The General Services Administration (GSA) has set four public meetings of the Federal Secure Cloud Advisory Committee (FSCAC) to develop recommendations on the secure adoption of cloud computing products under the Federal Risk and Authorization Management Program (FedRAMP).
In a meeting notice posted to the Federal Register on Sept. 25, GSA said the FSCAC will develop FedRAMP recommendations for GSA Administrator Robin Carnahan, the FedRAMP Board, and Federal agencies.
“The FSCAC will ensure effective and ongoing coordination of agency adoption, use, authorization, monitoring, acquisition, and security of cloud computing products and services to enable agency mission and administrative priorities,” the notice says.
The meetings will be held from 1 to 3 p.m. on Oct. 19, Oct. 26, Nov. 2, and Nov. 9. The first meeting will look to draft recommendations on the cloud solution provider (CSP) authorization path, the second on the Continuous Monitoring (ConMon) process, and the third on FedRAMP’s automation initiatives and opportunities.
The fourth and final meeting will be structured as a working session for the committee to finalize their recommendations.
Members of the public can attend the FSCAC meetings virtually and sign up to provide oral public comments during the meetings when registering. Meeting registration and more information are available at https://gsa.gov/?fscac.
The FSCAC was created by legislation approved late last year that codified the FedRAMP into law. The 11-year-old FedRAMP program is operated by GSA to provide a standardized, government-wide approach to security assessment, authorization, and continuous monitoring for cloud products and services used by Federal government agencies.
The newly established FSCAC is comprised of 15 members from the public and private sectors – appointed by the GSA administrator, in consultation with the Office of Management and Budget (OMB) director. The inaugural members include Ann Lewis of GSA as the committee chair, as well as representatives from the National Institute of Standards and Technology (NIST), Cybersecurity and Infrastructure Security Agency (CISA), and Google, among others.