Vendor Readiness Assessment Report for Non-State Hosted Solutions

This document is a Vendor Readiness Assessment Report (VRAR) aimed at State agencies in North Carolina. It outlines the security compliance requirements for systems that connect to the State Network or process State data, specifically those not hosted on State infrastructure. The report emphasizes the necessity for compliance with the National Institute of Standards and Technology (NIST) Special Publication 800-53, which serves as the foundation for implementing information technology security controls. The document details the purpose of the assessment, which is to enable agencies to make informed decisions regarding vendors' security capabilities. It also specifies that submission of the report does not guarantee a state-ready designation or procurement of services. The VRAR is structured to present both objective security requirements and subjective information to facilitate a comprehensive understanding of vendor capabilities, ensuring that state mandates and requirements are met.