City of Arlington, TX
About the Program
What is GovRAMP?
GovRAMP is a standardized cybersecurity framework designed to enhance the security of cloud services used by state and local governments, tribal nations, and educational institutions. Modeled after FedRAMP, GovRAMP utilizes NIST 800-53 controls to ensure that cloud solutions meet stringent security requirements.
Why the City of Arlington, TX Joined GovRAMP
By participating in GovRAMP, the City of Arlington leverages third-party verification to protect sensitive data and uphold public trust. Through adherence to industry-standardized controls, Arlington streamlines cloud service procurement and accelerates vendor onboarding. Standardizing security requirements eliminates redundant audits and reduces costs and administrative effort for both the City and its technology partners.
Safeguarding critical infrastructure is a top priority for Arlington’s cybersecurity strategy. Robust GovRAMP controls help protect essential services.
Equally important is the protection of community data, ensuring privacy and maintaining the integrity of digital records strengthens trust between the City and its constituents. By embracing GovRAMP, Arlington demonstrates its commitment to operational efficiency, vendor collaboration, and the resilience of its essential services.
Value to the City of Arlington
Enhanced Security: GovRAMP provides Arlington with a multi-level framework to secure cloud services, reducing the risk of cyber threats and data breaches.
Efficient Procurement: With GovRAMP’s standardized security requirements, Arlington can streamline the procurement process for cloud services, ensuring that vendors meet high-security standards without redundant assessments.
Cost Savings: By adopting GovRAMP, Arlington can avoid the costs associated with multiple security assessments, as the framework allows for transferable credentials across different government sectors.
Value to Citizens of Arlington, TX
Data Protection: Citizens can feel confident that their personal information is safeguarded against cyber threats, thanks to the stringent security measures implemented through GovRAMP.
Improved Services: With secure and efficient cloud solutions, Arlington can enhance the delivery of public services, making them more reliable and accessible to residents.
Trust and Transparency: Participation in GovRAMP demonstrates Arlington’s commitment to cybersecurity and transparency, fostering greater trust between the government and its citizens
Learn more about GovRAMP on govramp.org.
The City determines a vendor’s compliance with its cloud‐security standard by evaluating each product against the following requirements and processes:
Scope and Applicability
Any “cloud service,” whether IaaS, PaaS, SaaS, hosted products, or even on-premises hardware with a cloud component, must hold either GovRAMP Core or TX-RAMP Level 2 certification.
Certification Timelines
- New Services (Initial Procurements): Certification must be in place on or before the date the starts using the cloud service.
- Renewals: For existing services, the vendor has a 180-day window to achieve the requisite certification.
Preference for GovRAMP
While TX-RAMP Level 2 also meets baseline requirements, the City will favor products that carry GovRAMP Core certification when evaluating and selecting cloud products.
Exemption Process
If a vendor believes a given product neither processes Confidential data nor is mission-critical, it may submit a written exemption request to the City’s Information Security and Privacy Office at security@arlingtontx.gov. The City’s Chief Information Security Officer, or delegate, will review and must approve or deny that request within 15 business days of receipt.
Continuous Monitoring
Products leveraging GovRAMP status must remain in good standing. Vendors must grant the City, and its auditors, visibility into their continuous monitoring artifacts via the GovRAMP portal.
Non-Compliance, Notification, and Cure
The City considers a product “Non-Compliant” if the vendor fails to:
- Obtain the required certification; or
- Maintain that certification thereafter.
Upon detecting Non-Compliance, the City will issue a written notice outlining the specific deficiencies and corrective steps required. The vendor then has a 30-day “Cure Period” to restore compliance. If more time is needed, the vendor may request an extension in writing before the Cure Period expires; any extension is granted solely at the City Chief Information Security Officer’s discretion.
GovRAMP enables service providers to become authorized through a sequence of steps that are streamlined and can translate across participating states and local jurisdictions to reduce redundancy and improve efficiency.
The City of Arlington currently accepts GovRAMP Core status or above. To access the Getting Started Guide for Providers, click here.
GovRAMP Office Hours
Please join GovRAMP staff on the first Wednesday of every month from 2:30 pm – 3:00 pm Eastern for Office Hours! This is an open forum for Service Providers, 3PAOs, State and local governments, and higher education institutions to ask questions to GovRAMP staff. For more information on office hours, please visit GovRAMP Event Information.
Bidding Opportunities
Click below to see the list of current solicitations for the City of Arlington.
GovRAMP Templates & Resources for Providers
Click below for additional guidance on the validation process and requirements.
Contact Information
For additional information on the City of Arlington, please visit the links above for information.
For suppliers interested on how to get started with the GovRAMP process, please visit StateRAMP for Service Providers – GovRAMP
Other Participating Governments
GovRAMP is accepted by the City of Arlington, as well as other cities and states. Click below to see a list of GovRAMP’s participating governments.
State and Local Government
Contact us and schedule a conversation to get started. For more information about how GovRAMP works with governments, visit our Governments page.
Providers
For many service providers, meeting security standards and supplying documentation to governments can be time consuming and costly. GovRAMP allows service providers to leverage their verified IaaS, PaaS, and SaaS solutions across multiple government contracts. Learn more about the benefits and process for service providers, or contact our team to get started.