page:
 * English

AUSTRALIA

Home page:
 * English

CHINA

Home page:
 * Simplified Chinese

HONG KONG

Home page:
 * English

INDIA

Home page:
 * English

JAPAN

Home page:
 * Japanese

KOREA

Home page:
 * English

MALAYSIA

Home page:
 * English

NEW ZEALAND

Home page:
 * English

PHILIPPINES

Home page:
 * English

SINGAPORE

Home page:
 * English

TAIWAN

Home page:
 * English

THAILAND

Home page:
 * English

VIETNAM

Home page:
 * English

PRIMARY NAVIGATION

 * Health
   
   Health
   
   Trusted clinical technology and evidence-based solutions that drive effective
   decision-making and outcomes across healthcare. Specialized in clinical
   effectiveness, learning, research and safety.
   
   Health Overview
   
   SOLUTIONS
   
    * UpToDateClinical decision support resource
    * OvidThe world’s most trusted medical research platform
    * LexicompEvidence-based drug referential solutions
    * Sentri7Award-winning infection control and monitoring
   
   View All Solutions
   
   CHALLENGES
   
    * Improving patient outcomes
    * Managing population health
    * Reducing healthcare costs
    * Optimizing telehealth and virtual care
   
   View All Challenges
   
   EXPERT INSIGHTS
   
    * To serve their communities, health systems must recognize social
      determinants of health
    * High-reliability organizations: Technology drives care delivery and
      workforce training
    * Six tips to ace medical school
    * Overcoming script-writing hesitations in obesity management 
   
   View All Expert Insights
 * Tax & Accounting
   
   Tax & Accounting
   
   Enabling tax and accounting professionals and businesses of all sizes drive
   productivity, navigate change, and deliver better outcomes. With workflows
   optimized by technology and guided by deep domain expertise, we help
   organizations grow, manage, and protect their businesses and their client’s
   businesses.
   
   Tax & Accounting Overview
   
   SOLUTIONS
   
    * Tax & Accounting U.S. HubCentral hub for all U.S. solutions
    * CCH Axcess™ SuiteCloud-based tax preparation and compliance, workflow
      management and audit solution
    * CCH® ProSystem fx®Integrated tax, accounting and audit, and workflow
      software tools
    * TaxWise®Tax Preparation Software for Tax Preparers
   
   View All Solutions
   
   EXPERT INSIGHTS
   
    * Health Savings Accounts: Health plan pre-deductible coverage for insulin
      allowed next year
    * 2022 Draft instructions for Form 8889 highlight legislative changes
    * IRS provides automatic relief for late filed 2019 and 2020 returns;
      penalties paid to be refunded
    * Preparing for UK SOX 3 things to know
    * Individual Retirement Accounts: Mandatory amendment deadline moved back
    * Improving the quality of your audit with data analytics
    * Form 990-N filers must use a new sign-in process to file their annual
      reports
    * Tax pros can help extended filer clients by reviewing available tax
      benefits
   
   View All Expert Insights
 * Finance
   
   Finance
   
   Our solutions for regulated financial departments and institutions help
   customers meet their obligations to external regulators. We specialize in
   unifying and optimizing processes to deliver a real-time and accurate view of
   your financial position.
   
   Finance Overview
   
   SOLUTIONS
   
    * CCH TagetikUnified performance management software
    * OneSumX for Finance, Risk and Regulatory ReportingIntegrated regulatory
      compliance and reporting solution suite
    * Lien SolutionsMarket leader in UCC filing, searches, and management
    * eOriginaleOriginal securely digitizes the lending process from the close
      to the secondary market
   
   View All Solutions
   
   EXPERT INSIGHTS
   
    * Whitepaper: Reframing your ESG as a competitive advantage
    * 8 Supply Chain Planning red flags
    * The brutality of commercial lending and the promise of automation
    * 4 signs it’s time to revamp your Supply Chain Planning process
    * Preparing for UK SOX 3 things to know
    * Improving the quality of your audit with data analytics
    * The future of Planning, Budgeting, Forecasting, and Reporting: FSN’s 2022
      Global Survey
    * StateRAMP vs. FedRAMP: How these cybersecurity programs differ
   
   View All Expert Insights
 * Compliance
   
   Compliance
   
   Enabling organizations to ensure adherence with ever-changing regulatory
   obligations, manage risk, increase efficiency, and produce better business
   outcomes.
   
   Compliance Overview
   
   SOLUTIONS
   
    * OneSumX for Finance, Risk and Regulatory ReportingIntegrated regulatory
      compliance and reporting solution suite
    * TeamMateSolutions suite for auditors
    * EnablonSoftware solutions for risk & compliance, engineering & operations,
      and EHSQ & sustainability
    * CT CorporationRegistered agent & business license solutions
   
   View All Solutions
   
   EXPERT INSIGHTS
   
    * CT Expert Insights: Protecting top officials in Delaware corporations,
      with Sandra Feldman
    * Health Savings Accounts: Health plan pre-deductible coverage for insulin
      allowed next year
    * Scope 3 in the EU: key insights for implementing effective GHG emissions
      management
    * How to build your ESG Software business case
    * Expert Insights: Mitigating employer liability for remote employees, with
      Barbara Weltman
    * Compliance and governance for corporations and LLCs under state business
      entity laws
    * A guide to business entity compliance and governance
    * Hazards and risks: What's the difference?
   
   View All Expert Insights
 * Legal
   
   Legal
   
   Serving legal professionals in law firms, General Counsel offices and
   corporate legal departments with data-driven decision-making tools. We
   streamline legal and regulatory research, analysis, and workflows to drive
   value to organizations, ensuring more transparent, just and safe societies.
   
   Legal Overview
   
   SOLUTIONS
   
    * Enterprise Legal ManagementMarket-leading legal spend and matter
      management, contract lifecycle management, and analytics solutions
    * Manual IPThe most comprehensive and detailed resource for IP professionals
    * LegiswayAll-in-one legal management software
    * BizFilingsIncorporation services for entrepreneurs
   
   View All Solutions
   
   EXPERT INSIGHTS
   
    * Infographic: Legal departments increase spend while engaging fewer vendors
    * A guide to business entity compliance and governance
    * LegalVIEW Insights: Legal spend is up but spread among fewer vendors
    * Checklist: 10 questions claims departments should answer with analytics
    * Pave the way to year-end success (infographic)
    * Case study: A leading financial services organization defines a legal
      technology roadmap that delivers efficiencies and savings with LegalVIEW
      BillAnalyzer and Passport
    * Legal Leaders Exchange: Giving law firms a roadmap for engagement
    * Conducting due diligence and document searches for international projects
   
   View All Expert Insights

 1. Back to Home >
 2. Back to Expert Insights >
 3. StateRAMP vs. FedRAMP: How these cybersecurity programs diff...


ComplianceFinanceTax & AccountingAugust 08, 2022


STATERAMP VS. FEDRAMP: HOW THESE CYBERSECURITY PROGRAMS DIFFER

By: TeamMate

Trying to modernize public sector technology while keeping up with cybersecurity
threats can feel overwhelming. Governments want to take advantage of the power
and flexibility of innovations in areas like cloud computing. But limited
resources place a strain on reviewing new vendors.

The good news is that cybersecurity frameworks/programs like StateRAMP and
FedRAMP streamline cloud procurement. Government organizations can also gain
more assurance over their cybersecurity by choosing from vetted vendors.

However, it’s important to realize the differences between StateRAMP and
FedRAMP. It’s not a matter of picking whichever one sounds better to you.
Instead, StateRAMP is designed for state and local governments, while FedRAMP is
used by federal agencies.

Not only do the target markets differ, as the names imply, but the services
these programs provide vary as well. In this article, we’ll take a closer look
at StateRAMP vs. FedRAMP.


WHAT IS STATERAMP?

StateRAMP is a non-profit membership organization that helps state and local
governments find cloud service providers that meet certain cybersecurity
standards.

While StateRAMP is not officially affiliated with the US government, it uses the
National Institute of Standards and Technology (NIST) requirements to create a
list of authorized vendors.

Membership is open for free to any state, local, education, tribal/territorial
official or employee that’s responsible for information security, IT, privacy,
and/or procurement, explains StateRAMP. A service provider can also obtain
membership for a fee and can apply to get on the StateRAMP Authorized Vendor
List.


WHAT IS FEDRAMP?

FedRAMP is a federal program that federal agencies use to procure cloud services
that meet NIST security standards. Rather than having every agency conduct their
own security review for a cloud service offering (CSO) from scratch, FedRAMP
standardizes and streamlines the process.

“A Cloud Service Provider (CSP) goes through the authorization process once, and
after achieving FedRAMP Authorization for their CSO, the security package can be
reused by any federal agency,” explains FedRAMP.

The FedRAMP program is part of the General Services Administration (GSA). And
rather than being something that federal agencies choose to join, there are
requirements to use the program when an agency works with a cloud-deployed
product or service.

“FedRAMP is mandatory for all executive agency cloud deployments and service
models at the Low, Moderate, and High-risk impact levels,” as is explained in
the FedRAMP FAQ.


STATERAMP VS. FEDRAMP

StateRAMP and FedRAMP may sound similar, but there’s more than just a name that
separates them. At their core, both programs help government agencies identify
and procure cloud-service offerings that meet strong cybersecurity standards.


DIFFERENCES BETWEEN STATERAMP VS. FEDRAMP

As mentioned, the main difference between StateRAMP and FedRAMP is that
StateRAMP can be used by state and local governments, while FedRAMP is a federal
program.

FedRAMP is also an official government program, whereas StateRAMP is a
non-profit that is not affiliated with the U.S. federal government. FedRAMP has
mandatory requirements for federal agencies, whereas compliance requirements to
use StateRAMP vary among different state and local governments.

The way the programs operate also differs. FedRAMP is designed to support
federal agencies that want to modernize their workflow and mandates the use of
authorized cloud-services. While StateRAMP follows a similar path for local and
state agencies, requirements are established at the state level.


SIMILARITIES BETWEEN STATERAMP AND FEDRAMP

Both StateRAMP and FedRAMP use NIST Special Publication 800-53 Rev. 4
requirements to assess cloud-service providers for potential authorization. They
are both moving toward Rev. 5 requirements.

The way the programs provide verifications and use NIST controls is also
similar.

“StateRAMP and FedRAMP use impact levels of low, moderate, and high that align
with NIST controls,” explains StateRAMP. “They utilize verified statuses of
Ready and Authorized.”

Both programs have requirements for continuous monitoring (known as ConMon) of
cloud service offerings.

These types of commonalities can be useful for those who work with both
verification programs. For example, a state employee might be familiar with
FedRAMP authorization if they worked with a federal agency previously, and now
they might have an easier time using StateRAMP to procure cloud services.


USING STATERAMP IN CONJUNCTION WITH AUDITS

StateRAMP can help public sector auditors in several ways. For example, if you
conduct an audit and identify technology and/or cybersecurity gaps, you might
look to change vendors. In that case, turning to StateRAMP could help.
Similarly, federal agencies would turn to a FedRAMP list of vendors for
procurement.

If your organization already uses StateRAMP certified providers, then that might
give you some assurance regarding the cybersecurity posture of those third
parties.

Part of your audit process might include identifying which vendors you’re
already working with that are part of the StateRAMP Authorized Product List. You
also can note which ones are working toward full authorization. There are
different statuses such as StateRAMP “In Process” and StateRAMP “Ready” that
signify where a cloud service provider is on their StateRAMP authorization
journey.

And as you work toward improving your IT internal controls and strengthening
risk mitigation, you can turn to tools like TeamMate+. Not only can TeamMate+
provide an environment that meets FedRAMP security standards and guidelines, but
it also helps you audit more securely, effectively, and efficiently. TeamMate+
is a FedRAMP authorized vendor, and we’re “In Process” with StateRAMP.

SUBSCRIBE BELOW TO RECEIVE MONTHLY EXPERT INSIGHTS IN YOUR INBOX


TeamMate
For auditors who are challenged to improve audit productivity while delivering
strategic insights, TeamMate provides expert solutions, delivered with premium
professional services, to auditors around the globe and in every industry.

Explore related topics
Expert insightsCloud solutionsRisk managementAudit
Solutions

TeamMate+ Public Sector


Audit management

Learn More

Develop flexible work plans for multiple audit teams, project types and audit
universes to confidently provide assurance to risk, regulatory and legislative
requirements with transparency and reliability.

Learn More
View a Demo
Contact Us

RELATED INSIGHTS


Preparing for UK SOX 3 things to know What’s new with CCH Axcess™ Audit?
Enhancing the internal audit experience in the life sciences and advanced
technology industries


RELATED INSIGHTS

 * Article
   Tax & Accounting
   August 29, 2022
   2022 Draft instructions for Form 8889 highlight legislative changes
   Draft instructions for 2022 Form 8889, Health Savings Accounts (HSAs) reflect
   several important legislative changes.
   Learn More
 * Article
   Compliance
   Legal
   August 26, 2022
   A guide to business entity compliance and governance
   Some business entities are subject to a great many compliance requirements.
   Learn more in our handy reference guide for business entity compliance.
   Learn More
 * Video
   Compliance
   August 25, 2022
   Hazards and risks: What's the difference?
   Jean-Grégoire Manoukian explains the difference between hazards and risks,
   the relationship between the two, and why ‘likelihood’ and ‘probability’ are
   different concepts.
   Learn More
 * Article
   Compliance
   Finance
   August 25, 2022
   The brutality of commercial lending and the promise of automation
   The process of issuing a commercial loan is manual, lengthy, and thankless;
   margins for most lenders are razor-thin. Learn how you can mitigate
   throughout the commercial loan life cycle.
   Learn More

FOOTER NAVIGATION

 * About Wolters Kluwer
 * Strategy
 * Our Organization
 * Management
 * Supervisory Board
 * Value Creation
 * News & Press Releases
 * Events

 * Solutions Directory
 * Health
 * Tax & Accounting
 * Finance
 * Compliance
 * Legal

 * Expert Insights
 * Careers
 * Investors
 * Sitemap
 * Site Owner
 * 


TEAMMATE

 * Support
 * Services
 * View a Demo
 * Contact Us



FOLLOW TEAMMATE

 * LinkedIn
 * Facebook
 * Twitter
 * YouTube

When you have to be right

 * Terms of Use
 * Privacy & Cookies



© 2022 Wolters Kluwer N.V. and/or its subsidiaries. All rights reserved.

Back To Top


We use cookies for various purposes including enabling website functionality and
personalized marketing activities. You can select your cookie preferences by
clicking the buttons on the right. For more information about cookies, please
review our Privacy & Cookie Notice

Reject All Cookies Accept All Cookies
Manage Cookie Preferences



PRIVACY PREFERENCE CENTER

When you visit any website, it may store or retrieve information on your
browser, mostly in the form of cookies. This information might be about you,
your preferences or your device. Because we respect your right to privacy, you
can choose not to allow certain types of cookies on our website. Click on the
different category headings to find out more and manage your cookie preferences.
However, blocking some types of cookies may impact your experience on the site
and the services we are able to offer.
Privacy & Cookie Notice
Allow All


MANAGE CONSENT PREFERENCES

STRICTLY NECESSARY COOKIES

Always Active

These cookies are necessary for the website to function. They are usually set in
response to actions made by you which amount to a request for services, such as
setting your privacy preferences, logging in or filling in forms. You can set
your browser to block or alert you about these cookies, this may have an effect
on the proper functioning of (parts of) the site.

View Vendor Details‎

FUNCTIONAL COOKIES

Functional Cookies

These cookies enable the website to provide enhanced functionality, user
experience and personalization, and may be set by us or by third party providers
whose services we have added to our pages. If you do not allow these cookies,
then some or all of these services may not function properly.

View Vendor Details‎

PERFORMANCE COOKIES

Performance Cookies

These cookies support analytic services that measure and improve the performance
of our site. They help us know which pages are the most and least popular and
see how visitors move around the site.

View Vendor Details‎

ADVERTISING COOKIES

Advertising Cookies

These cookies may collect insights to issue personalized content and advertising
on our own and other websites, and may be set through our site by third party
providers. If you do not allow these cookies, you may still see basic
advertising on your browser that is generic and not based on your interests.

View Vendor Details‎
Back Button


PERFORMANCE COOKIES



Search Icon
Filter Icon

Clear
checkbox label label
Apply Cancel
Consent Leg.Interest
checkbox label label
checkbox label label
checkbox label label

 * 
   
   View Cookies
   
    * Name
      cookie name

Reject All Confirm My Choices