Federal Secure Cloud Advisory Committee charter

Committee’s Official Designation. Federal Secure Cloud Advisory Committee (FSCAC)

Authority. The Federal Secure Cloud Advisory Committee (the Committee or FSCAC) is required under Section 5921(b) of the James M. Inhofe National Defense Authorization Act for Fiscal Year 2023. This committee is established in accordance with and operates under the provisions of the Federal Advisory Committee Act (FACA) (5 U.S.C. § 1001 et. seq.), except that Section 14 of the FACA shall not apply to the committee.

Objectives and Scope of Activities. FedRAMP is responsible for providing a standardized, reusable approach to security assessment and authorization for cloud computing products and services that process unclassified information used by agencies. The FSCAC will examine FedRAMP operations and advise the FedRAMP Director (or a designee chosen by the FAS Commissioner, FAS Deputy Commissioner/TTS Director, or FedRAMP Director), the FedRAMP Board, and agencies on how to ensure effective and ongoing coordination of agency adoption, use, authorization, monitoring, acquisition, and security of cloud computing products and services to enable agency mission and administrative priorities.

Description of Duties. The duties of the Committee are to provide advice and recommendations to the FedRAMP Director (or a designee chosen by the FAS Commissioner, FAS Deputy Commissioner/TTS Director, or FedRAMP Director), the FedRAMP Board, and to agencies on technical, financial, programmatic, and operational matters regarding secure adoption of cloud computing products and services. The purposes of the Committee are:

• To examine the operations of FedRAMP and determine ways that authorization processes can continuously be improved, including the following:
  • Measures to increase agency reuse of FedRAMP authorizations.
  • Proposed actions that can be adopted to reduce the burden, confusion, and cost associated with FedRAMP authorizations for cloud service providers.
  • Measures to increase the number of FedRAMP authorizations for cloud computing products and services offered by small businesses concerns (as defined by section 3(a) of the Small Business Act (15 U.S.C. § 632(a)).
  • Proposed actions that can be adopted to reduce the burden and cost of FedRAMP authorizations for agencies.
• Collect information and feedback on agency compliance with and implementation of FedRAMP requirements.
• Serve as a forum that facilitates communication and collaboration among the FedRAMP stakeholder community.

Agency or Federal Officer Receiving the Advisory Committee’s Advice/Recommendations. The Federal Secure Cloud Advisory Committee reports to the Director of the FedRAMP (or a designee chosen by the FAS Commissioner, FAS Deputy Commissioner/TTS Director, or FedRAMP Director).

Support. Support for the Federal Secure Cloud Advisory Committee will be provided by GSA’s Technology Transformation Services (TTS).

Estimated Annual Operating Costs and Staff Years. The estimated annual fiscal year costs to operate the Committee are approximately $53,000. The estimated full-time equivalent staff is 0.25.

Designated Federal Officer. General Services Administration (GSA) will designate a permanent full-time or part-time Federal staff member to serve as the Designated Federal Officer (DFO). There may also be an Alternate DFO. The DFO shall perform the following:

• Ensure their advisory committee activities comply with the Act, FACA Final Rule, their agency administrative procedures, and any other applicable laws and regulations;
• Approve or call all meetings of the advisory committee or subcommittee;
• Approve the agenda;
• Attend all advisory committee and subcommittee meetings for their duration;
• Fulfill the requirements under § 10(b) of the Act (codified at 5 U.S.C. § 1009(b));
• Adjourn any meeting when the DFO determines it to be in the public interest;
• Chair any meeting when so directed by the FedRAMP Director (or designee chosen by the FAS Commissioner, FAS Deputy Commissioner/TTS Director, or FedRAMP Director);
• Maintain information on advisory committee activities and provide such information to the public, as applicable;
• Ensure advisory committee members and subcommittee members, as applicable, receive the appropriate training (e.g., FACA overview, ethics training) for efficient operation and compliance with the Act and FACA Final Rule; and
• Establish and ensure that a public-facing website is created and maintained for the advisory committee in accordance with 41 CFR § 102- 3.120(b).

Estimated Number and Frequency of Meetings. The Federal Secure Cloud Advisory Committee will meet at least three (3) times a year. Meetings shall occur as frequently as needed, called, and approved by the DFO.

Duration. Continuing subject to the Termination section below.

Termination. In accordance with Section 5921(d) of the James M. Inhofe National Defense Authorization Act for Fiscal Year 2023, the FSCAC will terminate on December 23, 2027, 5 years after the date of enactment.

Membership and Designation. In accordance with Section 5921(b) of the James M. Inhofe National Defense Authorization Act for Fiscal Year 2023, the Committee shall be composed of not more than fifteen (15) members, who will be appointed as either Representatives or Regular Government Employees (RGEs). Membership will consist of the following individuals:

1. The FedRAMP Director (or a designee chosen by the FAS Commissioner, FAS Deputy Commissioner/TTS Director, or FedRAMP Director), who shall be the Chair of the Committee.
2. At least one representative each from the Cybersecurity and Infrastructure Security Agency and the National Institute of Standards and Technology.
3. At least two officials who serve as the Chief Information Security Officer within an agency, who shall be required to maintain such a position throughout the duration of their service on the Committee.
4. At least one official serving as Chief Procurement Officer (or equivalent) in an agency, who shall be required to maintain such a position throughout the duration of their service on the Committee.
5. At least one individual representing an independent assessment organization.
6. At least five representatives from unique businesses that primarily provide cloud computing services or products, including at least two representatives from a small business (as defined by section 3(a) of the Small Business Act (15 U.S.C. § 632(a)).
7. At least two other Government representatives as the Director of FedRAMP (or a designee chosen by the FAS Commissioner, FAS Deputy Commissioner/TTS Director, or FedRAMP Director) determines to be necessary to provide sufficient balance, insights, or expertise to the Committee.

Members will be appointed by the FedRAMP Director (or a designee chosen by the FAS Commissioner, FAS Deputy Commissioner/TTS Director, or FedRAMP Director), in consultation with the Director of OMB.

Subcommittees. Subcommittees may be created by the Committee, in consultation and with the approval of the DFO, as needed. Subcommittees must report back to the parent committee and must not provide advice or work products directly to GSA.

Recordkeeping. The records of the committee, or subgroups of the committee, shall be handled in accordance with General Records Schedule 6.2 and other approved agency records disposition schedules. These records shall be available for public inspection and copying, subject to the Freedom of Information Act, 5 U.S.C. § 552.

Filing Date: August 4, 2025

Date: 7/30/2025
Michael Rigas, Acting Administrator

Establishment Charter Filing Date: February 28, 2023