An official website of the United States government
Here’s how you know
Official websites use .gov
A .gov website belongs to an official government organization in the United States.
Secure .gov websites use HTTPS
A lock
( )
or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.
July 20, 2023 from 1 p.m. to 5 p.m. Eastern time
Virtual location: Zoom
|
Allotted time |
Topic |
Presenter |
|---|---|---|
|
1:00-1:10 p.m. |
Call to order |
Designated Federal Officer Michelle White |
| 1:10-1:15 p.m | Introduction of new committee member(s) | FSCAC members |
| 1:15-1:25 p.m. | Chair Remarks | Federal Secure Cloud Advisory Committee Chair Ann Lewis |
| 1:25-2:25 p.m. | FedRAMP Program Briefing | Acting Director/Cybersecurity Program Manager of FedRAMP Brian Conrad |
| 2:25-2:45 p.m. | Committee question-and-answer | Acting Director/Cybersecurity Program Manager of FedRAMP Brian Conrad and FSCAC members |
| 2:45-3:00 p.m. | Break | |
| 3:00-3:30 p.m. | Cloud Security Alliance Briefing | Cloud Security Alliance CEO Jim Reavis |
| 3:30-3:45 p.m. | Committee question-and-answer | Cloud Security Alliance CEO Jim Reavis and FSCAC members |
| 3:45-4:00 p.m. | Discussion on priority areas identified in May FSCAC meeting | FSCAC members |
| 4:00-4:15 p.m. | Public comment (limit of three minutes per speaker) | Members of the public |
| 4:15-4:45 p.m. | Discussion on priority areas and prioritization of initiatives | FSCAC members |
| 4:45-4:50 p.m. | Committee vote on the prioritization of initiatives | FSCAC members |
| 4:50-4:55 p.m. | Summary of next steps | FSCAC Committee Chair Ann Lewis |
| 4:55-5:00 p.m. | Closing remarks and adjourn | FSCAC Chair Ann Lewis and DFO Michelle White |
Michelle described the duties of the committee and the committee members individually. She completed a role call and determined that a quorum had been established.
Roll Call:
Michelle reviewed the agenda of the meeting and announced that there will also be an open forum at the end of the meeting for questions from the public with three minutes allotted for each speaker.
Jim Beckner III was introduced. Jim is the FedRAMP/AWS Cloud Security Officer at T-Metrics and the newest representative member of FSCAC, representing the viewpoints of a small unique business that provides cloud computing products or services.
Ann described the duties, purposes, vision, and goals of the committee and program. She discussed her role and her commitment to take back any feedback discussed in this meeting to the GSA Administrator. She also informed the committee that Victor Brown is no longer a committee member and that his replacement will be announced in the near future.
Brian Conrad, Acting Director/Cybersecurity Program Manager of FedRAMP, began the presentation with an overview of the current FedRAMP Authorization Process. He described the high-level steps for the two paths, Agency Authorization and JAB Authorization, and the differences between them. Brian also discussed current stakeholder pressure points related to the authorization process and explained the increased demand in the program. Details were provided about the program modernization efforts and the future state outcomes to better meet the customer needs and increase in demand.
Key takeaways:
There was an open forum Q&A Session where the FSCAC Members asked Acting FedRAMP Director, Brian Conrad, questions around the future vision of the FedRAMP Program. Many of the questions focused around the automation initiatives of the program, such as OSCAL, threat-based methodology, CDM dashboarding, and the new GRC.
Jim Reavis presented on Cloud, State of the Art Cybersecurity & Best Practices. He started the presentation by first introducing Cloud Security Alliance and what type of organization they are. Following that, he introduced Cloud security concerns from enterprise CISOs, CISO expectations for CSPs and what they are looking for from CSP leadership, a survey recap on some of the concerns regarding cloud security, and emphasis on Zero Trust training.
Jim showcased a mock FedRAMP moderate authorization boundary and showed how to do some role-based access request and deny inquires to synthetic employee data, showing how to build a true, cloud-native concept system.
He then finished the presentation discussing the ongoing research on cybersecurity and wrapped up by introducing generative AI, security concerns around AI, and initial impressions and takeaways on how to address these concerns.
Jim opened the floor for questions from the Members. Some of the main questions pertained to security requirements, generative AI and enterprise adoption, and policies and trainings regarding generative AI.
FSCAC members discussed their top priorities and initiatives and the next steps to tackle them. The following are the top priorities and initiatives identified by the members: Operational focus around CSPs, ConMon process improvement, (CSP) Authorization process improvements, understanding Rev. 5 baselines, and O&M foundations.
The committee welcomed comments from members of the public. Comments were provided by two individuals. One comment encouraged the committee to consider budget and workforce as one of the priorities, helping to ensure that the FedRAMP PMO has the necessary resources to execute on mission. The other comment raised concerns around the increase in demand for defense-based companies and their limited understanding of the FedRAMP process.
The Committee made a motion to vote on selecting the topics that would become the prioritized focus areas for the Committee. Jim Beckner motioned that the CSP Authorization Improvements be selected as a priority, and Michael Vacirca seconded the motion. Michael Vacirca motioned for ConMon Process Improvements to be another priority, and Ravi Jagannathan seconded the motion. Jackie Snouffer motioned that Automation Initiatives and Opportunities be the third priority, and Bo Berlas seconded the motion.
A roll call vote was taken on pursuing and prioritizing all three topics above concurrently. The vote was unanimous with each committee member voting in favor.
Vote:
Ann Lewis, FSCAC Chair, discussed next steps, which includes reporting back to the GSA Administrator on the prioritized focus areas. The Committee will develop specific initiatives and gather more information about the CSP experience and their expectations of the FedRAMP Program. Ann Lewis thanked members for their participation and reiterated that this is an exciting public-private partnership, essential for ensuring the government is serving the public.
Michelle White, FSCAC DFO, adjourned the meeting at 4:20pm.
Matt Scholl
Error, The Per Diem API is not responding. Please try again later.
No results could be found for the location you've entered.
Rates for Alaska, Hawaii, and U.S. territories and possessions are set by the Department of Defense.
Rates for foreign countries are set by the Department of State.
Rates are available between 10/1/2022 and 09/30/2025.
The End Date of your trip can not occur before the Start Date.
Traveler reimbursement is based on the location of the work activities and not the accommodations, unless lodging is not available at the work activity, then the agency may authorize the rate where lodging is obtained.
Unless otherwise specified, the per diem locality is defined as "all locations within, or entirely surrounded by, the corporate limits of the key city, including independent entities located within those boundaries."
Per diem localities with county definitions shall include"all locations within, or entirely surrounded by, the corporate limits of the key city as well as the boundaries of the listed counties, including independent entities located within the boundaries of the key city and the listed counties (unless otherwise listed separately)."
When a military installation or Government - related facility(whether or not specifically named) is located partially within more than one city or county boundary, the applicable per diem rate for the entire installation or facility is the higher of the rates which apply to the cities and / or counties, even though part(s) of such activities may be located outside the defined per diem locality.
An SBA program that helps provide a level playing field for small businesses owned by socially and economically disadvantaged people or entities that meet the following eligibility requirements:
See Title 13 Part 124 of the Code of Federal Regulations for more information.
A multiple-award IDIQ governmentwide acquisition contract offering complete and flexible IT solutions worldwide. A best-in-class GWAC and preferred governmentwide solution, Alliant 2 offers:
It provides best-value IT solutions to federal agencies, while strengthening chances in federal contracting for small businesses through subcontracting.
An agreement established by a government buyer with a Multiple Award Schedule contractor to fill repetitive needs for supplies or services.
Types of funds to use on specific expenses.
The work done to make a structure or system ready for use or to bring a construction or development project to a completed state.
Negotiated firm-fixed pricing on airline seats for official government travel. The locked-in ticket prices for the fiscal year save federal agencies time and money. Federal employees enjoy flexibility to change their plans without incurring penalties or additional costs. All negotiated rates have:
Use the CPP search tool to find current fares.
From 5 USC 5701(6), "continental United States" means the several states and the District of Columbia, but does not include Alaska or Hawaii.
A space where individuals work independently or co-work collaboratively in a shared office. The work environment is similar to a typical office, usually inclusive of office equipment and amenities. Typical features of co-working facilities include work spaces, wireless internet, communal printer/copier/fax, shared kitchens, restrooms and open seating areas. May also be referred to as a “shared office.”
A system that is bought from a commercial vendor to solve a particular problem, as opposed to one that a vendor custom builds.
An employee who negotiates and awards contracts with vendors and who has the sole authority to change, alter or modify a contract.
An employee whose duties are to develop proper requirements and ensure contractors meet the commitments during contract administration, including the timeliness and delivery of quality goods and services as required by the contract.
A request of GSA where a federal agency retains and manages all aspects of the procurement process and is able to work with the selected vendor after award.
An SBA program that gives preferential consideration for certain government contracts to businesses that meet the following eligibility requirements:
See Title 13 Part 127 Subpart B of the Code of Federal Regulations for more information.
The primary regulation for federal agencies to use when buying supplies and services with funds from Congress.
Use acquisition.gov to browse FAR parts or subparts or download the full FAR in various formats.
The travel and relocation policy for all federal civilian employees and others authorized to travel at government expense.
A program that promotes the adoption of secure cloud services across the federal government by providing a standardized approach to security and risk assessment.
A GSA business line that provides safe, reliable, low-cost vehicle solutions for federal agency customers and eligible entities. Offerings include:
A charge card for U.S. government personnel to use when paying for fuel and maintenance of GSA Fleet vehicles. Find out where the Fleet card is accepted, how to use it and more.
A Department of Homeland Security program that allows members to use expedited lanes at U.S. airports and when crossing international borders by air, land and sea.
A charge card for certain U.S. Government employees to use when buying mission-related supplies or services using simplified acquisition procedures, when applicable, and when the total cost does not exceed micro-purchase thresholds.
A charge card for U.S. government personnel to use when paying for reimbursable expenses while on official travel. Visit smartpay.gsa.gov for more.
A vehicle used to perform an agency’s mission(s), as authorized by the agency.
Pre-competed, multiple-award, indefinite delivery, indefinite quantity contracts that agencies can use to buy total IT solutions more efficiently and economically.
A ceremony marking the official start of a new construction project, typically involving driving shovels into ground at the site.
An online shopping and ordering system at gsaadvantage.gov that provides access for federal government employees and in some cases, state and local entities, to purchase from thousands of contractors offering millions of supplies and services.
An online auction site at gsaauctions.gov that allows the general public to bid on and buy excess federal personal property assets such as:
Real property for which GSA is responsible. It can be either federally owned or leased from a public or private property owner.
An SBA program that gives preferential consideration for certain government contracts to business that meet the following eligibility requirements:
See Title 13 Part 126 Subpart B of the Code of Federal Regulations for more information.
A type of contract when the quantity of supplies or services, above a specified minimum, the government will require is not known. IDIQs help streamline the contract process and speed service delivery.
A fee paid by businesses who are awarded contracts under Multiple Award Schedule to cover GSA’s cost of operating the program. The fee is a fixed percentage of reported sales under MAS contracts that contractors pay within 30 calendar days following the completion of each quarter.
A law that provides $3.375 billion for us to:
This includes $2.15 billion for low embodied carbon materials in construction projects, $975 million to support emerging and sustainable technologies, and $250 million for measures to convert more buildings into High Performance Buildings.
An investment in our nation’s infrastructure and competitiveness. The law provides funding for LPOE modernization projects that will create new good-paying jobs, bolster safety and security, and make our economy more resilient to supply chain challenges.
A written agreement entered into between two federal agencies, or major organizational units within an agency, which specifies the goods to be furnished or tasks to be accomplished by one agency (the servicing agency) in support of the other (the requesting agency).
A facility, also known as a border station, that provides controlled entry into or departure from the United States for persons or materials. It houses the U.S. Customs and Border Protection and other federal inspection agencies responsible for the enforcement of federal laws related to entering into or departing from the U.S.
An employee who is responsible for preparing, negotiating, awarding and monitoring compliance of lease agreements.
Criteria used to select the technically acceptable proposal with the lowest evaluated price. Solicitations must specify that award will be made on the basis of the lowest evaluated price of proposals meeting or exceeding the acceptability standards for non-cost factors.
The rate of reimbursement for driving a privately owned vehicle when your agency authorizes it. Current rates are at gsa.gov/mileage.
Long-term governmentwide contracts with commercial firms providing federal, state, and local government buyers access to more than 11 million commercial products and services at volume discount pricing. Also called Schedules or Federal Supply Schedules.
The standard federal agencies use to classify business establishments for the purpose of collecting, analyzing, and publishing statistical data related to the U.S. business economy.
A family of six separate governmentwide multiple award, IDIQ contracts for management and advisory, facilities, technical and engineering, logistics, intelligence services, research and development, environmental, and enterprise solutions.
A formal, signed agreement between GSA’s Public Buildings Service and a federal agency for a specific space assignment.
Services performed under a contract with a federal agency that include:
The per day rates for the lower 48 continental United States, which federal employees are reimbursed for expenses incurred while on official travel. Per diem includes three allowances:
An identification card that allows credentialed government personal to access facilities, computers, or information systems. May also be referred to as HSPD-12 card, LincPass, Smart Card, or CAC.
Furniture and equipment such as appliances, wall hangings, technological devices, and the relocation expenses for such property.
Information that can be used to distinguish or trace an individual’s identity, either alone or when combined with other information that is linked or linkable to a specific individual. Get our agency's privacy policies and practices as they apply to our employees, contractors, and clients.
You should only drive a privately owned vehicle for official travel after your agency evaluates the use of:
When your agency has determined a POV to be the most advantageous method of transportation, you are authorized reimbursement for mileage and some additional allowances (parking, bridge, road and tunnel fees, etc.).
Approvals from GSA’s congressional authorizing committees, the U.S. Senate Committee on Environment and Public Works and the U.S. House Committee on Transportation and Infrastructure, for proposed capital and leasing projects that require funding over an annually established threshold.
Region 1 (New England): Connecticut, Maine, Massachusetts, New Hampshire, Rhode Island, Vermont
Region 2 (Northeast and Caribbean): Northern New Jersey, New York, Puerto Rico, U.S. Virgin Islands
Region 3 (Mid-Atlantic): Delaware, parts of Maryland, Southern New Jersey, Pennsylvania, parts of Virginia, West Virginia
Region 4 (Southeast Sunbelt): Alabama, Florida, Georgia, Kentucky, Mississippi, North Carolina, South Carolina, Tennessee
Region 5 (Great Lakes): Illinois, Indiana, Michigan, Minnesota, Ohio, Wisconsin
Region 6 (Heartland): Iowa, Kansas, Missouri, Nebraska
Region 7 (Greater Southwest): Arkansas, Louisiana, New Mexico, Oklahoma, Texas
Region 8 (Rocky Mountain): Colorado, Montana, North Dakota, South Dakota, Utah, Wyoming
Region 9 (Pacific Rim): Arizona, California, Hawaii, Nevada
Region 10 (Northwest Arctic): Alaska, Idaho, Oregon, Washington
Region 11 (National Capital): Washington, D.C., area including parts of Maryland and Virginia
Formal agreements between GSA and a federal agency customer where GSA agrees to provide goods, services, or both, and the federal agency agrees to reimburse GSA’s direct and indirect costs. The customer portal for RWA information is called eRETA at extportal.pbs.gsa.gov.
A document used in negotiated procurements to communicate government requirements to prospective contractors (firms holding Multiple Award Schedule contracts) and to solicit proposals (offers) from them.
A document used to communicate government requirements, but which do not solicit binding offers. Quotations submitted in response are not offers. The Multiple Award Schedule order is the offer, and then the contractor can do something to show acceptance, like ordering supplies or contacting subcontractors.
An SBA program that gives preferential consideration for certain government contracts to businesses that meet the following eligibility requirements:
See Title 13 Part 128 Subpart B of the Code of Federal Regulations for more information.
An SBA designation for businesses that meet size standards set for each NAICS code. Most manufacturing companies with 500 employees or fewer, and most non-manufacturing businesses with average annual receipts under $7.5 million, will qualify as a small business.
See Title 13 Part 121.201 of the Code of Federal Regulations for more information.
To improve and stimulate small business utilization, we award contracts to businesses that are owned and controlled by socially and economically disadvantaged individuals. We have contracting assistance for:
A Small Business Administration program that gives preferential consideration for certain government contracts to business that meet the following eligibility requirements:
See Title 13 Section 124.1001 of the Code of Federal Regulations for more information.
The basis for the lease negotiation process, which becomes part of the lease. SFOs include the information necessary to enable prospective offerors to prepare proposals. See SFO minimum requirements.
Specific supply and service subcategories within our Multiple Award Schedule. For the Information Technology Category, a SIN might be new equipment or cloud services.
An online system at sam.gov, which the U.S. Government uses to consolidate acquisition and award systems for use by contractors wishing to do business with the federal government. Formerly known as FBO.gov, all contracting opportunities valued over $25,000 are posted at sam.gov.
When you use a government purchase card, such as the "GSA SmartPay" travel card for business travel, your lodging and rental car costs may be exempt from state sales tax. Individually billed account travel cards are not tax exempt in all states. Search for exemption status, forms and important information.
The finishes and fixtures federal agency tenants select that take a space from a shell condition to a finished, usable condition and compliant with all applicable building codes and standards.
A statute that applies to all Multiple Award Schedule contracts, unless otherwise stated in the solicitation or contract, which requires contractors to sell to the U.S. Government only products that are manufactured or “substantially transformed” in the U.S. or a TAA-designated country.
Vendors report transactional data — information generated when the government purchases goods or services from a vendor — to help us make federal government buying more effective.
See our TDR page for which SINs are eligible and which line-item data to submit.
A unique number required to do business with the federal government.
An indicator of how efficiently a federal agency is currently using space, it is traditionally calculated by dividing the usable square feet of the space, by the number of personnel who occupy the space.
A Small Business Administration program that gives preferential consideration for certain government contracts to businesses that meet the following eligibility requirements:
A governmentwide acquisition contract exclusively for service-disabled veteran-owned small businesses to sell IT services such as:
The amount of solid waste, such as trash or garbage, construction and demolition waste, and hazardous waste, that is reused, recycled or composted instead of being put in a landfill or burned.
A GSA program designed to promote recycling and reuse of solid waste.
A Small Business Administration program that gives preferential consideration for certain government contracts to businesses that meet the following eligibility requirements:
See Title 13 Part 127 Subpart B of the Code of Federal Regulations for more information.
U.S. General Services Administration