Your browser does not support JavaScript!


COV Ramp

ramp, cov grade icon

COV Ramp is part of COV Grade, which is a brand family that signifies the Commonwealth of Virginia’s seal of approval for IT products, services and solutions.

COV Grade indicates the highest level of modernization, security and environmental readiness available for Virginia customers. COV Grade will simplify the process for state agencies to make IT decisions and purchases, and enable IT customers to utilize safe, compliant and consistent resources.

COV Ramp Frequently Asked Questions (FAQs)

Please view the frequently asked question (FAQs) on COV Ramp below.

For more information please email the enterprise services mailbox at

To order the service, please visit the cloud service assessment catalog form.

Top 10 questions related to the COV RAMP assessment process

Does “application name” require COV Ramp?

Yes, If it is storing, processing or transmitting COV data. Also, if the data is “sensitive” for integrity or availability. Each use case is different and you may need to submit your use case for evaluation

Review the COV RAMP applicability guidelines knowledge base article (KBA) on the VITA service portal.

How do I know if an application has already been through the COV Ramp process?

You can find the approved list by visiting our COV Ramp Applications page.

Where do I get the assessment form?

Who should complete the assessment form?

The Vendor/Supplier is to complete the form.

The Vendor/Supplier should provide the requested supporting documentation (this helps expedite the process).

If an application is already approved, what do I do next?

If you would like to procure the application, you will need to send an email to the Enterprise Services mailbox and request a copy of the Approval email.

  • Once you receive the email, you must file the applicable security exceptions and submit a request for Oversight, which will start the process for the completion of the Cloud Terms and Conditions.

Do I have to submit for oversight if the application has already been approved?

Yes. Each Agency must complete the required security exceptions and cloud terms and conditions prior to purchasing.

How do I submit a request for oversight?

Instructions on how to submit a request for oversight knowledge base article (KBA) can be found on the VITA service portal.

How do I submit a security exception?

Security exceptions need to be sent to

How long does the process usually take?

The process is dependent on the Vendor providing expedient responses to the request and the required documentation.

  • The assessment process usually takes between 25 to 50 days to complete.

Please note: If the required documentation is provided at the time of submission, the process goes more quickly.

The supplier will not complete the form without signing an NDA, what do I do?

VITA has a pre-approved NDA completed for COV Ramp assessments for the vendors/suppliers.