SUPPLEMENTARY INFORMATION:

Background

In compliance with the FedRAMP Authorization Act, GSA established the FSCAC, a statutory advisory committee in accordance with the provisions of FACA, as amended (5 U.S.C. Ch. 10). The Federal Risk and Authorization Management Program (FedRAMP) within GSA is responsible for providing a standardized, reusable approach to security assessment and authorization for cloud computing products and services that process unclassified information used by agencies.

The FSCAC provides advice and recommendations to the GSA Administrator, or the Administrator's designee, the FedRAMP Board, and agencies on technical, financial, programmatic, and operational matters regarding the secure adoption of cloud computing products and services. The FSCAC helps ensure effective and ongoing coordination of agency adoption, use, authorization, monitoring, acquisition, and security of cloud computing products and services to enable agency mission and administrative priorities. The purposes of the Committee are:

• Examine the operations of FedRAMP and determine ways that authorization processes can continuously be improved, including the following:

○ Measures to increase agency reuse of FedRAMP authorizations.

○ Proposed actions that can be adopted to reduce the burden, confusion, and cost associated with FedRAMP authorizations for cloud service providers (CSPs).

○ Measures to increase the number of FedRAMP authorizations for cloud computing products and services offered by small businesses concerns (as defined by section 3(a) of the Small Business Act (15 U.S.C. 632(a)).

○ Proposed actions that can be adopted to reduce the burden and cost of FedRAMP authorizations for agencies.

• Collect information and feedback on agency compliance with, and implementation of, FedRAMP requirements.
• Serve as a forum that facilitates communication and collaboration among the FedRAMP stakeholder community.

The FSCAC will meet no fewer than three (3) times each calendar year. Meetings shall occur as frequently as needed, called, and approved by the DFO. Meetings may be held virtually or in person. Members serve without compensation and may be allowed travel expenses, including per diem, in accordance with 5 U.S.C. 5703.

Membership

The Committee shall be comprised of not more than 15 members who are qualified representatives from the public and private sectors, appointed by the Administrator, in consultation with the Director of OMB, as follows:

i. The GSA Administrator or the GSA Administrator's designee, who shall be the Chair of the Committee.

ii. At least one representative each from the Cybersecurity and Infrastructure Security Agency and the National Institute of Standards and Technology.

iii. At least two officials who serve as the Chief Information Security Officer within an agency, who shall be required to maintain such a position throughout the duration of their service on the Committee.

iv. At least one official serving as Chief Procurement Officer (or equivalent) in an agency, who shall be required to maintain such a position throughout the duration of their service on the Committee.

v. At least one individual representing an independent assessment organization.

vi. At least five representatives from unique businesses that primarily provide cloud computing services or products, including at least two representatives from a small business (as defined by section 3(a) of the Small Business Act (15 U.S.C. 632(a))).

vii. At least two other representatives from the Federal Government as the Administrator determines to be necessary to provide sufficient balance, insights, or expertise to the Committee.

Each member shall be appointed for a term of three (3) years, except the initial terms, which were staggered into one (1), two (2) or three (3) year terms to establish a rotation in which one third of the members are selected. No member shall be appointed for more than two (2) consecutive terms nor shall any member serve for more than six (6) consecutive years. GSA encourages applications from individuals with a broad range of professional backgrounds, experiences, and viewpoints relevant to the committee's work.

Members will be designated as Regular Government Employees (RGEs) or Representative members as appropriate and consistent with Section 3616(d) of the FedRAMP Authorization Act of 2022. GSA's Office of General Counsel will assist the Designated Federal Officer (DFO) to determine the advisory committee member designations. Representatives are members selected to represent a specific point of view held by a particular group, organization, or association. Members who are full time or permanent part-time Federal civilian officers or employees shall be appointed to serve as Regular Government Employee (RGE) members. In accordance with OMB Final Guidance published in the Federal Register on October 5, 2011 and revised on August 13, 2014, federally registered lobbyists may not serve on the Committee in an individual capacity to provide their own individual best judgment and expertise, such as RGEs members. This ban does not apply to lobbyists appointed to provide the Committee with the views of a particular group, organization, or association, such as Representative members.

Applications

Applications are being accepted to fill the following open or upcoming open committee member positions in 2026:

• Two agency Chief Information Security Officer seats: Two open seats for federal officials who serve as the Chief Information Security Officer within an agency. Selected members must maintain such a position throughout the duration of their service on the Committee and will be appointed to serve a three-year term effective upon appointment.
• Two large cloud service provider seats: Two open seats as representatives of unique large businesses that primarily provide cloud computing products or services. One selection will be appointed to serve a three-year term effective upon appointment and one selection will be appointed to serve a three-year term beginning on or around July 31, 2026.
• One small business cloud service provider seat: One upcoming seat for a representative of a unique small business that primarily provides cloud computing products or services. The selected member will be appointed to serve a three-year term beginning on or around July 9, 2026.

Applications for membership on the Committee will be accepted until 5:00 p.m. Eastern Time on Friday, June 12, 2026.

( printed page 29961)

There are two parts to submitting an application. First, complete the information requested via this electronic form: https://docs.google.com/​forms/​d/​e/​1FAIpQLSd4Eh7luDrctPi_​ONYslpqoqBnRpHno9mppyKZ_​TgZPbYjSGg/​viewform?​usp=​sharing&​ouid=​109592692527580875505. Next, email your CV or resume and a letter of endorsement from your organization or organization's leadership, endorsing you to represent your company, in PDF format to fscac@gsa.gov with the subject line: FSCAC APPLICATION—[Applicant Name]. The letter of endorsement must come from your organization or organization's leadership. If you are the CEO, then it must come from another member of the executive team of your organization, as you cannot endorse yourself. The letter must be signed and specifically state that you are authorized to apply to FSCAC as a representative of your organization.

Applications that do not include the completion of the above instructions will not be considered.

Letters of Recommendation may also be submitted if desired by the applicant; however, please note they may or may not have an impact on final appointments and are not required for an application to be considered.

91 FR 29959