Why did your organization become a StateRAMP member? 

Butterfly Network became a StateRAMP member because we recognized the significant value it brings to standardizing and reinforcing our cybersecurity framework. StateRAMP’s alignment with NIST 800-53 (Rev-5) provides a comprehensive set of controls that help us elevate our security posture and communicate our commitment to security maturity, not only to our state (SLED) customers but also to other sectors. This membership underscores our dedication to rigorous security standards and supports our mission of safeguarding sensitive data across diverse client needs. 

What advice do you have for other providers progressing through the StateRAMP process? 

Starting early is key to succeeding in the StateRAMP journey. Allocate sufficient time and resources to create detailed proof artifacts and strong narrative documentation. These will support your 3PAO in conducting a thorough and effective evaluation of your organization. A well-planned preparation allows for a smoother process and helps your team present a comprehensive security approach that meets StateRAMP’s high standards. 

How do you stay up to date with the evolving cybersecurity landscape? 

We leverage the NIST 800-53 (Rev-5) Framework, which is robust and adaptable, to guide our security practices across all aspects of cybersecurity. Additionally, our diverse Cybersecurity Committee brings together professionals from various fields and backgrounds to regularly assess and discuss changes in the cybersecurity landscape. This collaborative approach enables us to remain agile and proactive, responding to emerging threats and adapting our security strategies as needed. 

How has StateRAMP benefited your organization so far? 

StateRAMP membership has provided Butterfly Network, Inc. with a structured pathway to assess and elevate our cybersecurity practices comprehensively. Being part of the Snapshot/Ready program has enabled us to work closely with our StateRAMP partners, allowing for continuous feedback and validation of our security efforts. These interactions have been instrumental in ensuring our team’s alignment with StateRAMP’s maturity expectations. 

Please share any specific lessons learned from your StateRAMP journey. 

A crucial lesson we learned was the importance of approaching each control with thoroughness and clarity. It’s essential to develop a precise understanding of each requirement and to create proof artifacts that fully meet these standards. Clear, unambiguous narratives make a difference in demonstrating compliance effectively. This careful attention to detail minimizes ambiguity and strengthens our documentation and overall assessment readiness. 

What cybersecurity-related events, conferences, or webinars do you recommend for industry professionals? 

We highly recommend attending StateRAMP events and webinars. These gatherings provide valuable insights, updates on best practices, and access to a network of industry professionals who share a common goal of strengthening cybersecurity in the public sector. Participating in these events can be instrumental in staying informed and connected within the StateRAMP community. 

How can other members or organizations collaborate with your company on cybersecurity projects? 

Our experience with the StateRAMP Progressing Snapshot program has been excellent. We’ve partnered with A-LIGN, a reputable 3PAO and StateRAMP Champion member, to conduct our assessment. Additionally, the direct access we’ve had to the StateRAMP PMO team through this program has been incredibly helpful. This collaboration has allowed us to gain insights, align expectations, and take proactive steps toward successful certification. We welcome opportunities for collaboration with other members, especially those interested in shared learning and support within the cybersecurity field. 

Is there anything else you would like to share with the StateRAMP community or the broader cybersecurity community? 

For organizations new to StateRAMP, we highly recommend joining the Snapshot program as an initial step. It provides valuable guidance and support as members work toward full certification readiness. The insights gained through this program are invaluable and offer a solid foundation for advancing your organization’s security practices within the StateRAMP framework. 

Company Description 

Butterfly Network, Inc. is an innovative digital health company transforming care through a unique combination of portable, semiconductor-based ultrasound technology, software, services and educational offerings that can make medical imaging more accessible than ever before. Butterfly’s solution enables the practical application of ultrasound information into the clinical workflow through affordable hardware that fits in a healthcare professional’s pocket and is paired with cloud-connected software that’s easily accessed through a mobile application.

Butterfly created the world’s first handheld single-probe, whole-body ultrasound system using semiconductor technology, Butterfly iQ. The company has continued to innovate, leveraging the benefits of Moore’s Law, to launch its second-generation Butterfly iQ+ in 2020, and third generation iQ3 in 2024 – each with increased processing power and performance enhancements. The disruptive technology has been recognized by TIME’s Best Inventions, Fast Company’s World Changing Ideas, CNBC Disruptor 50, and MedTech Breakthrough Awards, among other accolades.

The Company is also helping streamline and optimize deployment of ultrasound at scale across hospital systems with its Compass™ software that integrates into health system infrastructures and connects across all departments and specialties. With this comprehensive portable ultrasound solution, protected by a robust intellectual property portfolio, Butterfly is on a mission to democratize healthcare by increasing access and use of ultrasound information wherever care is being delivered – whether a large healthcare system, a rural clinic, a global conflict zone or beyond.