An official website of the United States government
Here’s how you know
Official websites use .gov
A .gov website belongs to an official government organization in the United States.
Secure .gov websites use HTTPS
A lock
( )
or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.
May 25 from 9:30 a.m.- 4 p.m. Eastern time
Ronald Reagan Building and International Trade Center, 1300 Pennsylvania Ave NW, Washington, D.C. 20004 and via Zoom
| Allotted time | Topic | Presenter |
|---|---|---|
| 9:30-9:45 a.m. | Call to order Welcome and roll call FACA public meetings | Designated Federal Officer Michelle White |
| 9:45-9:55 a.m. | Round robin of committee members | FSCAC members |
| 9:55-10:10 a.m. | GSA leadership remarks | GSA Administrator Robin Carnahan |
| 10:10-10:20 a.m. | GSA Federal Acquisition Service leadership remarks | GSA FAS Commissioner Sonny Hashmi |
| 10:20-10:30 a.m. | Chair remarks | FSCAC Chair Ann Lewis |
| 10:30-10:45 a.m. | FSCAC charter | FSCAC Chair Ann Lewis |
| 10:45-11 a.m. | Break | |
| 11-11:45 a.m. | FedRAMP program briefing | Acting Director and Cybersecurity Program Manager of FedRAMP Brian Conrad |
| 11:45 a.m.-noon | Committee question-and-answer | Acting Director and Cybersecurity Program Manager of FedRAMP Brian Conrad |
| Noon-1:15 p.m. | Break for lunch | |
| 1:15-2 p.m. | Future Office of Management and Budget memo briefing | OMB Office of the Federal CIO |
| 2-2:15 p.m. | Committee question-and-answer | OMB Office of the Federal CIO and FSCAC members |
| 2:15-3:15 p.m. | Discussion and prioritization of initiatives | FSCAC members |
| 3:15-3:45 p.m. | Public comment (limit of three minutes per speaker) | Members of the public |
| 3:45-3:50 p.m. | Summary of next steps | FSCAC Chair Ann Lewis |
| 3:50-4 p.m. | Closing remarks and adjourn | FSCAC Chair Ann Lewis and DFO Michelle White |
Michelle White, Designated Federal Officer (DFO), explained her role and duties on this advisory committee, and introduced the rest of the committee, including their training and credentials. Michelle White stated, “This advisory committee is considered a federal advisory committee under FACA. My role is to administer day to day activities. My duties are to share with the GSA Administrator the Committee’s recommendations on the adoption of Secure Cloud services. Each committee member has gone through FACA training and had training on ethics.”
All except one committee member was present in person and introduced themselves by name and organization. Victor Brown was present virtually and introduced himself by name and organization.
Robin Carnahan, GSA Administrator, expressed her excitement to greet the inaugural committee members and expressed her gratitude for their service to the country. She expressed that the U.S. Government serves as a service delivery business and that the efficacy with which the government delivers those services directly relates to the public’s trust in the government. The best way to deliver these services is often digitally through Secure Cloud Services (CSPs), which is why the work that is done with the Federal Risk Management Program (FedRAMP) is long and will last.
She emphasized the importance of securing and protecting federal data while also striving to create a process that is scalable, efficient, and affordable. Ms. Carnahan also expressed the importance for FedRAMP and FSCAC to set an example for State and Local governments on how to best secure their own cloud services. She closed her remarks by reiterating the importance of the Committee’s work and how it will continue to foster trust between the public and their government.
Sonny Hashmi, Commissioner of the Federal Acquisition Service, described the current challenges that come from the expanding use of the cloud and the rapidly growing number of cloud service providers . He stressed the importance of creating a process that can leverage the capabilities and innovation of the market. He concluded by noting that the work of the committee spans across government, business, and those across the country, so their focus should be on continuing to evolve the program to address the growing demand for authorization among CSPs and remaining diligent and dedicated to monitoring them even after authorization.
Ann Lewis, Chair of the advisory committee, introduced herself, shared a high level overview of her professional background and experience, and summarized the duties of her role on the committee. She then stated the purpose of the FedRAMP program, and highlighted the maturity of the program over the past few years. Ann explained how the work of FedRAMP is essential in the government, and how the addition of this committee will help increase the number of Cloud Service Providers that FedRAMP supports, which will increase the success of the program. She then explained the importance of today’s meeting because it brings together the government and the industry experts.
Ann Lewis reviewed the charter with the committee, noting the scope and boundaries of FSCAC. She emphasized the role that the committee plays in examining current federal operations and making recommendations to the GSA administrator. Using the defined scope, she encouraged the committee’s advice to be sector or market-wide instead of focusing on any one company. She closed by asking the committee if they had any questions on the charter, to which there were none.
Brian Conrad, who joined the Federal Risk Management Program in 2018, provided an overview of the program and its strategic initiatives. The program’s mission is to promote secure cloud service adoption and expand the marketplace. The aim is to grow the marketplace and enable access to diverse cloud services. The agency authorization process involves standardized guidelines and a repository for sharing assessment packages. The FedRAMP Board, along with the Joint Authorization Board (JAB), plays a crucial role in authorizing cloud service providers. The marketplace currently has 307 authorized CSPs, with a trend towards high-impact systems. The program focuses on automation, process transformation, and knowledge sharing. The Strengths, Weaknesses, Opportunities, and Threats (SWOT) analysis highlighted strengths in stakeholder collaboration, weaknesses in time and cost, threats from the evolving threat landscape, and opportunities for market expansion and process improvement.
In this committee Q&A session, several key points related to FedRAMP were discussed. The participants touched on various aspects, including partnerships with other countries, the National Institute of Standards and Technology’s (NIST) involvement, conformance program ratios, the importance of human interaction for small businesses, lowering entry barriers while maintaining security, preferences for software as a service (SaaS) over infrastructure as a service ( IaaS), resource challenges, authorization timelines and costs, the impact of the number of authorized CSPs, and statutory discussions for market accessibility.
Planned developments, such as OMB MAX sunset and customer relationship management (CRM) tool implementation, were mentioned, along with challenges in continuous monitoring and the need to update the aging FedRAMP process. The conversation also addressed leveraging automation, knowledge sharing efforts, weaknesses of FedRAMP, international discussions, and the integration of new technologies.
Standardization, Service Level Agreements (SLAs), and alignment with other regulations were considered as potential areas for improvement.
Michelle introduced Eric Mill and Drew Myklegard from the Federal CIO. The individual committee members were permitted to ask them questions, but their input will not be considered FSCAC advice. OMB briefed the committee on FedRAMP and its evolution since 2011, expanding beyond IaaS to include platform as a service (PaaS) and SaaS. OMB’s role is to assist FedRAMP in adapting to the larger cloud marketplace. The governance involves the JAB and Agencies, and OMB aims to help the FedRAMP Board determine priorities and understand implications. Michelle then opened the floor for questions.
The participants discussed various important areas for the future FedRAMP Board to focus on in relation to FedRAMP. These areas included: allowing agencies faster access to increase scalability, reducing duplicative processes and lack of trust between agencies, modernizing security controls for the FedRAMP process, considering the evolving nature of the threat landscape, unifying disparate policy areas under one roof, expanding Open Security Controls Assessment Language (OSCAL) and investing in it, protecting data and monitoring it across authorization boundaries, addressing the challenges of increasing the FedRAMP Board’s size, improving efficiency through SLAs and triaging new controls, evaluating the sufficiency of NIST controls for artificial intelligent (AI) systems, clarifying and tightening controls for SaaS adoption, revisiting and making FedRAMP authorization more specific, incorporating essential shared security solutions, streamlining the authorization process, providing more frequent guidance updates, exploring tiering and customization for changes, addressing redundancy and delays in the authorization process, accommodating agency exceptions and low-impact SaaS solutions, seeking reciprocity and exploring the role of third parties, and creating opportunities for small businesses and faster testing of their products.
Michelle White, FSCAC DFO, opened the meeting by asking members to discuss their prioritization of initiatives. Members considered various factors, such as the order in which to tackle the initiatives and the next steps to make recommendations to the GSA Administrator. They suggested various areas of focus, like exploring market expansion, broadening the operational security focus with cloud service providers, and considering the role of Cyber Security Infrastructure Agency (CISA) beyond incident response. They also stressed the importance of starting with a small deliverable and building upon it. The need for automation, particularly in authorizations and continuous monitoring, is discussed due to its potential to save time and costs.
The members also discussed topics they would like to hear more about in future meetings, including insights from the Cloud Security Alliance and a threat-based monitoring approach. Potential next steps were mentioned, to include reviewing Governance and Risk Compliance (GRC) tools and exploring reciprocity requirements and CSP interactions. The timing of providing the compiled data and recommendations to the GSA Administrator were addressed, with the frequency of committee meetings determining the communication frequency.
The members requested access to existing documentation about the FedRAMP program, its issues, and where FedRAMP believes there is room for improvement, and expressed their interest in expanding on the federated authority to operate (ATO) concept and assisting with automation.
Michelle White opened the discussion up to the public to share their comments, with each person having three minutes to speak.
Gaurav Pal from StackArmor, Inc. suggests a study to show the costs and savings of having an ATO with FedRAMP versus without and combining economic programs.
Tom Ruff from Deep Water Point and Associates urges the committee to help small businesses find sponsors and make the FedRAMP process less intimidating.
Matt Topper from UBERETHER, INC believes FedRAMP certification would make an immense difference in their process.
Teri Marlene Prince, CEO of Terida, a small business trying to achieve FedRAMP certification, highlights the cost and timeline difficulties of the process.
Ann Lewis notes that the committee members are not entirely aligned on the top priority yet, but future meetings should help to determine it. She thanked the members for their thoughtful contributions and looks forward to working with them. The work done by the committee will benefit both cloud service providers and public-private partnerships. Matt Scholl inquires about where they will meet in the future, and Michelle White suggests meeting remotely but leaves it open for discussion. Marci Womack asks about the TBD slot on the committee, and Ann Lewis explains that they are still in the process of making a member selection.
Michelle White, FSCAC DFO, adjourned the meeting at 3:22pm.
Error, The Per Diem API is not responding. Please try again later.
No results could be found for the location you've entered.
Rates for Alaska, Hawaii, and U.S. territories and possessions are set by the Department of Defense.
Rates for foreign countries are set by the Department of State.
Rates are available between 10/1/2022 and 09/30/2025.
The End Date of your trip can not occur before the Start Date.
Traveler reimbursement is based on the location of the work activities and not the accommodations, unless lodging is not available at the work activity, then the agency may authorize the rate where lodging is obtained.
Unless otherwise specified, the per diem locality is defined as "all locations within, or entirely surrounded by, the corporate limits of the key city, including independent entities located within those boundaries."
Per diem localities with county definitions shall include"all locations within, or entirely surrounded by, the corporate limits of the key city as well as the boundaries of the listed counties, including independent entities located within the boundaries of the key city and the listed counties (unless otherwise listed separately)."
When a military installation or Government - related facility(whether or not specifically named) is located partially within more than one city or county boundary, the applicable per diem rate for the entire installation or facility is the higher of the rates which apply to the cities and / or counties, even though part(s) of such activities may be located outside the defined per diem locality.
An SBA program that helps provide a level playing field for small businesses owned by socially and economically disadvantaged people or entities that meet the following eligibility requirements:
See Title 13 Part 124 of the Code of Federal Regulations for more information.
A multiple-award IDIQ governmentwide acquisition contract offering complete and flexible IT solutions worldwide. A best-in-class GWAC and preferred governmentwide solution, Alliant 2 offers:
It provides best-value IT solutions to federal agencies, while strengthening chances in federal contracting for small businesses through subcontracting.
An agreement established by a government buyer with a Multiple Award Schedule contractor to fill repetitive needs for supplies or services.
Types of funds to use on specific expenses.
The work done to make a structure or system ready for use or to bring a construction or development project to a completed state.
Negotiated firm-fixed pricing on airline seats for official government travel. The locked-in ticket prices for the fiscal year save federal agencies time and money. Federal employees enjoy flexibility to change their plans without incurring penalties or additional costs. All negotiated rates have:
Use the CPP search tool to find current fares.
From 5 USC 5701(6), "continental United States" means the several states and the District of Columbia, but does not include Alaska or Hawaii.
A space where individuals work independently or co-work collaboratively in a shared office. The work environment is similar to a typical office, usually inclusive of office equipment and amenities. Typical features of co-working facilities include work spaces, wireless internet, communal printer/copier/fax, shared kitchens, restrooms and open seating areas. May also be referred to as a “shared office.”
A system that is bought from a commercial vendor to solve a particular problem, as opposed to one that a vendor custom builds.
An employee who negotiates and awards contracts with vendors and who has the sole authority to change, alter or modify a contract.
An employee whose duties are to develop proper requirements and ensure contractors meet the commitments during contract administration, including the timeliness and delivery of quality goods and services as required by the contract.
A request of GSA where a federal agency retains and manages all aspects of the procurement process and is able to work with the selected vendor after award.
An SBA program that gives preferential consideration for certain government contracts to businesses that meet the following eligibility requirements:
See Title 13 Part 127 Subpart B of the Code of Federal Regulations for more information.
The primary regulation for federal agencies to use when buying supplies and services with funds from Congress.
Use acquisition.gov to browse FAR parts or subparts or download the full FAR in various formats.
The travel and relocation policy for all federal civilian employees and others authorized to travel at government expense.
A program that promotes the adoption of secure cloud services across the federal government by providing a standardized approach to security and risk assessment.
A GSA business line that provides safe, reliable, low-cost vehicle solutions for federal agency customers and eligible entities. Offerings include:
A charge card for U.S. government personnel to use when paying for fuel and maintenance of GSA Fleet vehicles. Find out where the Fleet card is accepted, how to use it and more.
A Department of Homeland Security program that allows members to use expedited lanes at U.S. airports and when crossing international borders by air, land and sea.
A charge card for certain U.S. Government employees to use when buying mission-related supplies or services using simplified acquisition procedures, when applicable, and when the total cost does not exceed micro-purchase thresholds.
A charge card for U.S. government personnel to use when paying for reimbursable expenses while on official travel. Visit smartpay.gsa.gov for more.
A vehicle used to perform an agency’s mission(s), as authorized by the agency.
A pre-competed, multiple-award, indefinite delivery, indefinite quantity contract that agencies can use to buy total IT solutions more efficiently and economically.
A ceremony marking the official start of a new construction project, typically involving driving shovels into ground at the site.
An online shopping and ordering system at gsaadvantage.gov that provides access for federal government employees and in some cases, state and local entities, to purchase from thousands of contractors offering millions of supplies and services.
An online auction site at gsaauctions.gov that allows the general public to bid on and buy excess federal personal property assets such as:
Real property for which GSA is responsible. It can be either federally owned or leased from a public or private property owner.
An SBA program that gives preferential consideration for certain government contracts to business that meet the following eligibility requirements:
See Title 13 Part 126 Subpart B of the Code of Federal Regulations for more information.
A type of contract when the quantity of supplies or services, above a specified minimum, the government will require is not known. IDIQs help streamline the contract process and speed service delivery.
A fee paid by businesses who are awarded contracts under Multiple Award Schedule to cover GSA’s cost of operating the program. The fee is a fixed percentage of reported sales under MAS contracts that contractors pay within 30 calendar days following the completion of each quarter.
A law that provides $3.375 billion for us to:
This includes $2.15 billion for low embodied carbon materials in construction projects, $975 million to support emerging and sustainable technologies, and $250 million for measures to convert more buildings into High Performance Buildings.
An investment in our nation’s infrastructure and competitiveness. The law provides funding for LPOE modernization projects that will create new good-paying jobs, bolster safety and security, and make our economy more resilient to supply chain challenges.
A written agreement entered into between two federal agencies, or major organizational units within an agency, which specifies the goods to be furnished or tasks to be accomplished by one agency (the servicing agency) in support of the other (the requesting agency).
A facility, also known as a border station, that provides controlled entry into or departure from the United States for persons or materials. It houses the U.S. Customs and Border Protection and other federal inspection agencies responsible for the enforcement of federal laws related to entering into or departing from the U.S.
An employee who is responsible for preparing, negotiating, awarding and monitoring compliance of lease agreements.
Criteria used to select the technically acceptable proposal with the lowest evaluated price. Solicitations must specify that award will be made on the basis of the lowest evaluated price of proposals meeting or exceeding the acceptability standards for non-cost factors.
The rate of reimbursement for driving a privately owned vehicle when your agency authorizes it. Current rates are at gsa.gov/mileage.
Long-term governmentwide contracts with commercial firms providing federal, state, and local government buyers access to more than 11 million commercial products and services at volume discount pricing. Also called Schedules or Federal Supply Schedules.
The standard federal agencies use to classify business establishments for the purpose of collecting, analyzing, and publishing statistical data related to the U.S. business economy.
A family of six separate governmentwide multiple award, IDIQ contracts for management and advisory, facilities, technical and engineering, logistics, intelligence services, research and development, environmental, and enterprise solutions.
A formal, signed agreement between GSA’s Public Buildings Service and a federal agency for a specific space assignment.
Services performed under a contract with a federal agency that include:
The per day rates for the lower 48 continental United States, which federal employees are reimbursed for expenses incurred while on official travel. Per diem includes three allowances:
An identification card that allows credentialed government personal to access facilities, computers, or information systems. May also be referred to as HSPD-12 card, LincPass, Smart Card, or CAC.
Furniture and equipment such as appliances, wall hangings, technological devices, and the relocation expenses for such property.
Information that can be used to distinguish or trace an individual’s identity, either alone or when combined with other information that is linked or linkable to a specific individual. Get our agency's privacy policies and practices as they apply to our employees, contractors, and clients.
You should only drive a privately owned vehicle for official travel after your agency evaluates the use of:
When your agency has determined a POV to be the most advantageous method of transportation, you are authorized reimbursement for mileage and some additional allowances (parking, bridge, road and tunnel fees, etc.).
Approvals from GSA’s congressional authorizing committees, the U.S. Senate Committee on Environment and Public Works and the U.S. House Committee on Transportation and Infrastructure, for proposed capital and leasing projects that require funding over an annually established threshold.
Region 1 (New England): Connecticut, Maine, Massachusetts, New Hampshire, Rhode Island, Vermont
Region 2 (Northeast and Caribbean): Northern New Jersey, New York, Puerto Rico, U.S. Virgin Islands
Region 3 (Mid-Atlantic): Delaware, parts of Maryland, Southern New Jersey, Pennsylvania, parts of Virginia, West Virginia
Region 4 (Southeast Sunbelt): Alabama, Florida, Georgia, Kentucky, Mississippi, North Carolina, South Carolina, Tennessee
Region 5 (Great Lakes): Illinois, Indiana, Michigan, Minnesota, Ohio, Wisconsin
Region 6 (Heartland): Iowa, Kansas, Missouri, Nebraska
Region 7 (Greater Southwest): Arkansas, Louisiana, New Mexico, Oklahoma, Texas
Region 8 (Rocky Mountain): Colorado, Montana, North Dakota, South Dakota, Utah, Wyoming
Region 9 (Pacific Rim): Arizona, California, Hawaii, Nevada
Region 10 (Northwest Arctic): Alaska, Idaho, Oregon, Washington
Region 11 (National Capital): Washington, D.C., area including parts of Maryland and Virginia
Formal agreements between GSA and a federal agency customer where GSA agrees to provide goods, services, or both, and the federal agency agrees to reimburse GSA’s direct and indirect costs. The customer portal for RWA information is called eRETA at extportal.pbs.gsa.gov.
A document used in negotiated procurements to communicate government requirements to prospective contractors (firms holding Multiple Award Schedule contracts) and to solicit proposals (offers) from them.
A document used to communicate government requirements, but which do not solicit binding offers. Quotations submitted in response are not offers. The Multiple Award Schedule order is the offer, and then the contractor can do something to show acceptance, like ordering supplies or contacting subcontractors.
An SBA program that gives preferential consideration for certain government contracts to businesses that meet the following eligibility requirements:
See Title 13 Part 128 Subpart B of the Code of Federal Regulations for more information.
An SBA designation for businesses that meet size standards set for each NAICS code. Most manufacturing companies with 500 employees or fewer, and most non-manufacturing businesses with average annual receipts under $7.5 million, will qualify as a small business.
See Title 13 Part 121.201 of the Code of Federal Regulations for more information.
To improve and stimulate small business utilization, we award contracts to businesses that are owned and controlled by socially and economically disadvantaged individuals. We have contracting assistance for:
A Small Business Administration program that gives preferential consideration for certain government contracts to business that meet the following eligibility requirements:
See Title 13 Section 124.1001 of the Code of Federal Regulations for more information.
The basis for the lease negotiation process, which becomes part of the lease. SFOs include the information necessary to enable prospective offerors to prepare proposals. See SFO minimum requirements.
Specific supply and service subcategories within our Multiple Award Schedule. For the Information Technology Category, a SIN might be new equipment or cloud services.
An online system at sam.gov, which the U.S. Government uses to consolidate acquisition and award systems for use by contractors wishing to do business with the federal government. Formerly known as FBO.gov, all contracting opportunities valued over $25,000 are posted at sam.gov.
When you use a government purchase card, such as the "GSA SmartPay" travel card for business travel, your lodging and rental car costs may be exempt from state sales tax. Individually billed account travel cards are not tax exempt in all states. Search for exemption status, forms and important information.
The finishes and fixtures federal agency tenants select that take a space from a shell condition to a finished, usable condition and compliant with all applicable building codes and standards.
A statute that applies to all Multiple Award Schedule contracts, unless otherwise stated in the solicitation or contract, which requires contractors to sell to the U.S. Government only products that are manufactured or “substantially transformed” in the U.S. or a TAA-designated country.
Vendors report transactional data — information generated when the government purchases goods or services from a vendor — to help us make federal government buying more effective.
See our TDR page for which SINs are eligible and which line-item data to submit.
A unique number required to do business with the federal government.
An indicator of how efficiently a federal agency is currently using space, it is traditionally calculated by dividing the usable square feet of the space, by the number of personnel who occupy the space.
A Small Business Administration program that gives preferential consideration for certain government contracts to businesses that meet the following eligibility requirements:
A governmentwide acquisition contract exclusively for service-disabled veteran-owned small businesses to sell IT services such as:
The amount of solid waste, such as trash or garbage, construction and demolition waste, and hazardous waste, that is reused, recycled or composted instead of being put in a landfill or burned.
A GSA program designed to promote recycling and reuse of solid waste.
A Small Business Administration program that gives preferential consideration for certain government contracts to businesses that meet the following eligibility requirements:
See Title 13 Part 127 Subpart B of the Code of Federal Regulations for more information.
U.S. General Services Administration