The State of North Dakota and StateRAMP

Learn more about the partnership between the State of North Dakota and StateRAMP and how it benefits you.


·       As of July 1, 2023, North Dakota Information Technology (NDIT) requires a third-party assessment of all North Dakota State Agency vendors hosting and/or transmitting state data. The assessment will be part of the overall IT review for new ND systems and for system renewals.


·       Fast Track Option: Vendors with FedRAMP, StateRAMP, or HITRUST authorization will not be required to complete an NDIT third-party assessment.

North Dakota’s Third-Party Risk Management Program

Why Third-Party Risk?

The State of North Dakota has a moral responsibility to protect citizen data.  Citizens are asked to provide sensitive information to receive various state-administered services.  They cannot go elsewhere to receive supplemental nutrition assistance, fishing license, mental health, or a driver’s license – just a small sample of the various critical and quality of life services North Dakota residents depend on to “Be Legendary”.  NDIT defends citizen data by proactively minimizing risk on the state network, along with cloud systems and applications used to administer services.  One way to do this is to partner with StateRAMP.

What is North Dakota’s Third-Party Risk Management Program?

North Dakota’s Third-Party Risk Management (TPRM) Program ensures potential risks are identified, evaluated, and mitigated when associated with third-party vendors.  TPRM focuses on due diligence activities which provides reasonable assurance that ND citizen data is safeguarded.  The breadth and depth of an assessment is dependent on the type of data a vendor will store and/or transmit based on NDIT’s Data Classification Policy.

StateRAMP is a strategic partner for the State of North Dakota, as vendors who are authorized by StateRAMP are fast-tracked through the NDIT TPRM assessment process.  With StateRAMP, North Dakota’s third-party cloud IT providers ensure:

  • Government’s published cybersecurity policies and met and maintained.
  • Data is stored and processed in a secure environment.
  • A standardized approach to assessing and verifying security controls by an independent, third-party security assessor organization (3PAO).

Additionally, StateRAMP provides continuous monitoring of vendors, which allows our staff to focus on other priorities to reduce risk to our state’s citizens.The key outcomes of TPRM are: 

  • Understand security concerns when selecting a vendor. 
  • Safeguard data to foster an environment of citizen trust. 
  • Mitigate undue risks and costs associated with third-party breaches. 
  • Compliance with legal, privacy, policies, and standards requirements. 
  • Ensure Business Continuity by verifying third-party vendors have effective contingency plans. 
  • Partner with vendors as cybersecurity is a shared responsibility. 

State Bidding Opportunities

Click below to see the list of current government solicitations for the State of North Dakota.

North Dakota Procurement 

Click below to learn more about how to do business with the State.

ND Standards and Guidelines

Click below to view State of North Dakota’s IT Governance program, including Principles, Policies, Standards, Guidelines, and IT Review process.

Contact Information

Click below to review contact information for the State of North Dakota.

StateRAMP Overall Statement

StateRAMP is accepted by North Dakota and other states. Click below to see a list of StateRAMP’s participating governments.

State and Local Government

Contact us and schedule a conversation to get started. For more information about how StateRAMP works with governments, visit our Governments page.


For many service providers, meeting security standards and supplying documentation to governments can be time consuming and costly. StateRAMP allows service providers to leverage their verified IaaS, PaaS, and SaaS solutions across multiple government contracts. Learn more about the benefits and process for service providers, or contact our team to get started.