The Federal Secure Cloud Advisory Committee is scheduled to meet from 12 to 3:00 p.m. Eastern time on Oct. 3.
Location: Zoom
| ALLOTTED TIME | TOPIC | PRESENTER |
|---|
| 12-12:10 p.m. | Call to order
Welcome and roll call
FACA public meetings | Designated Federal Officer Michelle White |
| 12:10-12:30 p.m. | Public comment (limit of three minutes per speaker) | Members of the public |
| 12:30-12:35 p.m. | Chair remarks | FSCAC Chair Larry Hale |
| 12:35-1:05 p.m. | Deliberations: Structure of the Report | FSCAC members |
| 1:05-1:15 p.m. | Break | |
| 1:15-2:45 p.m. | Deliberations: Sharing individual discovery and developing initial recommendations | FSCAC members |
| 2:45-3 p.m. | Closing remarks and adjourn | FSCAC Chair Larry Hale and DFO Michelle White |
Call to order
Michelle White, FSCAC Designated Federal Officer
Michelle White called the meeting to order and introduced the purposes and outcomes of the meeting. She welcomed members of the public attending & thanked those who left public comments. A quorum was established.
Roll call:
- Larry Hale – Present
- Mike Vacirca – Present
- Carlton Harris – Not present
- Kayla Underkoffler – Not present
- Josh Krueger – Present
- Daniel Pane – Present
- Marci Womack – Present
- Branko Bokan – Present
- Matt Scholl – Present
- Bo Berlas – Not present
- La Monte Yarborough – Not present
- Nauman Ansari – Present
- Jackie Snouffer – Present
- Bill Hunt – Present
- Joshua Cohen – Present
Public comment
Members of the public
No public comments were provided by individuals during the meeting.
Chair remarks
Larry Hale, FSCAC Chair
Larry Hale opened the meeting by providing a recap of what was covered during the last meeting in September and reiterated the focus of today’s meeting. The last meeting covered the OMB Memo, challenges faced by stakeholders, and insights from Agency Liaisons. He stated that today’s meeting would focus on agreeing to the structure of the report and beginning the drafting process, with no final decisions being made today — voting on the report will occur in a future meeting. Additionally, an update on social media efforts was provided, with progress on setting up LinkedIn expected by the next meeting.
Deliberations: report structure
FSCAC membership
The committee reviewed the FSCAC draft report and discussed the inclusion of metrics and thresholds in the Actionable Recommendations section. There was agreement that this would be the appropriate section for such metrics. The possibility of adding additional commentary or context to the recommendations was raised, with consensus that it could be beneficial, provided it remains clear and concise. It was suggested that an appendix, similar to the approach used in previous recommendations, could be included to add context. The discussion concluded with consensus on the report structure and no further questions.
Deliberations: sharing individual discovery & developing initial recommendations
FSCAC membership
The committee discussed the two initial priorities and deliberated on proposed recommendations for each.
The discussion on Priority 1 focused on identifying barriers to entry for small businesses in the FedRAMP authorization process. Key challenges highlighted included high costs, limited resources, 3PAO bottlenecks, complex documentation, and varying timelines for agency sponsorship. Suggestions included increasing transparency in the review process, simplifying requirements, leveraging existing tools like OSCAL and inheritance models, and possibly creating a tiered compliance system for small businesses. The goal is to reduce the time, cost, and complexity of the authorization process while maintaining security standards.
The discussion on Priority 2 focused on streamlining the FedRAMP authorization process by accelerating timelines and reducing costs. Key ideas included implementing a “quick look” at critical controls to fast-track testing, expanding reciprocity across agencies, and standardizing requirement interpretations. The group also emphasized the need for clear exception and authorization thresholds, engaging CISA, NIST, and OMB. There was consideration of readiness assessments in tiering, along with the potential for small business funding incentives through Small Business Administration (SBA) grants or loans to support cloud service providers.
Next steps, closing remarks and adjournment
Larry Hale, FSCAC Chair, and Michelle White, FSCAC DFO
Larry thanked the committee for their participation today, and the Committee noted several next steps based on the day’s conversation. Larry thanked the committee and speakers again and expressed that he is looking forward to continuing the discussion. Michelle White adjourned the meeting at 2:21p ET.
Certification of chair
I hereby certify that, to the best of my knowledge, the foregoing minutes of the proceedings are accurate and complete.
Digitally signed:
Lawrence Hale 10/3/2024
U.S. General Services Administration