Framework

StateRAMP / GovRAMP Baseline Controls for Authorization (Authorized Low & Moderate) --- StateRAMP Authorized Baseline Requirements (Aligned to NIST SP 800-53 Rev. 5) Mapping and Exports

Use StateRAMP / GovRAMP Baseline Controls for Authorization (Authorized Low & Moderate) --- StateRAMP Authorized Baseline Requirements (Aligned to NIST SP 800-53 Rev. 5) as a structured way to organize controls and evidence. Export a mapping snapshot and evidence bundle when a reviewer needs traceability.

Get a 15-Minute Walkthrough View a Sample Reviewer Export

What This Covers

What This Covers

Framework Summary

Baseline security controls for GovRAMP/StateRAMP Authorization aligned to NIST SP 800-53 Rev. 5. Includes Authorized Low Impact (153 controls) and Authorized Moderate Impact (319 controls).

Catalog Entry
Type: Framework
Publisher: GovRAMP (formerly StateRAMP)
Versions: 1
Coverage (Representative Version)
Requirements
472
Mapped Controls
77
Evidence Specs
192
Automation Tests
251
Exports
  • Mapping snapshot (PDF)
  • Reviewer-ready export (PDF/ZIP)
  • Evidence bundle (ZIP)
  • Coverage verdict report (where enabled)
Plan Note

Framework availability and the number of active frameworks varies by plan. See Plan Limits.

Notes

StateRAMP Authorized baseline requirements (Low and Moderate impact) aligned to NIST SP 800-53 Rev. 5, sourced from the official StateRAMP Baseline Requirements for Authorized workbook.

Versions

Supported Versions and Coverage Stats

Aurora's catalog can include multiple published versions of a standard or regulation. Select the version that matches your reviewer request.

Authorized Baseline (Low and Moderate)
2.0 (NIST SP 800-53 Rev. 5 aligned baseline; Authorized – Low & Moderate)
View Source
Requirements
472
Mapped controls
77
Evidence specs
192
Automation tests
251

How It Works

How Aurora Uses StateRAMP / GovRAMP Baseline Controls for Authorization (Authorized Low & Moderate) --- StateRAMP Authorized Baseline Requirements (Aligned to NIST SP 800-53 Rev. 5)

Map requirements to controls once, reuse mapping across reviews, attach evidence and policies, and export traceability on demand.

Scope and Control Mapping
  • Map requirements to Aurora controls
  • Assign owners and approval gates
  • Keep decisions tied to exports
Evidence and Freshness
  • Attach artifacts to controls and answers
  • Track capture dates and expiration
  • Export evidence bundles with clear source details
Reviewer-Ready Exports
  • Generate reviewer-ready exports and evidence bundles
  • Produce point-in-time snapshots for audit windows
  • Keep citations attached so reviewers can verify
Controlled Sharing
  • Share curated artifacts through a Trust Center
  • Gate access with tier rules and agreements
  • Export access logs for audit trails

Next Step

See How This Maps to Your Next Reviewer Request

Use Exports to Align on Scope
Start with the deliverable reviewers accept, then map backward to the controls and evidence you need.
Bring One Request, Get a Plan
We will map the shortest path: required controls, evidence objects, integrations, and the export format reviewers expect.
Get a 15-Minute Walkthrough

FAQ

StateRAMP / GovRAMP Baseline Controls for Authorization (Authorized Low & Moderate) --- StateRAMP Authorized Baseline Requirements (Aligned to NIST SP 800-53 Rev. 5) Questions

Can We Use This Framework Alongside Another One?
Yes, by plan. Many teams maintain one baseline and reuse evidence across frameworks.
Do You Provide an Auditor Opinion?
No. Aurora provides exports and traceability. Auditors and assessors remain independent.
Next step
Want a Mapping Snapshot for StateRAMP / GovRAMP Baseline Controls for Authorization (Authorized Low & Moderate) --- StateRAMP Authorized Baseline Requirements (Aligned to NIST SP 800-53 Rev. 5)?
Bring one reviewer ask. We’ll show the export format and what’s already ready from your current evidence.
Get a 15-Minute Walkthrough View a Sample Reviewer Export
No obligation. We respond within one business day. We will show a sample reviewer-ready export.