Office of Research and Innovation

Research Compliance

TX-RAMP / FED-RAMP


Texas Risk and Authorization Management Program (TX-RAMP)

In the 87th Legislative Session, the Texas Legislature passed Senate Bill 475, requiring the Texas Department of Information Resources (DIR) to establish a state risk and authorization management program that provides “a standardized approach for security assessment, authorization, and continuous monitoring of cloud computing services that process the data of a state agency.” To comply, DIR established a framework for collecting information about cloud services security posture and assessing responses for compliance with required controls and documentation. Texas Government Code 2054.0593 mandates that state agencies as defined by Texas Government Code 2054.003(13) must only enter or renew contracts to receive cloud computing services that comply with TX-RAMP requirements beginning January 1, 2022.  Learn more about TX-RAMP

Texas Risk and Authorization Management Program (TX-RAMP) is a data security certification requirement for cloud computing services.

Level 1 January 1, 2023 for public/non-confidential data
Level 2 January 1, 2022 for confidential/regulated data

  • Public/non-confidential data stored in the Cloud (Level 1)
  • Confidential/regulated data stored in the Cloud (Level 2)

The Federal Risk and Authorization Management Program (FedRAMP) is a government-wide program that promotes the adoption of secure cloud services across the federal government by providing a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services. FedRAMP empowers agencies to use modern cloud technologies, with an emphasis on security and protection of federal information.

Yes, FedRAMP is mandatory for all executive agency cloud deployments and service models at the Low, Moderate, and High risk impact levels. Please refer to the FedRAMP Policy memo for further information pertaining to FedRAMP’s applicability.

All official FedRAMP documentation is maintained on FedRAMP.gov. Opportunities for large-scale public comment periods will be messaged via a number of channels and methods, including the FedRAMP.gov website, "Focus on FedRAMP" blog, or by subscribing to FedRAMP email updates.