North Carolina is taking a major step toward modernizing its digital infrastructure by standardizing security requirements for cloud solutions used by state agencies – a move that reinforces the state’s commitment to safeguarding government data and reducing cyber risks while enabling innovation.
The N.C. Department of Information Technology (NCDIT) has partnered with GovRAMP to adopt a unified security framework for cloud service providers working with executive branch agencies.
The GovRAMP framework establishes consistent, risk-based security requirements so cloud solutions are evaluated against the same high standard for protection, helping minimize risks such as data breaches or ransomware and addressing potential vulnerabilities from third-party tools and solutions.
“This is about more than compliance. It’s about trust and progress,” NCDIT Secretary and State Chief Information Officer Teena Piccione said. “The public expects secure, reliable services. By adopting a consistent approach, we’re not only protecting the state’s digital assets, but we are empowering agencies to more quickly deliver online services for North Carolinians.”
In addition to strengthening security, the GovRAMP partnership supports more streamlined IT procurements, accelerates vendor onboarding and promotes seamless integration across systems — supporting faster deployment of digital services, potential cost efficiencies and greater confidence for the public.
The updated security requirements take effect April 1.
NCDIT and GovRAMP will host webinars for vendors to explain the new standards and provide guidance ahead of implementation. The first vendor webinar is Feb. 26 at 11 a.m. Learn more about upcoming webinars and the new cloud product requirements.
“Cloud security is critical to protecting the systems that serve our communities,” said Leah McGrath, Executive Director of GovRAMP. “By aligning with GovRAMP, North Carolina is reinforcing clear, risk-based requirements that help reduce exposure and protect public services.”
GovRAMP provides a standardized approach to validating cloud security through independent assessments, continuous monitoring and shared best practices. By partnering with GovRAMP, North Carolina joins a growing network of public-sector organizations harmonizing cybersecurity requirements to promote trusted cloud solutions.
“Cybersecurity is a shared responsibility,” said Bernice Russell-Bond, North Carolina’s Chief Information Security Officer. “This partnership builds a stronger foundation for resilience and trust, creating an environment where technology can thrive securely and efficiently.”
About NCDIT
Among its many areas of responsibility, NCDIT leads the state’s efforts to deliver secure, modern and efficient technology services while also securing the state’s data, systems and networks. NCDIT is also responsible for ensuring state IT projects are appropriately procured, delivered and managed. Learn more at it.nc.gov/about.
About GovRAMP
GovRAMP is a nonprofit membership organization dedicated to advancing consistent, trusted cybersecurity practices across state, local, tribal and educational government. Guided by its mission to make cybersecurity easier to understand, implement and maintain, GovRAMP provides a standardized framework, independent validation and community-driven education that help governments adopt secure cloud solutions with confidence while enabling service providers to demonstrate trusted security through clear, evidence-based practices. By bringing together public and private sector partners, GovRAMP supports policy collaboration, strengthens shared assurance and helps build a more resilient cybersecurity ecosystem that protects government services, data, and the communities they serve. Learn more at GovRAMP.org.
###
For more information about the N.C. Department of Information Technology, visit https://it.nc.gov or follow us on X, Instagram, Facebook, LinkedIn, YouTube and Flickr.