North Carolina latest to require vendors to meet GovRAMP cloud security standard

North Carolina’s Department of Information Technology on Wednesday announced that, starting in April, it will require cloud vendors working with executive agencies to meet security standards set by GovRAMP, the nonprofit standards group formerly known as StateRAMP.

In a press release, the department said it also plans to make it easier and faster for agencies to buy secure technology, onboard vendors and launch new online services for residents.

“This is about more than compliance. It’s about trust and progress,” State Chief Information Officer Teena Piccione said in the release. “The public expects secure, reliable services. By adopting a consistent approach, we’re not only protecting the state’s digital assets, but we are empowering agencies to more quickly deliver online services for North Carolinians.”

The Government Risk and Authorization Management Program acts like a security seal of approval. It provides state agencies with a cybersecurity framework, based on recommendations by the National Institute of Standards and Technology, and checks whether cloud companies follow strong cybersecurity practices, including independent audits and ongoing monitoring.

Bernice Russell-Bond, North Carolina’s chief information security officer, said the partnership will better protect sensitive information from threats like data breaches and ransomware.

“Cybersecurity is a shared responsibility,” Russell-Bond said in the release. “This partnership builds a stronger foundation for resilience and trust, creating an environment where technology can thrive securely and efficiently.”

North Carolina joins more than 23 states — including California, Florida and Georgia — that already use or recognize GovRAMP’s standard for evaluating cloud providers.