GovRamp Adoption

As part of our ongoing commitment to safeguard government data and reducing cyber risks, the State of North Carolina has partnered with GovRAMP to ensure that all cloud services used by executive branch agencies meet rigorous standards for confidentiality, integrity and availability of state data.

GovRAMP is a nonprofit program that provides a unified security framework for government cloud adoption, based on National Institute of Technology and Standards (NIST) 800-53 (Rev 5).

By leveraging GovRAMP’s standardized approach to authorization and continuous monitoring, North Carolina aims to streamline procurement, reduce duplicative security assessments and mitigate cyber risks.

New Cloud Product Requirements

Effective April 1, 2026

  • All new contracts containing a cloud component must meet GovRAMP Core status, with higher levels required for sensitive data.
  • The N.C. Department of Information Technology will provide an “on-ramp” period to allow vendors time to achieve the required status under the contract. Exact details on the requirements for each contract will be outlined in the purchasing mechanism or associated contract.

Effective April 1, 2027

  • Full compliance will be mandatory without exception for all contracts containing a cloud component without an “on-ramp.”
  • Existing contracts will need to align with GovRAMP standards upon renewal or new solicitation.

Learn More About the Requirements

Access the Full Policy Document

Upcoming Webinars

To support State of North Carolina agencies as well as vendors, the N.C. Department of Information Technology will host webinars explaining GovRAMP processes, verification pathways and alignment with state security expectations.

 

Agency Webinars

  • Wednesday, Feb. 18, 2026 - 3-4 p.m. | Register

Vendor Webinars

  • Thursday, Feb. 26, 2026 - 11 a.m. to noon | Register

Vendor Resources

GovRAMP Resources

NCDIT Resources

Off