SUPPLEMENTARY INFORMATION:

Background

GSA, in compliance with the FedRAMP Authorization Act of 2022, established the FSCAC, an advisory committee in accordance with the provisions of the Federal Advisory Committee Act, as amended (5 U.S.C. ch. 10). The Federal Risk and Authorization Management Program (FedRAMP) within GSA is responsible for providing a standardized, reusable approach to security assessment and authorization for cloud computing products and services that process unclassified information used by agencies.

The FSCAC will provide advice and recommendations to the Administrator of GSA, the FedRAMP Board, and agencies on technical, financial, programmatic, and operational matters regarding the secure adoption of cloud computing products and services. The FSCAC will ensure effective and ongoing coordination of agency adoption, use, authorization, monitoring, acquisition, and security of cloud computing products and services to enable agency mission and administrative priorities. The purposes of the Committee are:

• To examine the operations of FedRAMP and determine ways that authorization processes can continuously be improved, including the following:

○ Measures to increase agency reuse of FedRAMP authorizations.

○ Proposed actions that can be adopted to reduce the burden, confusion, and cost associated with FedRAMP authorizations for cloud service providers.

○ Measures to increase the number of FedRAMP authorizations for cloud computing products and services offered by small businesses concerns (as defined by section 3(a) of the Small Business Act (15 U.S.C. 632(a)).

○ Proposed actions that can be adopted to reduce the burden and cost of FedRAMP authorizations for agencies.

• Collect information and feedback on agency compliance with, and implementation of, FedRAMP requirements.
• Serve as a forum that facilitates communication and collaboration among the FedRAMP stakeholder community.

The FSCAC will meet no fewer than three (3) times a calendar year. Meetings shall occur as frequently as needed, called, and approved by the DFO. Meetings may be held virtually or in person. Members will serve without compensation and may be allowed travel expenses, including per diem, in accordance with 5 U.S.C. 5703.

The Committee shall be comprised of not more than 15 members who are qualified representatives from the public and private sectors, appointed by the Administrator, in consultation with the Director of OMB, as follows:

i. The GSA Administrator or the GSA Administrator's designee, who shall be the Chair of the Committee.

ii. At least one representative each from the Cybersecurity and Infrastructure Security Agency and the National Institute of Standards and Technology.

iii. At least two officials who serve as the Chief Information Security Officer within an agency, who shall be required to maintain such a position throughout the duration of their service on the Committee.

iv. At least one official serving as Chief Procurement Officer (or equivalent) in an agency, who shall be required to maintain such a position throughout the duration of their service on the Committee.

v. At least one individual representing an independent assessment organization.

vi. At least five representatives from unique businesses that primarily provide cloud computing services or products, including at least two representatives from a small business (as defined by section 3(a) of the Small Business Act (15 U.S.C. 632(a))).

vii. At least two other representatives from the Federal Government as the Administrator determines to be necessary to provide sufficient balance, insights, or expertise to the Committee.

Each member shall be appointed for a term of three (3) years, except the initial terms, which were staggered into one (1), two (2) or three (3) year terms to establish a rotation in which one third of the members are selected. No member shall be appointed for more than two (2) consecutive terms nor shall any member serve for more than six (6) consecutive years. GSA values opportunities to increase diversity, equity, inclusion and accessibility on its federal advisory committees.

Members will be designated as Regular Government Employees (RGEs) or Representative members as appropriate and consistent with Section 3616(d) of the FedRAMP Authorization Act of 2022. GSA's Office of General Counsel will assist the Designated Federal Officer (DFO) to determine the advisory committee member designations. Representatives are members selected to represent a specific point of view held by a particular group, organization, or association. Members who are full time or permanent part-time Federal civilian officers or employees shall be appointed to serve as Regular Government Employee (RGE) members. In accordance with OMB Final Guidance published in the Federal Register on October 5, 2011 and revised on August 13, 2014, federally registered lobbyists may not serve on the Committee in an individual capacity to provide their own individual best judgment and expertise, such as RGEs members. This ban does not apply to lobbyists appointed to provide the Committee with the views of a particular group, organization, or association, such as Representative members.

Applications

Applications are being accepted to fill the remaining term of one (1) vacant seat as an RGE member and to fill two (2) seats with upcoming expiring terms as Representative members.

One (1) seat for an official who serves as the Chief Information Security Officer within an agency, who shall be required to maintain such a position throughout the duration of their service on the Committee, will be appointed to serve for the remainder of the vacant term, scheduled to end on May 14, 2026.

One (1) seat for a representative of a unique business that primarily provides cloud computing products or services will be appointed for a three year term. ( print page 653)

One (1) seat for a representative of an independent assessment service will be appointed for a three year term.

Applications for membership on the Committee will be accepted until 5 p.m. eastern standard time on Monday, January 20, 2025.

There are two parts to submitting an application. First, complete the information requested via this electronic form https://forms.gle/​Aezt29xYzqy7Q4gv5. Next, email your CV or resume and a letter of endorsement from your organization or organization's leadership, endorsing you to represent your company, in .PDF format to fscac@gsa.gov with the subject line: FSCAC APPLICATION—[Applicant Name]. The letter of endorsement must come from your organization or organization's leadership. If you are the CEO, then it must come from another member of the executive team of your organization, as you cannot endorse yourself. The letter must be signed and specifically state that you are authorized to apply to FSCAC as a representative of your organization.

Applications that do not include the completion of the above instructions will not be considered.

Letters of Recommendation may also be submitted if desired by the applicant; however, please note they may or may not have an impact on final appointments and are not required for an application to be considered.