Authority
The Federal Secure Cloud Advisory Committee (the Committee or FSCAC) is required under Section 5921(b) of the James M. Inhofe National Defense Authorization Act for Fiscal Year 2023, hereinafter as “the authority.” This committee is established in accordance with and operates under the provisions of the Federal Advisory Committee Act (FACA) (5 U.S.C. 10), except that Section 14 of the FACA shall not apply to the committee.
Mission/Function
The FSCAC will serve as an advisory body to the Administrator of the General Services Administration (GSA), the FedRAMP Board, and agencies on technical, financial, programmatic, and operational matters regarding the secure adoption of cloud computing products and services. The FSCAC will advise the GSA Administrator and the FedRAMP Board, and make recommendations intended to reduce the burden, confusion, and cost associated with FedRAMP authorizations for agencies and cloud service providers and increase the number of FedRAMP authorized cloud services offered by small businesses (as defined by section 3(a) of the Small Business Act (15 U.S.C. 632(a))).
Point of View
The FSCAC shall be composed of no more than fifteen (15) Federal and non-Federal members, with a strong background and expertise in areas such as cybersecurity, information technology, cloud computing, independent assessments, acquisition, small business, independent associations or councils, and appropriate industry sectors. Each member shall be appointed for a term of three (3) years, except the initial appointment, which may be staggered as one (1), two (2), or three (3) year terms to establish a rotation in which one third of the members are selected for the next term. No member shall be appointed for more than two (2) consecutive terms nor shall any member serve for more than six (6) consecutive years. Membership balance is not static given the broad nature of the work, and the expertise or experience relevant to the function of this Committee may change over time, depending on the work of the Committee.
The balance of members in the Committee shall be in compliance with the membership balance requirements as prescribed in the authority. As such, Committee membership shall consist of:
(i) The Administrator or the Administrator’s designee, who shall be the chair of the committee;
(ii) At least one representative each from the Cybersecurity and Infrastructure Security Agency and the National Institute of Standards and Technology;
(iii) At least two officials who serve as the Chief Information Security Officer within an agency, who shall be required to maintain such a position throughout the duration of their service on the Committee;
(iv) At least one official serving as Chief Procurement Officer (or equivalent) in an agency, who shall be required to maintain such a position throughout the duration of their service on the Committee;
(v) At least one individual representing an independent assessment organization;
(vi) At least five representatives from unique businesses that primarily provide cloud computing services or products, including at least two representatives from a small business (as defined by section 3(a) of the Small Business Act (15 U.S.C. 632(a)); and
(vii) At least two other Government representatives as the Administrator determines to be necessary to provide sufficient balance, insights, or expertise to the Committee.
Members will be designated either as a Regular Government Employee (RGE) or Representative. GSA’s Office of the General Counsel (GSA OGC) will assist the Designated Federal Officer (DFO) in determining each advisory committee member’s designation. Representatives are those members who are selected to represent a specific point of view held by a particular group, organization, or association. Members who are full-time or permanent part-time Federal civilian officers or employees shall be appointed to serve as RGE members.
The Committee membership is established in accordance with the composition and balance as prescribed in the authority, and to balance different perspectives and viewpoints. An individual with extensive experience and knowledge of FedRAMP processes and operations would especially be valuable to the Committee. We seek to balance the Committee representation among geographic locations, careers and volunteer service, large and small businesses, and federal agencies. FedRAMP values opportunities to increase diversity, equity, inclusion, and accessibility on its federal advisory committees. All appointments will be made without discrimination based on age, race, ethnicity, gender, sexual orientation, disability, cultural, religious, or socioeconomic status. In accordance with Office of Management and Budget (OMB) Final
Guidance published in the Federal Register on October 5, 2011, and revised on August 13, 2014, federally registered lobbyists may not serve on the Committee in an individual capacity to provide their own individual best judgment and expertise. This ban does not apply to lobbyists appointed to provide the Committee with the views of a particular group, organization, or association, such as a representative member.
Other Balance Factors
The composition of FSCAC membership will depend upon several factors, including:
(i) FSCAC mission;
(ii) The technical, financial, programmatic, and/or operational impact of the Committee’s recommendations;
(iii) The types of specific perspectives required per the authority; and
(iv) The need to obtain diverse points of view on the issues before the Committee.
Candidate Identification Process
Selection Committee
GSA will assemble a selection committee in consultation with OMB. The FedRAMP Program Management Office (PMO) will support the Selection Committee in facilitating the nomination process, documenting outcomes, and providing other related operational support activities.
GSA OGC will provide advisory support to the Selection Committee.
Nomination and Selection Process
GSA will accept nominations for a period of approximately two weeks. GSA will prepare and disseminate a notice via the Federal Register at the commencement of the nomination period. The nomination application package will consist of a short questionnaire to collect applicant information and a (no smaller than 10pt font) narrative addressing several questions. In addition to the questionnaire, nominees will be required to submit their CV/Resume and a letter of endorsement (if applicable) to FSCAC@gsa.gov. The FedRAMP Program Management Office (PMO) will facilitate the development of guidelines to be used by the Selection Committee in reviewing the nominations
At the close of the nomination period, the FedRAMP PMO will categorize and perform an initial review of the nominations. The FedRAMP PMO will provide the Selection Committee with a set of down-selected nominees for consideration by the Selection Committee. The Selection Committee will review the applications and provide a recommendation on the finalists. Once the candidate list is established, the candidates must be vetted and cleared by GSA OGC for balance, appropriate membership designation and any conflict of interest issues. The GSA Administrator, in consultation with the OMB Director, will then proceed to formally appoint the nominees. The FedRAMP PMO will facilitate the development and dissemination of formal appointment packages, signed by the GSA Administrator. GSA will issue a press release to formally announce the selected FSCAC members.
Appointed nominees will serve a three-year term, except that the initial terms for members may be staggered 1-, 2-, or 3-year terms to establish a rotation in which one third of the members are selected each year. No member may be appointed for more than 2 consecutive terms.
The goal of the Membership Balance Plan is to foster an environment of inclusion. Selection practices have been designed to avoid systemic biases and to preclude irrational factors from influencing selection decisions or behaviors. FSCAC’s goal is to build a highly diverse and qualified applicant pool using objective and neutral processes to select the most qualified candidates - without consideration given to protected status.
Vacancies
Any vacancy in the FSCAC shall be filled in the same manner in which the original appointment was made. Any member appointed to fill a vacancy occurring before the expiration of the term for which the member’s predecessor was appointed shall be appointed only for the remainder of that term. A member may serve after the expiration of that member’s term until a successor has taken office.
Subcommittee Balance
Subcommittee balance will be achieved by the same process as the FSCAC.
Other
N/A
Date Prepared/Updated: 02/01/23
U.S. General Services Administration