Committee’s Official Designation. Federal Secure Cloud Advisory Committee (FSCAC)
Authority. The Federal Secure Cloud Advisory Committee (the Committee or FSCAC) is required under Section 5921(b) of the James M. Inhofe National Defense Authorization Act for Fiscal Year 2023. This committee is established in accordance with and operates under the provisions of the Federal Advisory Committee Act (FACA) (5 U.S.C. 10), except that Section 14 of the FACA shall not apply to the committee.
Objectives and Scope of Activities. FedRAMP is responsible for providing a standardized, reusable approach to security assessment and authorization for cloud computing products and services that process unclassified information used by agencies. The FSCAC will examine FedRAMP operations and advise the GSA Administrator, the FedRAMP Board, and agencies on how to ensure effective and ongoing coordination of agency adoption, use, authorization, monitoring, acquisition, and security of cloud computing products and services to enable agency mission and administrative priorities.
Description of Duties. The duties of the Committee are to provide advice and recommendations to the Administrator, the FedRAMP Board, and to agencies on technical, financial, programmatic, and operational matters regarding secure adoption of cloud computing products and services. The purposes of the Committee are:
To examine the operations of FedRAMP and determine ways that authorization processes can continuously be improved, including the following:
- Measures to increase agency reuse of FedRAMP authorizations.
- Proposed actions that can be adopted to reduce the burden, confusion, and cost associated with FedRAMP authorizations for cloud service providers.
- Measures to increase the number of FedRAMP authorizations for cloud computing products and services offered by small businesses concerns (as defined by section 3(a) of the Small Business Act (15 U.S.C. 632(a)).
- Proposed actions that can be adopted to reduce the burden and cost of FedRAMP authorizations for agencies.
- Collect information and feedback on agency compliance with and implementation of FedRAMP requirements.
- Serve as a forum that facilitates communication and collaboration among the FedRAMP stakeholder community.
Agency or Official to Whom the Committee Reports. The Federal Secure Cloud Advisory Committee reports to the Administrator of the GSA.
Support. Support for the Federal Secure Cloud Advisory Committee will be provided by GSA’s Technology Transformation Services (TTS).
Estimated Annual Operating Costs and Staff Years. The estimated annual fiscal year costs to operate the Committee are approximately $770,200. The estimated full-time equivalent staff is 2.
Designated Federal Officer. General Services Administration (GSA) will designate a permanent full-time or part-time Federal staff member to serve as the Designated Federal Officer (DFO). There may also be an Alternate DFO. The DFO will schedule all meetings of the Federal Secure Cloud Advisory Committee and its subcommittees, prepare and approve all meeting agendas, attend all committee and subcommittee meetings, adjourn any meeting when the DFO determines adjournment to be in the public interest, and chair meetings when directed to do so by the GSA Administrator.
Estimated Number and Frequency of Meetings. The Federal Secure Cloud Advisory Committee will meet at least three (3) times a year. Meetings shall occur as frequently as needed, called, and approved by the DFO.
Duration. Continuing subject to the Termination section below.
Termination. In accordance with Section 5921(d) of the James M. Inhofe National Defense Authorization Act for Fiscal Year 2023, the FSCAC will terminate on December 23, 2027, 5 years after the date of enactment.
Membership and Designation. In accordance with Section 5921(b) of the James M. Inhofe National Defense Authorization Act for Fiscal Year 2023, the Committee shall be comprised of not more than fifteen (15) members, who will be appointed as either Representatives or Regular Government Employees (RGEs). Membership will consist of the following individuals:
- The Administrator or the Administrator’s designee, who shall be the Chair of the Committee.
- At least one representative each from the Cybersecurity and Infrastructure Security Agency and the National Institute of Standards and Technology.
- At least two officials who serve as the Chief Information Security Officer within an agency, who shall be required to maintain such a position throughout the duration of their service on the Committee.
- At least one official serving as Chief Procurement Officer (or equivalent) in an agency, who shall be required to maintain such a position throughout the duration of their service on the Committee.
- At least one individual representing an independent assessment organization.
- At least five representatives from unique businesses that primarily provide cloud computing services or products, including at least two representatives from a small business (as defined by section 3(a) of the Small Business Act (15 U.S.C. 632(a)).
- At least two other Government representatives as the Administrator determines to be necessary to provide sufficient balance, insights, or expertise to the Committee.
Members will be appointed by the Administrator, in consultation with the Director of OMB.
Subcommittees. Subcommittees may be created by the Committee, in consultation and with the approval of the DFO, as needed. Subcommittees must report back to the parent committee and must not provide advice or work products directly to GSA.
Recordkeeping. The records of the committee, or subgroups of the committee, shall be handled in accordance with General Records Schedule 26, Item 2 and other approved agency records disposition schedules. These records shall be available for public inspection and copying, subject to the Freedom of Information Act, 5 U.S.C. 552.
Filing Date: February 28, 2023
Date: 2/28/2023
Robin Carnahan, GSA Administrator
U.S. General Services Administration