More state cybersecurity leaders have been working to ensure their organizations' cloud IT vendors have products that meet certification program standards, according to StateScoop.
"What we want to do is that once we know a vendor has a security posture established, we need to figure out what the shared responsibility model for the consumer-provider relationship. It’s not good enough to say I’m in a FedRAMP environment like AWS or Google Cloud or Azure, but how do I configure my responsibilities in that environment to ensure I remain secure?" said Michigan Deputy Chief Security Officer Jayson Cavendish at StateScoop's Cybersecurity Modernization Summit. Meanwhile, Texas has also established its own TexRAMP program, which permits vendors approved by FedRAMP or StateRAMP but also introduces standards tailored for the state's agencies. "What we're asking is that vendors have the same security controls that we ask of our state agencies," said Texas Chief Information Security Officer Nancy Rainosek.