An official website of the United States government
Here’s how you know
Official websites use .gov
A .gov website belongs to an official government organization in the United States.
Secure .gov websites use HTTPS
A lock
( )
or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.
July 20, 2023 from 1 p.m. to 5 p.m. Eastern time
Virtual location: Zoom
|
Allotted time |
Topic |
Presenter |
|---|---|---|
|
1:00-1:10 p.m. |
Call to order |
Designated Federal Officer Michelle White |
| 1:10-1:15 p.m | Introduction of new committee member(s) | FSCAC members |
| 1:15-1:25 p.m. | Chair Remarks | Federal Secure Cloud Advisory Committee Chair Ann Lewis |
| 1:25-2:25 p.m. | FedRAMP Program Briefing | Acting Director/Cybersecurity Program Manager of FedRAMP Brian Conrad |
| 2:25-2:45 p.m. | Committee question-and-answer | Acting Director/Cybersecurity Program Manager of FedRAMP Brian Conrad and FSCAC members |
| 2:45-3:00 p.m. | Break | |
| 3:00-3:30 p.m. | Cloud Security Alliance Briefing | Cloud Security Alliance CEO Jim Reavis |
| 3:30-3:45 p.m. | Committee question-and-answer | Cloud Security Alliance CEO Jim Reavis and FSCAC members |
| 3:45-4:00 p.m. | Discussion on priority areas identified in May FSCAC meeting | FSCAC members |
| 4:00-4:15 p.m. | Public comment (limit of three minutes per speaker) | Members of the public |
| 4:15-4:45 p.m. | Discussion on priority areas and prioritization of initiatives | FSCAC members |
| 4:45-4:50 p.m. | Committee vote on the prioritization of initiatives | FSCAC members |
| 4:50-4:55 p.m. | Summary of next steps | FSCAC Committee Chair Ann Lewis |
| 4:55-5:00 p.m. | Closing remarks and adjourn | FSCAC Chair Ann Lewis and DFO Michelle White |
Michelle described the duties of the committee and the committee members individually. She completed a role call and determined that a quorum had been established.
Roll Call:
Michelle reviewed the agenda of the meeting and announced that there will also be an open forum at the end of the meeting for questions from the public with three minutes allotted for each speaker.
Jim Beckner III was introduced. Jim is the FedRAMP/AWS Cloud Security Officer at T-Metrics and the newest representative member of FSCAC, representing the viewpoints of a small unique business that provides cloud computing products or services.
Ann described the duties, purposes, vision, and goals of the committee and program. She discussed her role and her commitment to take back any feedback discussed in this meeting to the GSA Administrator. She also informed the committee that Victor Brown is no longer a committee member and that his replacement will be announced in the near future.
Brian Conrad, Acting Director/Cybersecurity Program Manager of FedRAMP, began the presentation with an overview of the current FedRAMP Authorization Process. He described the high-level steps for the two paths, Agency Authorization and JAB Authorization, and the differences between them. Brian also discussed current stakeholder pressure points related to the authorization process and explained the increased demand in the program. Details were provided about the program modernization efforts and the future state outcomes to better meet the customer needs and increase in demand.
Key takeaways:
There was an open forum Q&A Session where the FSCAC Members asked Acting FedRAMP Director, Brian Conrad, questions around the future vision of the FedRAMP Program. Many of the questions focused around the automation initiatives of the program, such as OSCAL, threat-based methodology, CDM dashboarding, and the new GRC.
Jim Reavis presented on Cloud, State of the Art Cybersecurity & Best Practices. He started the presentation by first introducing Cloud Security Alliance and what type of organization they are. Following that, he introduced Cloud security concerns from enterprise CISOs, CISO expectations for CSPs and what they are looking for from CSP leadership, a survey recap on some of the concerns regarding cloud security, and emphasis on Zero Trust training.
Jim showcased a mock FedRAMP moderate authorization boundary and showed how to do some role-based access request and deny inquires to synthetic employee data, showing how to build a true, cloud-native concept system.
He then finished the presentation discussing the ongoing research on cybersecurity and wrapped up by introducing generative AI, security concerns around AI, and initial impressions and takeaways on how to address these concerns.
Jim opened the floor for questions from the Members. Some of the main questions pertained to security requirements, generative AI and enterprise adoption, and policies and trainings regarding generative AI.
FSCAC members discussed their top priorities and initiatives and the next steps to tackle them. The following are the top priorities and initiatives identified by the members: Operational focus around CSPs, ConMon process improvement, (CSP) Authorization process improvements, understanding Rev. 5 baselines, and O&M foundations.
The committee welcomed comments from members of the public. Comments were provided by two individuals. One comment encouraged the committee to consider budget and workforce as one of the priorities, helping to ensure that the FedRAMP PMO has the necessary resources to execute on mission. The other comment raised concerns around the increase in demand for defense-based companies and their limited understanding of the FedRAMP process.
The Committee made a motion to vote on selecting the topics that would become the prioritized focus areas for the Committee. Jim Beckner motioned that the CSP Authorization Improvements be selected as a priority, and Michael Vacirca seconded the motion. Michael Vacirca motioned for ConMon Process Improvements to be another priority, and Ravi Jagannathan seconded the motion. Jackie Snouffer motioned that Automation Initiatives and Opportunities be the third priority, and Bo Berlas seconded the motion.
A roll call vote was taken on pursuing and prioritizing all three topics above concurrently. The vote was unanimous with each committee member voting in favor.
Vote:
Ann Lewis, FSCAC Chair, discussed next steps, which includes reporting back to the GSA Administrator on the prioritized focus areas. The Committee will develop specific initiatives and gather more information about the CSP experience and their expectations of the FedRAMP Program. Ann Lewis thanked members for their participation and reiterated that this is an exciting public-private partnership, essential for ensuring the government is serving the public.
Michelle White, FSCAC DFO, adjourned the meeting at 4:20pm.
Matt Scholl
Error, The Per Diem API is not responding. Please try again later.
No results could be found for the location you've entered.
Rates for Alaska, Hawaii, and U.S. territories and possessions are set by the Department of Defense.
Rates for foreign countries are set by the Department of State.
Rates are available between 10/1/2022 and 09/30/2025.
The End Date of your trip can not occur before the Start Date.
Traveler reimbursement is based on the location of the work activities and not the accommodations, unless lodging is not available at the work activity, then the agency may authorize the rate where lodging is obtained.
Unless otherwise specified, the per diem locality is defined as "all locations within, or entirely surrounded by, the corporate limits of the key city, including independent entities located within those boundaries."
Per diem localities with county definitions shall include"all locations within, or entirely surrounded by, the corporate limits of the key city as well as the boundaries of the listed counties, including independent entities located within the boundaries of the key city and the listed counties (unless otherwise listed separately)."
When a military installation or Government - related facility(whether or not specifically named) is located partially within more than one city or county boundary, the applicable per diem rate for the entire installation or facility is the higher of the rates which apply to the cities and / or counties, even though part(s) of such activities may be located outside the defined per diem locality.
U.S. General Services Administration