Information Security
Information Security

Texas Risk and Authorization Management Program (TX-RAMP)

On this page:

TX-RAMP Certified Products

TX-RAMP Overview and Implementation Dates

Additional TX-RAMP Information

Frequently Asked Questions

Announcements

TX-RAMP Manual v2.0 and TX-RAMP Control Baselines 2.0 are now in effect as of December 1, 2022.

Enroll in the TX-RAMP mailing list to receive TX-RAMP email notifications.

TX-RAMP Certified Cloud Products

Access the latest list of cloud computing services certified through TX-RAMP.

.xlsx (546.25 KB)
TX-RAMP Certified Cloud Products
Last Updated: 05-22-2023

List of cloud computing products that have been certified through the Texas Risk and Authorization Management Program (TX-RAMP)

Overview of TX-RAMP

In the 87th Legislative Session, the Texas Legislature passed Senate Bill 475, requiring the Texas Department of Information Resources (DIR) to establish a state risk and authorization management program that provides “a standardized approach for security assessment, authorization, and continuous monitoring of cloud computing services that process the data of a state agency.”  To comply, DIR established a framework for collecting information about cloud services security posture and assessing responses for compliance with required controls and documentation. Texas Government Code 2054.0593 mandates that state agencies as defined by Texas Government Code 2054.003(13) must only enter or renew contracts to receive cloud computing services that comply with TX-RAMP requirements beginning January 1, 2022.

When does it take effect?

  • Cloud offerings subject to TX-RAMP Level 1 certification must obtain a TX-RAMP certification to contract with state agencies or institutions of higher education and public community colleges on or after January 1, 2024.
  • Cloud offerings subject to TX-RAMP Level 2 certification must obtain a TX-RAMP certification to contract with state agencies or institutions of higher education and public community colleges on or after January 1, 2022.
  • Cloud offerings that obtain TX-RAMP Provisional Status must obtain a TX-RAMP certification (or equivalent StateRAMP/FedRAMP authorization) within 18 months from the date that Provisional Status is conferred as reflected in DIR’s files.

Which organizations must comply with TX-RAMP requirements?

  • TX-RAMP requirements apply to state agencies, institutions of higher education, and public community colleges (Texas Government Code 2054.003 (13).
  • Agencies need to comply with the statutory requirements of contracting for cloud services with appropriate certification.
  • Cloud providers need to demonstrate compliance with the security criteria to receive and maintain a certification for a cloud computing service.

Additional TX-RAMP Resources

TX-RAMP Eligibility and Requirements
Learn more about complying with TX-RAMP requirements and eligibility.
TX-RAMP Resources Library
View additional TX-RAMP resources to help you with the submission process.
TX-RAMP Request
Learn more about how to submit a TX-RAMP request.
TX-RAMP Mailing List
Enroll in the TX-RAMP mailing list to receive TX-RAMP email notifications.

TX-RAMP Frequently Asked Questions

If you have questions about TX-RAMP, our FAQs should provide easy to find answers.

TX-RAMP FAQs

Contact DIR

Contact us with any questions related to TX-RAMP.
Information Security
Related Content
Information Security
Security Policy and Planning
TX-RAMP Quick Links
TX-RAMP Manual 2.0
TX-RAMP Certified Cloud Products
TX-RAMP Eligibility and Requirements
TX-RAMP Resources Library
TX-RAMP Request

About File Formats

Some documents on this page are in the PDF format. Please download the Adobe Reader in order to view these documents.