SUPPLEMENTARY INFORMATION:

Background

GSA, in compliance with the FedRAMP Authorization Act of 2022 (the Act), established the FSCAC, a statutory advisory committee in accordance with the provisions of FACA, as amended (5 U.S.C. 10). The Federal Risk and Authorization Management Program (FedRAMP) within GSA is responsible for providing a standardized, reusable approach to security assessment and authorization for cloud computing products and services that process unclassified information used by agencies.

The FSCAC will provide advice and recommendations to the Administrator of GSA, the FedRAMP Board, and agencies on technical, financial, programmatic, and operational matters regarding the secure adoption of cloud computing products and services. The FSCAC will ensure effective and ongoing coordination of agency adoption, use, authorization, monitoring, acquisition, and security of cloud computing products and services to enable agency mission and administrative priorities. The purposes of the Committee are:

• To examine the operations of FedRAMP and determine ways that authorization processes can continuously be improved, including the following:

○ Measures to increase agency reuse of FedRAMP authorizations.

○ Proposed actions that can be adopted to reduce the burden, confusion, and cost associated with FedRAMP authorizations for cloud service providers.

○ Measures to increase the number of FedRAMP authorizations for cloud computing products and services offered by small businesses concerns (as defined by section 3(a) of the Small Business Act (15 U.S.C. 632(a)).

○ Proposed actions that can be adopted to reduce the burden and cost of FedRAMP authorizations for agencies.

• Collect information and feedback on agency compliance with, and implementation of, FedRAMP requirements.
• Serve as a forum that facilitates communication and collaboration among the FedRAMP stakeholder community.

The FSCAC will meet no fewer than three (3) times a calendar year. Meetings shall occur as frequently as needed, called, and approved by the DFO.

Purpose of the Meeting and Agenda

The September 12, 2024 public meeting will be dedicated to providing the Committee with additional information pertinent to their new initiatives. Presentations may be held on the Office of Management and Budget's (OMB) Memorandum titled “Modernizing the Federal Risk Authorization Management Program (FedRAMP)” (OMB Memo), and several panel discussions by both industry and agencies will be held for the Committee to better understand both stakeholder groups' challenges. Members of the public will have the opportunity to provide oral public comments during this meeting, and may also submit public comments in writing prior to this meeting by completing the public comment form on our website, https://gsa.gov/​fscac. The meeting agenda will be posted on https://gsa.gov/​fscac prior to the meeting and can be accessed by selecting the “Federal Secure Cloud Advisory Committee meetings” tab on the left, and then selecting the “September 12, 2024—Virtual” meeting accordion in order to view all meeting materials, agendas, and registration information.

The October 10, 2024 public meeting will be dedicated to deliberations in order to develop an initial draft of recommendations to the GSA Administrator on their initial two (2) priority initiatives of (1) identifying and documenting top challenges and proposing solutions around the barrier ( print page 68161) to entry for Cloud Service Providers(CSPs) with a focus on small businesses, third party assessment organizations (3PAOs), and small & large agencies, and (2) identifying and documenting ways to expedite the authorization process for Cloud Service Offerings (CSOs), such as exploring agile authorizations and other potential cost reductions, both labor and financial, with a focus on small businesses. Members of the public will have the opportunity to provide oral public comments during this meeting, and may also submit public comments in writing prior to this meeting by completing the public comment form on our website, https://gsa.gov/​fscac. The meeting agenda will be posted on https://gsa.gov/​fscac prior to the meeting and can be accessed by selecting the “Federal Secure Cloud Advisory Committee meetings” tab on the left, and then selecting the “October 10, 2024—Virtual” meeting accordion in order to view all meeting materials, agendas, and registration information.

Meeting Attendance

Both of these virtual meetings are open to the public. The meeting materials, registration information, and agendas for the meetings will be made available prior to the meetings online at https://gsa.gov/​fscac, by selecting the “Federal Secure Cloud Advisory Committee meetings” tab on the left, and then selecting the “September 12, 2024—Virtual” meeting accordion or “October 10, 2024—Virtual” meeting accordion. Registration for attending the virtual meeting on Thursday, September 12, 2024, is highly encouraged by 5:00 p.m. EST, on Monday, September 9, 2024. Registration for attending the virtual meeting on Thursday, October 10, 2024, is highly encouraged by 5:00 p.m. EST, on Monday, October 7, 2024. After registration, individuals will receive instructions on how to attend the meeting via email.

For information on services for individuals with disabilities, or to request accommodation for a disability, please email the FSCAC staff at FSCAC@gsa.gov at least 10 days prior to the meeting date. Live captioning may be provided virtually.

Public Comment

Members of the public attending will have the opportunity to provide oral public comment during the FSCAC meeting. Written public comments can be submitted at any time by completing the public comment form on our website, https://gsa.gov/​fscac, located under the “Get Involved” section. All written public comments will be provided to FSCAC members in advance of the meeting if received by Wednesday, September 4, 2024, for the Thursday, September 12, 2024 meeting; and by Wednesday, October 2, 2024, for the Thursday, October 10, 2024 meeting, respectively.