BackNew Hampshire and StateRAMP

The State of New Hampshire requires that all systems connected to the State Network or process State data meet an acceptable level of security compliance. This includes those systems that operate outside of the state of New Hampshire's direct control, such as Cloud Services defined as Software as a Service (SaaS), Infrastructure as a Service (IaaS) or Platform as a Service (PaaS). To help manage the risk that these external solutions could introduce, New Hampshire has adopted the National Institute of Standards and Technology (NIST) Special Publication (SP) 800-171 as the baseline for security requirements with NIST 800-53 as the source for identifying and implementing specific information technology security controls. This security baseline provides the State of New Hampshire basic requirements to protect citizen data and services. These basic requirements and controls are referenced or described in the State of NH Statewide Information Security Manual (SISM).