Skip to main content

Blog

FedRAMP Governance

June 4 | 2024

FedRAMP Governance

FedRAMP’s commitment to our customers is to make it safe and easy for the U.S. government to take full advantage of cloud services to meet its mission.

Over the past few weeks, we have announced the appointment of the inaugural FedRAMP Board, the creation of the FedRAMP Technical Advisory Group (TAG), and updated appointments to the Federal Secure Cloud Advisory Committee (FSCAC). Each of these groups has a fundamentally different role in strengthening FedRAMP. We want to make it clear what each group does, and why they’re each so important.

In brief:

  • The FedRAMP Board is a governance body of federal executives that are responsible for reviewing and approving FedRAMP policies, and for bringing together their fellow federal technology leaders to expand FedRAMP’s capacity for authorizing cloud services.
  • The Federal Secure Cloud Advisory Committee is an advisory body with government and private-sector members that makes recommendations to GSA on making FedRAMP a more effective program.
  • The FedRAMP Technical Advisory Group is an advisory body of federal technology experts that FedRAMP consults on technology issues as they arise throughout program policy and operations.

These groups have two distinct functions - governance and providing advice.

Governance of FedRAMP

FedRAMP’s governing body is the FedRAMP Board, which is defined in the FedRAMP Authorization Act, and replaces the Joint Authorization Board. The FedRAMP Board represents the needs of the federal community and the interests of FedRAMP as a whole, and is made up of seven federal technology executives from different agencies that are selected by the Federal Chief Information Officer in the Office of Management and Budget (OMB). The Board is a voting body that holds non-public meetings on a periodic basis. The Federal Chief Information Officer and the FedRAMP Director will act as non-voting Chair and Vice Chair, respectively.

The FedRAMP Board works with the FedRAMP Director to approve and help guide FedRAMP policies, and will generally oversee the overall health and performance of FedRAMP. A major part of driving a healthy FedRAMP ecosystem will be convening their fellow federal technology leaders to authorize more cloud services, including finding opportunities for multiple agencies to leverage their trust and shared needs to authorize services together.

FedRAMP advisory bodies

The FSCAC and TAG are both advisory bodies, but they play very different roles.

The Federal Secure Cloud Advisory Committee, or FSCAC, is a federal advisory committee that advises on FedRAMP and on the secure use of cloud services by the federal government. The FSCAC is made up of government and private sector members that are selected by GSA through a public nomination process, and is chaired by GSA leadership. Private sector members include both cloud providers as well as third-party assessment organizations. The FSCAC provides formal advice to GSA leadership, as well as to the FedRAMP Board or to federal agencies as they wish. Their agenda is not set by FedRAMP, and as a federal advisory committee they are a voting body whose meetings are held publicly.

The meetings also provide an open forum for the FedRAMP stakeholder community to engage with the FSCAC and make their views on FedRAMP known. The public is welcome to join FSCAC meetings virtually or in person to share real-time feedback regarding FedRAMP and the government’s adoption of cloud services in a more formal setting.

The FedRAMP Technical Advisory Group, or TAG, is made up of federal employees with significant practitioner experience and expertise in modern cloud technology. TAG members are jointly selected by OMB and FedRAMP. The initial TAG was recently assembled, and their expertise includes cybersecurity, privacy, digital service delivery, artificial intelligence, and management of cloud infrastructure.

FedRAMP consults with the TAG directly, requesting their views when their technical expertise may be relevant as situations arise and as FedRAMP considers updating its policies and processes. The FedRAMP Board can also request advice from the TAG as needed. The TAG is not a voting body and meets periodically and as requested.

Together, FedRAMP’s governance and advisory groups will be critical at growing and strengthening FedRAMP over the years to come.

Thank you for your partnership as we continue to set up the FedRAMP program for its next decade of delivery. We love hearing from you! Please email info@fedramp.gov if you have any comments or questions.

Back to Blogs