StateRAMP Compliance

StateRAMP Updates

We are pleased to announce Jamf has attained StateRAMP Ready status for Jamf Pro and Jamf School. These efforts demonstrate our continued dedication to meeting the highest security standards in how we protect our customer’s data.

What is StateRAMP?

The State Risk and Authorization Program (StateRAMP) provides state and local governments a standardized approach to ensure the cloud service suppliers they are working with meet the required cybersecurity standards. StateRAMP is designed to be a “do once, apply many times” framework that reduces duplicative efforts and creates cost efficiencies. StateRAMP maintains an Authorized Product List which lists products that have achieved a security status and those products going through the process.

Benefits of StateRAMP

  • Helps state and local governments protect data.
  • Creates cost, time and resource savings with a "do once, apply many times” framework.
  • Creates consistency by leveraging an existing security model.
  • Promotes education and best practices in cybersecurity.
  • Builds and fosters transparency and partnerships between government and cloud service providers.

StateRAMP Requirements

StateRAMP control requirements are based off the National Institute of Standards and Technology (NIST) Special Publication 800-53 Revision 4. These controls address all major known security risks for information systems and cloud systems.

To learn more about StateRAMP control requirements, please refer to the StateRAMP Frequently Asked Questions and StateRAMP Templates and Resources pages.

StateRAMP Statuses

To obtain Verified Status, a Cloud Service Provider must meet minimum control requirements and pass an independent audit performed by a third party assessing organization. Obtaining Ready Status means that Jamf meets minimum control requirements. Provisional status is achieved once an organization exceeds minimum requirements and includes a government sponsor. Once an organization meets all StateRAMP control requirements, Authorized status is granted.

At this time, Jamf has attained the Ready designation from StateRAMP. We expect to obtain Provisional and Authorized status in the next 12 months.

Diagram shows: Progressing offerings Pending | In process | Active Verified offerings Ready | Provisional | Authorized

Services in Scope

Jamf has attained StateRAMP Ready status for both Jamf Pro and Jamf School. These statuses can be validated by viewing the StateRAMP Authorized Product List.

Services Risk Summary

While all necessary services are included in the StateRAMP offerings, some optional internal services are not included in the scope of testing. For these services, we have gathered the necessary information for you to make a risk acceptance decision.

Learn more. >>


The Texas Risk and Authorization Management Program (TX-RAMP) is a state-specific program that provides validation of security measures taken by cloud services providers that serve Texas state agencies. The program is established and managed by the Texas Department of Information Resources (DIR).

Cloud service providers that have attained StateRAMP Ready or Authorized status are automatically granted TX-RAMP certification. The Texas DIR maintains a list of certified cloud products that includes products that have been certified through the TX-RAMP program.