St. PAUL, MN – [July 11, 2025] – The State of Minnesota has officially partnered with GovRAMP, a non-profit organization dedicated to improving cloud security standards for state and local governments. This collaboration represents a significant advancement in Minnesota's ongoing efforts to fortify its digital infrastructure and protect sensitive information. 

GovRAMP is a shared service for government and a streamlined service for vendors, allowing them to certify their products once and reuse that authorization with multiple government agencies. Its Authorized Product List tracks products that have achieved or are actively pursuing security verification.   

“Minnesota’s partnership with GovRAMP will strengthen our cyber defenses and allow the State to continue building a resilient digital environment to protect sensitive state data, networks, and systems,” said John Israel, Minnesota’s chief information security officer. “It ensures that vendors entrusted with Minnesota’s most sensitive data follow best practices and meet our rigorous cybersecurity standards. Together, we’re creating a safer digital environment for the people we serve.” 

By becoming a member of GovRAMP, Minnesota gains access to GovRAMP’s resources, continuous monitoring capabilities, and a robust risk management framework. This alliance will streamline the procurement process for cloud services while ensuring Minnesota uses only the most secure and compliant solutions.  

“Governments today face extraordinary challenges in protecting their digital assets,” said Leah McGrath, executive director at GovRAMP. “Minnesota’s collaboration with GovRAMP is a testament to their forward-thinking approach to cybersecurity. We are proud to support their efforts to secure critical data and systems.”  

Vendor contracts and requirements will change: 

• Effective Oct. 1, 2025:
  • All new state contracts for cloud-based vendors handling high-categorized data will include GovRAMP requirements.  
  • All existing state contracts with cloud-based vendors handling high-categorized data will have GovRAMP requirements added during amendments or renewals. 
• By April 1, 2027:
  • All cloud-based vendors handling high-categorized data – both new and existing – must be GovRAMP Authorized. 

The state will accept a vendor’s FedRAMP Authorization in place of GovRAMP Authorization, but the vendor must enroll in GovRAMP’s continuous monitoring program. 

For information and or questions about how service providers can participate, visit the State of Minnesota program page on GovRAMP’s website or contact get@GovRAMP.org.