Oct. 26, 2023 from 1 p.m.- 3 p.m. Eastern time
Virtual location: Zoom
Agenda
|
ALLOTTED TIME
|
TOPIC
|
PRESENTER
|
|
1:00-1:05 p.m.
|
Call to order
Welcome and roll call
FACA public meetings
|
Designated Federal Officer Michelle White |
| 1:05-1:35 p.m. |
Deep Dive: Briefing Con Mon |
Acting Director/Cybersecurity Program Manager of FedRAMP Brian Conrad |
| 1:35-1:50 p.m. |
Committee question-and-answer |
Acting Director/Cybersecurity Program Manager of FedRAMP Brian Conrad and FSCAC members |
| 1:50-2:00 p.m. |
Public comment (limit of three minutes per speaker) |
Members of the public |
| 2:00-2:55 p.m. |
Committee Initiative Discussion: ConMon Process Improvements |
FSCAC members |
| 2:55-3:00 p.m. |
Closing remarks and adjourn |
Federal Secure Cloud Advisory Committee Chair Ann Lewis and DFO Michelle White
|
Call to Order: Welcome and Roll Call. FACA Public Meetings
Michelle White, Designated Federal Officer (DFO)
Michelle White, FSCAC Designated Federal Officer, described the duties of the committee. She completed a roll call and determined that a quorum had been established.
Michelle reviewed the agenda of the meeting and announced that there will also be an open forum after the committee’s question and answer agenda item for questions from the public with three minutes allotted for each speaker. She provided an update on the topic discussed at the last meeting and shared details about the next two FSCAC meetings. The meeting agenda for the day was reviewed. Michelle also announced that in the absence of the Chair, Ann Lewis, the Chair duties have been temporarily delegated to her for this meeting by the GSA Administrator.
Deep Dive Briefing: ConMon
Brian Conrad, Acting Director/Cybersecurity Program Manager of FedRAMP
Michelle White, FSCAC DFO, introduced Brian Conrad, Acting Director and Cybersecurity Program Manager of FedRAMP. Michelle reminded everyone to hold questions until the end of the presentation. Acting FedRAMP Director, Brian Conrad gave an overview of the current Continuous Monitoring Processes for both the JAB and Agency Authorizations, and explained the challenges and misconceptions of both. He then shared the future Continuous Monitoring opportunities around both automation improvements and process improvements.
Committee Q&A
Brian Conrad, Acting Director/Cybersecurity Program Manager of FedRAMP
FSCAC Membership
Brian Conrad opened up the floor for questions. Some of the main questions pertained to clarification around significant change requests (SCRs), the PMO costs and resourcing needs around ConMon, and the impact of automation on continuous monitoring and sharing of information across all stakeholders.
Public Comment
Members of the Public
The committee welcomed comments from members of the public. One member of the public asked about the Committee’s informational status regarding an OMB document.
Committee Initiative Discussion: ConMon
FSCAC Membership
Michelle White, FSCAC DFO, reviewed the overview of the process and the topics for discussion and improvements and called on members as they raised their hands to provide their input, which was directly captured live during the meeting in the draft memo. For the ConMon process improvements, FSCAC members provided input around the problem statement, goals, considerations, and recommendations. Recommendations centered around various topics, specifically the acceleration of automation, an interim solution while waiting for automation solution procurement and implementation, scope of vulnerability scans and significant change reviews, and increasing of ConMon data in the CDM stack. Impacts to stakeholders were also discussed.
Closing Remarks and Adjourn
Ann Lewis, Chair, and Michelle White, DFO
Michelle provided closing remarks on behalf of the FSCAC Chair, Ann Lewis, and thanked everyone for the conversation and discussion. The meeting adjourned at 2:43 p.m.
Committee Members in Attendance
- Ann Lewis (Chair)
- Bill Hunt
- Bo Berlas
- Branko Bokan
- Jackie Snouffer
- John Greenstein
- Joshua Cohen
- LaMonte Yarborough
- Marci Womack
- Matt Scholl
- Michael Vacirca
- Nauman Ansari
- Ravi Jagannathan
- Victor Brown
Committee Members Absent
Guest Speakers and Presenters
FSCAC Support Staff Present
- Michelle White, Designated Federal Officer
- D’Arcy Steiner, FSCAC Support Team
- Megan Gallo, FSCAC Support Team
- Clifton Johnson, FSCAC Support Team
Members of the Public Present
- Matthew Stern, Hypori, Inc
- Thomas Walheim, Hypori
- Rehman Javaid, Sybersense
- Randi Sargent, Dell Federal
- Megan Whitfield, Crystal Concepts, LLC
- Neela Lakhmani, GAO
- Robert Kinnin, FEMA
- Drew Kahle, BetterUp
- Sejal Sheth, GAO
- Tanner Spires, A2LA
- Nathan Case, Corsha
- Andrea Livero-Scott, Kratos
- Sara Mazer, LaunchDarkly
- Justin Booth, US GAO
- Ted Kruelski, General Services Administration
- Andrea Bowling, GSA
- Daniel Alvarado, Sheppard Mullin Richter & Hampton LLP
- Michael Loefflad, SentinelOne
- Brendan Peter, SecurityScorecard
- Christian Baer, Schellman
- Matt Topper, UberEther
- Kurt Cox, Company
- Joe Hamblin, Armis
- Keith Kidd, Coalfire
- Leopold Wildenauer, Information Technology Industry Council (ITI)
- Christine Biggs, Coalfire Systems
- James Armstrong, Actsoft, Inc
- Gayle Berkeley, Rubrik, Inc.
- Eric Roggenstroh, Systems Syndicate LLC
- Kevin Carr, Palantir
- Dre Shkreli, A-lign
- Townsend Bourne, Sheppard Mullin Richter & Hampton LLP
- Michael Caruso, Coalfire
- Tom Ruff, Deep Water Point Associates
- Andrew Paulette, HireVue
- Colby LeClerc, Hypori
- Drew Scherer, Carahsoft
- Daniel Dooley, SAP
- John Bergin, Microsoft
- Jason Butterfield, TTB
- James Cademartori, Booz Allen Hamilton
- Dominic Dertatevasion, Hewlett Packard Enterprises
- Charles Ray, TTB
- Frank Csech, Salesforce
- Jason Weiss, Individual
- Samuel Aydlette, 38North Security
- Steven Boberski, Genesys
- Cody Weaver, Genesys
- Adam Smith, Coalfire Systems
- Taimur Masood, Microsoft
- Kenneth Brodie, Accenture Federal Services
- Hares Aly, BAE Systems
- Thomas Hoffecker, SAP National Security Services (NS2)
- Daniel Choi, Salesforce
- Pam Culbreath, SAP NS2
- John Gallagher, Microsoft
- Shawn Olson, Foundation InfoSec Services LLC
- Adam Mazmanian, Government Executive Media Group
- Gaurav Pal, stackArmor, Inc
- Branko Bokan, CISA
- Jacqueline Snouffer, DoD, Defense Information Systems Agency
- Bill Hunt, U.S. Securities & Exchange Commission
- La Monte Yarborough, U.S. Dept. of Health and Human Services
- Daniel Pane, Databricks
- Audrea White, GSA
- Marci Womack, Schellman
- Ravi Jagannathan, Palo Alto Networks
- Alla Seiffert, AWS
- Jim Beckner III, T-Metrics
- Ryan Hoesing, FedRAMP
- Zaree Singer
- Bridget Dorward, FedRAMP PMO
- Brittany Smith, Microsoft
- Abe Emnetu, Microsoft Azure
- Catherine Lyon, Armavel/VA
- Scott Borre, Government Accountability Office
- Larry Plowman, Department of Veteran Affairs
- Samantha Murphy, Salesforce
- Ernest Rosser, FAS/ITC
- Zarina Neff
- Janie Atzil, Dexcom
- MacKenzie Robertson, GSA
- Romel Punsal, TTB
- Zachary Royster, Information Technology Industry Council (ITI)
- Kenneth Payne, FedRAMP PMO
- John Hamilton, GSA
- Michael Zajdel, Spoint CART and Captioning
- Bo Berlas
- Matthew Scholl, NIST
- John Greenstein, Bluescape
- Joshua Cohen, VA
- Mike Vacirca
- Cynthia Bergevin
- Todd Fredericks, Noblis
U.S. General Services Administration