October 19, 2023 from 1:00 p.m.- 3:00 p.m. Eastern time
Virtual location: Zoom
Agenda
|
ALLOTTED TIME
|
TOPIC
|
PRESENTER
|
|
1:00-1:05 p.m.
|
Call to order
Welcome and roll call
FACA public meetings
|
Designated Federal Officer Michelle White |
| 1:05-1:10 p.m. |
Deliverable Planning Discussion: Memo structure and schedule for delivery |
Federal Secure Cloud Advisory Committee Chair Ann Lewis |
| 1:10-1:40 p.m. |
Deep Dive Briefing: CSP Authorization Path |
Program Manager of Security Operations John Hamilton |
| 1:40-1:55 p.m. |
Committee question-and-answer |
Program Manager of Security Operations John Hamilton and FSCAC members |
| 1:55-2:05 p.m. |
Public comment (limit of three minutes per speaker) |
Members of the public |
| 2:05-2:55 p.m. |
Committee Initiative Discussion: CSP Authorization Improvements |
FSCAC members
|
| 2:55-3:00 p.m. |
Closing remarks and adjourn |
FSCAC Chair Ann Lewis and DFO Michelle White |
Call to Order: Welcome and Roll Call. FACA Public Meetings
Michelle White, Designated Federal Officer (DFO)
Michelle White described the duties of the committee. She completed a roll call and determined that a quorum had been established.
Michelle reviewed the agenda of the meeting and announced that there will also be an open forum after the committee’s question and answer agenda item for questions from the public with three minutes allotted for each speaker. Daniel Pane introduced himself as the newest representative member of FSCAC. He works for Databricks, a large unique business that provides cloud computing products or services. The meeting agenda for the day was reviewed.
Deliverable Planning Discussion: Memo Structure and Schedule for Delivery
Ann Lewis, Federal Secure Cloud Advisory Committee Chair
On behalf of the FSCAC Chair, Ann Lewis, who was experiencing technical difficulties at the time, Michelle White, Designated Federal Officer, read to the FSCAC membership Ann’s remarks, which included a review of the agenda and topic focuses for today meeting and the next three (3) meetings, a request for feedback on the structure of the memo, and a target delivery date of Tuesday, November 21 for final delivery of the memo with recommendations on the three focus areas of CSP Authorization Path, ConMon Process Improvements, and Automation Initiatives & Opportunities to the GSA Administrator. No comments from members were received on the agendas, structure of the memo, or the target delivery date.
Deep Dive Briefing: CSP Authorization Path
John Hamilton, Program Manager of Security Operations, FedRAMP
Michelle White, FSCAC DFO, introduced John Hamilton, Program Manager of Security Operations of FedRAMP. Michelle reminded everyone to hold questions until the end of the presentation. John introduced himself and his role in the FR program and his overview of how to make the program better in the future. John began the presentation with an overview of the current Agency CSP Authorization Process, as this is the most commonly used path for authorization. He described the high-level steps for the Agency Authorization path and the differences between the three FedRAMP designations: FedRAMP Ready, In-Process, and FedRAMP Authorized. John also discussed current stakeholder pressure points and challenges related to the authorization process and explained the increased demand in the program. He detailed the transition to a CRM and how this will support automation efforts. He explained the current authorization timeline breakdown with examples of how many packages were submitted in 2023 and how long each package took to complete. John emphasized the importance of moving to OSCAL as the foundation of the FedRAMP platform and the opportunities that this language provides for the program’s modernization efforts. Additional details were provided about the program modernization efforts and the future state outcomes to better meet the customer needs and
increase in demand.
Committee Q&A
John Hamilton, Program Manager of Security Operations, FedRAMP
FSCAC Membership
John Hamilton opened up the floor for questions. Some of the main questions pertained to package submission issues and root causes, clarification around the authorization process, training opportunities, funding and resourcing of the program, and pilot opportunities for the new modernization effort.
Public Comment
Members of the Public
The committee welcomed comments from members of the public. There were no public comments.
Committee Initiative Discussion: CSP Authorization Improvements
FSCAC Membership
On behalf of the FSCAC Chair, Ann Lewis, who was experiencing technical difficulties at the time, Michelle White, FSCAC DFO, reviewed the overview of the process and the topics for discussion and improvements and called on members as they raised their hands to provide their input, which was directly captured live during the meeting in the draft memo. For the CSP authorization path improvements, FSCAC members provided input around the problem statement, goals, considerations, and recommendations. Recommendations centered around various topics, specifically key measures; increase in PMO transparency, communication, and training; review process; review scope; automation initiatives; and resourcing. Impacts to stakeholders were also discussed.
Closing Remarks and Adjourn
Ann Lewis, Chair, and Michelle White, DFO
After requesting final remarks from FSCAC Chair Ann Lewis, Michelle thanked everyone for joining the meeting and adjourned the meeting at 3:05 p.m.
Committee Members in Attendance
- Ann Lewis (Chair)
- Bill Hunt
- Bo Berlas
- Branko Bokan
- Jackie Snouffer
- John Greenstein
- Joshua Cohen
- LaMonte Yarborough
- Marci Womack
- Matt Scholl
- Michael Vacirca
- Ravi Jagannathan
- Victor Brown
Committee Members Absent
Guest Speakers and Presenters
FSCAC Support Staff Present
- Michelle White, Designated Federal Officer
- D’Arcy Steiner, FSCAC Support Team
- Clifton Johnson, FSCAC Support Team
- Megan Gallo, FSCAC Support Team
- Zarina Neff, FSCAC Support Team
- Theresa West, FSCAC Support Team
Members of the Public Present
- Matthew Stern, Hypori, Inc
- Thomas Walheim, Hypori
- Rehman Javaid, Sybersense
- Randi Sargent, Dell Federal
- Megan Whitfield, Crystal Concepts, LLC
- Neela Lakhmani, GAO
- Robert Kinnin, FEMA
- Drew Kahle, BetterUp
- Sejal Sheth, GAO
- Tanner Spires, A2LA
- Nathan Case, Corsha
- Andrea Livero-Scott, Kratos
- Sara Mazer, LaunchDarkly
- Justin Booth, US GAO
- Ted Kruelski, General Services Administration
- Andrea Bowling, GSA
- Daniel Alvarado, Sheppard Mullin Richter & Hampton LLP
- Michael Loefflad, SentinelOne
- Brendan Peter, SecurityScorecard
- Christian Baer, Schellman
- Matt Topper, UberEther
- Kurt Cox, Company
- Joe Hamblin, Armis Keith Kidd, Coalfire
- Leopold Wildenauer, Information Technology Industry Council (ITI)
- Christine Biggs, Coalfire Systems
- James Armstrong, Actsoft, Inc
- Gayle Berkeley, Rubrik, Inc.
- Eric Roggenstroh, Systems Syndicate LLC
- Kevin Carr, Palantir
- Dre Shkreli, A-lign
- Townsend Bourne, Sheppard Mullin Richter & Hampton LLP
- Michael Caruso, Coalfire
- Tom Ruff, Deep Water Point Associates
- Andrew Paulette, HireVue
- Colby LeClerc, Hypori
- Drew Scherer, Carahsoft
- Daniel Dooley, SAP
- John Bergin, Microsoft
- Jason Butterfield, TTB
- James Cademartori, Booz Allen Hamilton
- Dominic Dertatevasion, Hewlett Packard Enterprises
- Charles Ray, TTB
- Frank Csech, Salesforce
- Jason Weiss, Individual
- Samuel Aydlette, 38North Security
- Steven Boberski, Genesys
- Cody Weaver, Genesys
U.S. General Services Administration