Government agencies and contractors face a growing challenge: proving cloud security compliance across multiple standards, jurisdictions, and procurement processes. For state and local organizations, that challenge just got easier. To simplify the process of security verification for a government-compliant solution, the Government Risk and Authorization Management Program (GovRAMP) standardizes the security requirements across CSPs serving state and local governments.

Oracle US Government Cloud’s GovRAMP authorization demonstrates Oracle’s continued commitment and investment in US government business, with an enhanced emphasis on our state and local customers and the commercial entities that serve them. These customers can leverage proven Oracle Cloud Infrastructure (OCI) controls to demonstrate their own security posture, making it easier for solution accreditation.

What’s the difference between GovRAMP and FedRAMP?

GovRAMP, previously known as StateRAMP, is a newer certification developed by a consortium of government and commercial entitles. GovRAMP uses the same NIST SP 800-53 controls that form the foundation for Federal Risk and Authorization Management Program (FedRAMP) and offers a fast-track for cloud providers who already have a FedRAMP Authorization. GovRAMP fills the gap for CSPs and solution providers that cater to the state and municipal government but do not serve the federal government.

Since FedRAMP requires a federal agency to sponsor a FedRAMP authorization, providers with no federal customers have no path to demonstrate their security posture. GovRAMP fills this void and gives providers a path to demonstrate achievement against the NIST 800-53 controls. GovRAMP allows government customers to join the consortium at no cost and offers commercial providers multiple levels of membership.

Who needs GovRAMP authorization?

GovRAMP is a valued certification for any CSP that serves the public sector, especially state and local governments and supporting contractors. As GovRAMP is expected to become a standard contract requirement as an alternative to FedRAMP in state and local cloud contracts, choosing a GovRAMP-authorized CSP will help simplify the procurement process.

The current list of SLED (state, local, and education) organizations that have agreed to recognize GovRAMP is shown here.

How can Oracle Government Cloud help you achieve GovRAMP compliance?

Oracle US Government Cloud has been evaluated against the NIST 800-53 controls by a third-party auditor. Oracle US Government Cloud also maintains FedRAMP High authorization and Defense Information Systems Agency (DISA) Impact Level (IL) 2 and IL4 authorizations.

Oracle US Government Cloud is an ideal platform for customers to build a GovRAMP-compliant solution, as customers can inherit our validated NIST controls as demonstrated by our government certifications and authorizations. Native security controls can be combined with industry-leading data management tools to simplify the creation, management, sharing, and deletion of government data. 

Oracle Government Cloud is priced the same as our commercial offerings, so there is no cost penalty for the additional compliance. With the Oracle Everything Everywhere advantage, Oracle US Government Cloud customers will have access to the same innovation and technology as our commercial cloud offerings to deliver solutions in the cloud. This innovation includes AI and GPUs, the leading analytics platform, native tools for Network and Web Application Firewall, mature Identity and Access Management Service, powerful integration, and built in security tools such as Data Guard and Data Safe, Key Management, Vulnerability Scanning, and Threat Intelligence.

Additionally, Oracle has created tools to help overcome the complexity and effort required to meet compliance objectives, such as compliance guides and landing zones, including the OCI Core Landing Zone and the SCCA Landing Zone.

How to get started with GovRAMP compliance

Building a compliant solution, whether you are a government agency or commercial entity serving government, can be intimidating. Oracle may assist you in achieving GovRAMP accreditation by offering cloud services with certain demonstrated and proven controls.

Oracle Cloud for Government is an excellent platform to host a service or organization seeking GovRAMP compliance. Oracle has a dedicated team and established resources ready to support your migration and help you achieve your goals for accreditation.

To learn more, use the following resources: