If federal cybersecurity were a play, regulatory programs such as FedRAMP would be like the directors helping to guide all of the participating actors properly execute their parts and bring the vision to life. And with the spotlight growing brighter due to the mass digital migration, evolving tech landscape, and expanding threat environment, they recently brought in some new stage managers to help.
2nd Meeting of the Federal Secure Cloud Advisory Committee (FSCAC)
In compliance with the FedRAMP Authorization Act of 2022, the General Services Administration (GSA) established the Federal Secure Cloud Advisory Committee (FSCAC), an alliance of 14 private and public sector representatives stemming from companies such as Google to agencies such as the Defense Information Systems Agency. According to the Federal Register, FSCAC’s purpose is to “provide advice and recommendations to the Administrator of GSA, the FedRAMP Board, and agencies on technical, financial, programmatic, and operational matters regarding the secure adoption of cloud computing products and services.”
Since welcoming its inaugural cohort in May, the committee has had two meetings. The first, which occurred on May 25, asked the members to come with thoughts and questions regarding a paper covering topics including adjustments to the FedRAMP authorization model, how to best apply FedRAMP requirements amid an increasingly diverse field of cloud and SaaS products, and automation throughout the FedRAMP lifecycle. They also touched on the role of third parties, creating opportunities for small businesses, and other priorities such as widening the Cyber Security Infrastructure Agency’s (CISA) position past incident response.
The second meeting was just held on July 20. In addition to further introducing FSCAC’s new members, the agenda hosted an overview of the current FedRAMP Authorization Process as well as the challenges the process often presents and the ways in which it can evolve to better meet the needs of all stakeholders. The meeting also included a presentation on the Cloud Security Alliance, pointing out the importance of security measures such as Zero Trust training and featuring a question portion for attendees. Among the questions asked, generative AI appeared as a heavy commonality.
Aside from addressing emerging trends like AI, the emphasis of the meeting was on continuing the conversation around focal areas. This main agenda point is likely to keep going as FSCAC ventures into its role overseeing agency implementation of compliant cloud computing products and progression toward broader administrative goals. In addition to comments requesting that the committee concentrate on budget, workforce, and specific demands for defense-centric companies, committee members voted to prioritize matters of “Automation Initiatives and Opportunities” and “CSP Authorization” and “ConMon Process” improvements.
Building on Cybersecurity Initiatives
The initiation of FSCAC comes in conjunction with a big-picture cybersecurity push that emphasizes collaborative input. The Department of Homeland Security (DHS) and CISA have been hosting Virtual Industry Day events intended to gather professionals for discussions on arising challenges, innovations, how to better unite sectors in developing cybersecurity solutions, and more.
On an even grander scale, the White House released its implementation plan for the National Cybersecurity Strategy. With upwards of 65 initiatives outlined, the document states that the overall goal is to establish “interagency coordination that the Federal government will carry out.” The administration also put out its supporting budget priorities for the 2025 fiscal year, including increasing the use of federal funding programs to verify that security is a foundational element in project development – a factor that may impact cloud service approval in the future.
On August 23, we will gather with fellow cybersecurity, government, and cloud tech experts at the GovForward FedRAMP Headliner Summit to dive into this upward trend of security programs, policy developments, and evolving innovations. Register to meet us there.
Sources
- “GSA Unveils Inaugural Federal Secure Cloud Advisory Committee Members” – Jane Edwards, GovCon Wire
https://www.govconwire.com/2023/05/gsa-unveils-inaugural-federal-secure-cloud-advisory-committee-members/ - “Federal Secure Cloud Advisory Committee Notification of Upcoming Meeting” – Elizabeth Blake, General Services Administration, Federal Register
https://www.federalregister.gov/documents/2023/06/20/2023-13031/federal-secure-cloud-advisory-committee-notification-of-upcoming-meeting - “FedRAMP FSCAC discussion paper for May 25 meeting” – GSA
https://www.gsa.gov/technology/government-it-initiatives/federal-secure-cloud-advisory-committee/federal-secure-cloud-advisory-committee-meetings/fedramp-fscac-discussion-paper-for-may-25-meeting - “Federal Secure Cloud Advisory Committee May 25 public meeting minutes” – GSA
https://www.gsa.gov/technology/government-it-initiatives/federal-secure-cloud-advisory-committee/federal-secure-cloud-advisory-committee-meetings/fscac-may-25-public-meeting-minutes - “Federal Secure Cloud Advisory Committee July 20 meeting agenda” – GSA
https://www.gsa.gov/technology/government-it-initiatives/federal-secure-cloud-advisory-committee/federal-secure-cloud-advisory-committee-meetings/fscac-july-20-meeting-agenda - “Federal Secure Cloud Advisory Committee July 20 public meeting minutes” – GSA
https://www.gsa.gov/technology/government-it-initiatives/federal-secure-cloud-advisory-committee/federal-secure-cloud-advisory-committee-meetings/federal-secure-cloud-advisory-committee-july-20-public-meeting-minutes - “CISA Virtual Mini Industry Day to Cover Cybersecurity Division” – Homeland Security Today
https://www.hstoday.us/federal-pages/dhs/cisa-virtual-mini-industry-day-to-cover-cybersecurity-division/ - “White House releases National Cybersecurity Strategy implementation plan” – Christian Vasquez, CyberScoop
https://cyberscoop.com/national-cybersecurity-strategy-implementation-plan-2/ - “White House Outlines Cybersecurity Budget Priorities for Fiscal 2025” – Eduard Kovacs, Security Week
https://www.securityweek.com/white-house-outlines-cybersecurity-budget-priorities-for-fiscal-2025/
