The Texas Risk and Authorization Management Program (TX-RAMP) is a program that assesses the security of cloud services that store, process, or transmit data for Texas state agencies. TX-RAMP was created by the Texas Department of Information Resources (DIR).
TX-RAMP’s requirements include:
- Security assessment: A standardized approach for assessing the security of cloud services
- Authorization: A standardized approach for authorizing cloud services
- Continuous monitoring: A standardized approach for continuously monitoring cloud services
- Compliance: Cloud providers must comply with the DIR framework and continuously comply to be accepted
TX-RAMP has three certification levels:
- Level 1: For public or non-confidential data
- Level 2: For confidential data
- Provisional: An interim period for agencies to contract with cloud services that are working towards full certification
As of January 1, 2022, all cloud services subject to TX-RAMP Level 2 must be certified before contracting with state agencies. Cloud services subject to TX-RAMP Level 1 must be certified on or after January 1, 2024.
