Your InfoSec Governance Operating System
Portal Login
Framework

StateRAMP / GovRAMP Baseline Controls for Authorization (Authorized Low & Moderate) --- StateRAMP Authorized Baseline Requirements (Aligned to NIST SP 800-53 Rev. 5)

Baseline security controls for GovRAMP/StateRAMP Authorization aligned to NIST SP 800-53 Rev. 5. Includes Authorized Low Impact (153 controls) and Authorized Moderate Impact (319 controls).

View sample proof pack Request a demo
Access controls
Roles, approvals, and audit trails
Scoped credentials
Least-privilege access where supported
Access logging
Export and sharing audit trails
Encryption
At rest and in transit

Summary

Framework mapping summary

Catalog entry
Type: Framework
Publisher: GovRAMP (formerly StateRAMP)
Versions: 1
Coverage (representative version)
Requirements
472
Mapped controls
77
Evidence specs
190
Automation tests
16
Notes

StateRAMP Authorized baseline requirements (Low and Moderate impact) aligned to NIST SP 800-53 Rev. 5, sourced from the official StateRAMP Baseline Requirements for Authorized workbook.

Versions

Supported versions and coverage stats

Aurora's catalog can include multiple published versions of a standard or regulation. Select the version that matches your reviewer request.

Authorized Baseline (Low and Moderate)
2.0 (NIST SP 800-53 Rev. 5 aligned baseline; Authorized – Low & Moderate)
View source
Requirements
472
Mapped controls
77
Evidence specs
190
Automation tests
16

Exports

Framework mapping is only useful when it produces proof.

Aurora uses framework mappings to scope work, attach evidence, and export reviewer-ready deliverables.

Scope and control mapping
  • Map requirements to Aurora controls
  • Assign owners and approval gates
  • Keep decisions tied to exports
Evidence and freshness
  • Attach artifacts to controls and answers
  • Track capture dates and expiration
  • Export binder-ready folders with provenance
Reviewer-ready exports
  • Generate proof packs and binder exports
  • Produce point-in-time snapshots for assessment windows
  • Keep citations attached so reviewers can verify
Controlled sharing
  • Share curated artifacts through a Trust Center
  • Gate access with tier rules and agreements
  • Export access logs for audit trails

Next step

See how this maps to your next reviewer request

Use exports to align on scope
Start with the deliverable reviewers accept, then map backward to the controls and evidence you need.
Bring one request, get a plan
We will map the shortest path: required controls, evidence objects, integrations, and the export format reviewers expect.
Request a demo

FAQ

FAQ

Does this mean Aurora certifies us?
No. Aurora helps you map requirements to controls and export proof. Certification decisions remain with your auditors and certification bodies.
Can we run multiple frameworks in one system?
Yes. Aurora is designed for reusable control mapping and evidence so you can expand without redoing work.
Can we start without integrations?
Yes. Manual uploads and mapping work on day one, and you can add connectors on your schedule.
Next step
Want a proof pack for your framework?
View the export formats first, then we will map the shortest path to reviewer-ready proof.
View sample proof packRequest a demo
Have a deadline? Tell us. We can prioritize export-ready proof.