TWU Information Security can no longer submit a Provisional Certification request on a cloud service provider's behalf. However, ITS will still perform internal risk assessments for cloud providers.
The reason for the change is that effective Dec. 1, 2022, state agencies could no longer request or sponsor a cloud service provider’s application for Provisional Certification. The process must be initiated by the cloud service provider, which may request an assessment for their cloud service(s) through the TX-RAMP Assessment Request form.
Additional changes to the Provisional Certification process include:
- Removes Jan. 1, 2023, deadline for Provisional Certification requests
- Third-party audit/assessment requirement is replaced with an Acknowledgement and Inventory questionnaire completed by the cloud service provider
- Provisional Certification granted after completing Acknowledgement and Inventory questionnaire
- Incorporates an extension process
- Changes agency-sponsored Provisional Certification to Interim Provisional Certification, which is good for only 60 days. TWU Information Security may exercise this only for "urgent" requests, yet DIR is not responsible for approving these requests quickly.
More details regarding the updated TX-RAMP Manual can be found at https://dir.texas.gov/information-security/texas-risk-and-authorization-management-program-tx-ramp.
For questions related to how certifications may affect the length of the procurement process, email firstname.lastname@example.org.