BackAlabama and StateRAMP

Alabama recently consolidated some of its acquisitions processes under Alabama Code 2021-296, requiring that most procurement activities be centralized at the Alabama Chief Procurement Ofice (CPO). Agency management has been tasked with incorporating security requirements in contract documents and statements of work, ensuring that information security requirements are not only acknowledged but integral to the service provider's responsibilities. It is Alabama's objective to maintain the integrity of State-managed networks and systems, obliging service providers to configure their systems and software to align with information security policies and standards published by NIST. The Invitation to Bid (ITB) is a document used by agencies to procure IT goods and services through the competitive bidding process of State Purchasing. The ITB sets the minimum specifications for the product or service and establishes the qualifications that a vendor must meet in order to bid. Organizations seeking to competitively bid may encounter requirements to comply with StateRAMP.

Alabama policies require that acquisition contracts and solicitation documents for information systems and services include, either explicitly or by reference, security requirements that describe:
  • Required security capabilities and/or controls.
  • Required design and development processes.
  • Required test and evaluation procedures.
  • Required documentation.