Texas Risk and Authorization Management Program (TX-RAMP)

Please note that we are experiencing some issues with the publishing of all certified cloud services. We are working to resolve the issue as soon as possible.

Certifications that were previously included in the list but have fallen off the list are most likely due to the report publishing issues and have not lost certification. Please refer to the PDF copy of the certification or SPECTRIM users can search for a product within the portal.

If you need to verify a certification not included in the list, please send an email to [email protected] and include the unique TX-RAMP Certification ID, Cloud Provider Name, Cloud Service Name, and any relevant details. We will attempt to address all inquiries in a timely manner, but anticipate the issue being resolved in the near future.

TX-RAMP Certified Cloud Products

Access the latest list of cloud computing services certified through TX-RAMP.

Overview of TX-RAMP

In the 87th Legislative Session, the Texas Legislature passed Senate Bill 475, requiring the Texas Department of Information Resources (DIR) to establish a state risk and authorization management program that provides “a standardized approach for security assessment, authorization, and continuous monitoring of cloud computing services that process the data of a state agency.”  To comply, DIR established a framework for collecting information about cloud services security posture and assessing responses for compliance with required controls and documentation. Texas Government Code 2054.0593 mandates that state agencies as defined by Texas Government Code 2054.003(13) must only enter or renew contracts to receive cloud computing services that comply with TX-RAMP requirements beginning January 1, 2022.

When does it take effect?

• Cloud offerings subject to TX-RAMP Level 1 certification must obtain a TX-RAMP certification to contract with state agencies or institutions of higher education and public community colleges on or after January 1, 2024.
• Cloud offerings subject to TX-RAMP Level 2 certification must obtain a TX-RAMP certification to contract with state agencies or institutions of higher education and public community colleges on or after January 1, 2022.
• Cloud offerings that obtain TX-RAMP Provisional Status must obtain a TX-RAMP certification (or equivalent StateRAMP/FedRAMP authorization) within 18 months from the date that Provisional Status is conferred as reflected in DIR’s files.

Which organizations must comply with TX-RAMP requirements?

• TX-RAMP requirements apply to state agencies, institutions of higher education, and public community colleges (Texas Government Code 2054.003 (13).
• Agencies need to comply with the statutory requirements of contracting for cloud services with appropriate certification.
• Cloud providers need to demonstrate compliance with the security criteria to receive and maintain a certification for a cloud computing service.