State of Minnesota and GovRAMP
About the GovRAMP Program
As cybersecurity threats become more sophisticated, states must continually bolster efforts to safeguard their most sensitive data. Minnesota’s partnership with GovRAMP – a collaborative initiative that enhances digital infrastructure and strengthens cybersecurity processes – is one of the many ways Minnesota fortifies its cyber resiliency. This partnership supports Minnesota’s efforts to reduce risk, improve operational efficiency, secure public data, and ensure equitable access to digital services.
An important aspect of this initiative is managing third-party risk – identifying, evaluating, and minimizing threats that arise from working with vendors that handle sensitive data or deliver critical services. Without proper oversight, third-party relationships could lead to supply chain attacks, data breaches, and operational disruptions. Minnesota upholds the integrity of its systems and the public’s trust through the enforcement of rigorous security standards, compliance protocols, and vendor accountability
GovRAMP supports this work by offering a standardized framework to assess the cybersecurity readiness of third-party vendors. Modeled after FedRAMP, it provides tools for ongoing monitoring and evaluation of cloud service providers. With GovRAMP, governments can confidently engage with vendors that meet strict security benchmarks – protecting sensitive information.
Through this partnership, Minnesota simplifies its risk-management approach, optimizes resources, and reinforces cloud security standards. This forward-looking step enhances data protection and supports the state’s broader goals for digital cybersecurity resilience.
Learn more at govramp.org.
Effective Oct. 1, 2025:
- All new state contracts with cloud vendors handling high-categorized data must include GovRAMP requirements.
- Existing contracts will be updated with GovRAMP requirements during renewals or amendments.
By April 1, 2027:
- All cloud vendors managing high-categorized data must be GovRAMP Authorized.
Note for FedRAMP authorized vendors: The state will recognize a vendor’s FedRAMP Authorization in lieu of separate GovRAMP Authorization. However, the vendor must enroll in GovRAMP’s continuous monitoring program to provide the state with access to ongoing security reports and audit data. This is necessary because FedRAMP continuous monitoring materials are available only to federal entities and not accessible to state agencies.
For further guidance, contact info@govramp.org.
GovRAMP enables service providers to become authorized through a sequence of steps that are streamlined and can translate across participating states and local jurisdictions in order to reduce redundancy and improve efficiency. Explore full details on the GovRAMP for Service Providers page.
Upcoming Events
Minnesota & GovRAMP: What Vendors Need to Know
July 30 | 1 to 2 p.m. CT
Join us for a GovRAMP webinar on the upcoming changes to Minnesota’s security policies and standards.
Minnesota & GovRAMP: What Vendors Need to Know
Aug. 27 | 1 to 2 p.m. CT
Join us for a GovRAMP webinar on the upcoming changes to Minnesota’s security policies and standards.
GovRAMP PMO Office Hours
The first Wednesday of each month
Join the GovRAMP PMO for a live virtual session designed as an open forum to support your questions and engagement.
Announcements & Resources
- GovRAMP Program Management Office (PMO) Offce Hours: Join live, virtual sessions from 1:30 to 2 p.m. CST on the first Wednesday of every month. These Q&A sessions connect you directly with GovRAMP staff for guidance on authorization, assessments, and requirements. Visit GovRAMP’s event page for details.
- State of Minnesota Bidding Opportunities: View current solicitations and contract postings.
- Minnesota Procurement: Learn how to do business with the State of Minnesota.
- Minnesota Enterprise Information Security Policies & Standards: Review the state’s security policies.
State of Minnesota
Bidding Opportunities
Click below to see the list of current government solicitations for the State of Minnesota.
Minnesota Enterprise Information Security Policies & Standards
Click below to see the State’s Standards and Guidelines.
Contact Information and Trainings
Contact Information and Educational Opportunities will be listed here as they become available.
Other Participating Governments
GovRAMP is accepted by Minnesota and other states. Click below to see a list of GovRAMP’s participating governments.
State and Local Government
Contact us and schedule a conversation to get started. For more information about how GovRAMP works with governments, visit our Governments page.
Providers
For many service providers, meeting security standards and supplying documentation to governments can be time consuming and costly. GovRAMP allows service providers to leverage their verified IaaS, PaaS, and SaaS solutions across multiple government contracts. Learn more about the benefits and process for service providers, or contact our team to get started.