Security PSA: TX-RAMP, NIST, and Compliance

Security PSA: TX-RAMP, NIST, and Compliance

PSA: Reclaim Hosting is provisionally compliant with the TX-RAMP standard until 11/13/2025 while pursuing full compliance. The TX-RAMP standard, which is based off of State-RAMP, Fed-RAMP, and NIST 800-53 rev 5 is a standardized approach for security assessment, certification, and continuous monitoring of cloud computing services for state organizations within Texas.

As a by-product of our provisional compliance and current audit for full compliance, Reclaim Hosting has become compliant (excluding controls that do not apply to Reclaim) with all level 1 control families within NIST 800-53 rev 5, pending third-party assessment. This is part of a on-going project to secure our servers and make sure our clients data is protected. Some highlights from this project are below:

  • Updates to separation of duties, defense in depth, and access control company-wide
  • Revamp of the risk management process to support the guidelines listed within NIST 800-53 rev 5
  • Establishment of baseline configurations that can be used for annual third-party penetration testing going forward
  • Change management and configuration management updates to support better documentation and task-tracking company-wide
  • Revamp of the incident response process for closer alignment with the NIST Incident Response Framework
  • Updates to active monitoring, vulnerability scanning, log collection, log storage, and file integrity monitoring using a customized open-source SIEM solution
  • Updates to server orchestration and automation workflows

These are a few of the larger highlights that came out of the compliance process, but there are many, many more that were not mentioned here. I am very excited with the progress Reclaim has made over the last year in our cybersecurity department, and even more excited with where we are headed in the future!

If you are a Domain of One's Own or Managed Hosting client and would like more detailed information about our ongoing compliance process and system security plan, please reach out to us at