Skip to content

How Tanium’s StateRAMP Authorization Helps Public Sector Agencies


With cyberattacks increasing against state and local governments, public sector IT leaders are facing mounting pressure to safeguard sensitive assets, protect confidential data, and secure critical worksites. To meet these ongoing challenges, Tanium Cloud for U.S. Government (TC-USG) has now been authorized by State Risk and Authorized Management Program (StateRAMP) — making it easier for governments to quickly improve asset visibility, control, and threat remediation.

Tanium recently achieved StateRAMP Authorized status after completing a series of rigorous security and system validations. As an Authorized member, Tanium is now an approved StateRAMP cloud service provider in the StateRAMP Marketplace.

Read ahead to learn more about StateRAMP and TC-USG, and how public sector organizations benefit from this exciting development.

What is StateRAMP?

StateRAMP is a registered 501(c)(6) organization that promotes cybersecurity best practices through ongoing policy development and education. The organization standardizes verification to help cloud service providers validate their security posture and demonstrate compliance to government agencies.

Here are a few things to know about StateRAMP:

  • To achieve verification, providers must meet StateRAMP’s strict security requirements and pass an independent audit from a third-party assessment organization.
  • Authorized vendors must have a government sponsor.
  • Providers must agree to continuous monitoring to maintain their verified security status. StateRAMP updates its Authorized Product List daily.

As the name suggests, StateRAMP is modeled after the federal government’s FedRAMP program which serves a similar purpose at the federal level. While they are separate programs, both frameworks assess and authorize CSPs to ensure their security controls meet government standards. Tanium is also listed as In-Process at the moderate impact level on the FedRAMP Marketplace — meaning U.S. government agencies can take advantage of Tanium’s cloud-hosted platform with the peace of mind that it meets the strict security controls outlined by the government while providing IT and operations teams visibility, control and a single source of truth for converged endpoint management through one pane of glass.

State and local organizations are increasingly retiring outdated hardware and software to reduce risk and lower costs. As a result, agencies are racing into the cloud and becoming more distributed. This means the threat surface is expanding by the day with the endpoint serving as the new network perimeter.

This is where Tanium comes into play. TC-USG is a pre-configured Converged Endpoint Management (XEM) platform that gives government agencies full visibility into their IT environment. TC-USG enables organizations to consolidate point-solution capabilities into a single platform delivered through the cloud. This helps agencies reduce risks from cyberattacks and data breaches while also simplifying complexity and lowering costs. TC-USG serves as a single source of truth for all data, while making it possible to manage endpoints from a central location.

With TC-USG, agencies gain direct access to the Tanium XEM platform as a fully managed, cloud-based service that requires no additional infrastructure. The platform spans endpoint management, asset discovery and inventory, certificate management, unified policy configuration, digital employee experience, risk, compliance, and incident response. It also helps to automate security posture and improve efficiency and collaboration among IT, risk, and security teams.

Tanium leads the charge in public sector security

Tanium has emerged as the XEM vendor of choice for government agencies amidst the current public sector cybersecurity crisis. In fact, the company now works with more than 20 U.S. states — including the state of Arizona which is Tanium’s StateRAMP sponsor.

The state of Arizona initially approached Tanium looking to improve visibility into its asset inventory and streamline threat response. Tanium’s highly scalable, enterprise-wide solution can now support all state agencies and serves as a common platform for endpoint management. To date, the state has installed Tanium agents on more than 56% of devices while drastically improving its overall security posture — and it’s just getting started.

“The metrics we’re seeing have us smiling ear-to-ear,” says former CISO Tim Roemer, who also served as the director of the Arizona Department of Homeland Security. “In a single 72-hour push, we were able to patch and remediate more vulnerabilities — almost 90% of known vulnerabilities — than we did in the previous six months combined.”

Tanium is also an active leader in the whole-of-state (WoS) movement, which is an approach that emphasizes partnership across all levels of government, educational institutions, tribal entities, and organizations. The Tanium XEM platform supports a WoS security strategy by validating state and local agencies’ cyber posture with deep visibility throughout all hardware and software assets, risk dashboards, and role-based access controls, while serving as a source of truth for asset data across multiple department levels.

Strengthen your agency’s security posture with Tanium

Without full visibility across all endpoints, public sector agencies are sitting ducks for sophisticated cyberattacks. Government agencies must recognize this threat and take action to improve organizational awareness.

As a StateRAMP Authorized vendor — and the industry’s only XEM provider — Tanium is standing by and ready to help government agencies close the cybersecurity gap.

To learn more about how Tanium protects state and local governments, visit our solutions page.

Tanium Staff

Tanium’s village of experts co-writes as Tanium Staff, sharing their lens on security, IT operations, and other relevant topics across the business and cybersphere.

Tanium Subscription Center

Get Tanium digests straight to your inbox, including the latest thought leadership, industry news and best practices for IT security and operations.