Merge pull request #883 from GSA/sa-governance

Updated governance page / force merge
GSA · Dec 10, 2024 · e90144e · e90144e
2 parents 1059720 + be511a4
commit e90144e
Show file tree

Hide file tree

Showing 5 changed files with 119 additions and 82 deletions.
diff --git a/_layouts/governance.html b/_layouts/governance.html
@@ -5,13 +5,12 @@
 	<div class="grid-container">
 		<div class="full-row grid-row padding-top-2">
 			<div class="full-col">
-				<h2 class="">How FedRAMP<sup>®</sup> is Governed</h2>
 			</div>
 		</div>
 		<div class="full-row grid-row tablet:padding-top-2 grid-gap">
 			<div class="full-col">
 				<div class="intro-text">
-					<p>FedRAMP is governed by different executive branch entities that work in a collaborative manner to develop, manage, and operate the program. The governing entities of FedRAMP include:</p>
+					<p>The Federal Risk and Authorization Management Program operates in a complex matrix of shared or distributed responsibilities across the federal government. Learn more about who is involved, their responsibilities, and how they interact with FedRAMP.</p>
 
 				</div>
 			</div>
@@ -25,87 +24,126 @@ <h2 class="">How FedRAMP<sup>®</sup> is Governed</h2>
 
 
 
-<section class="teal-bkg fedramp-page-container">
-	<div class="grid-container">
-		<div class="full-row grid-row padding-bottom-4">
-			<div class="full-col padding-x-2 tablet:padding-x-8 padding-y-4 desktop:grid-col-12 white-bkg">
-				<div class="full-row grid-row">
-					<div class="full-col tablet:grid-col-8 tablet:grid-offset-2 tablet-lg:grid-col-6 tablet-lg:grid-offset-3 desktop:grid-col-4 desktop:grid-offset-4">
-							<div class="grid-row">
-								<div class="grid-col-4">
-									<div class="authorization-phase-icon">
-										<img class="home-partners-icon" src="{{site.baseurl}}/assets/img/governance-dhs.svg" alt="">
-									</div>
-								</div>
-								<div class="grid-col-4">
-									<div class="authorization-phase-icon">
-										<img class="home-partners-icon" src="{{site.baseurl}}/assets/img/governance-gsa.svg" alt="">
-									</div>
-								</div>
-								<div class="grid-col-4">
-									<div class="authorization-phase-icon">
-										<img class="home-partners-icon" src="{{site.baseurl}}/assets/img/governance-dod.svg" alt="">
-									</div>
-								</div>
-							</div>
+<section class="fedramp-page-container lightest-gray-bkg">
+	<div class="grid-container partners-callout">
+		<div class="full-row grid-row ">
+				<div class="full-col desktop:grid-col-12">
+					<div class="padding-2">
+						<p class="text-left">When applicable, FedRAMP coordinates among the key entities who make up the operation of the program itself and represents them in interactions with FedRAMP stakeholders. Each entity will interact with different groups related to FedRAMP.</p>
 					</div>
-				</div>	
-				<h3 class="center no-line margin-top-0 margin-bottom-3">FedRAMP Board <em>previously the Joint Authorization Board (JAB)</em></h3>
-				<p>The FedRAMP Board as established by the FedRAMP Authorization Act will operate as the current state JAB until further guidance is provided by OMB and the Board Charter is revised accordingly.</p>
-				<p class="margin-top-0">The JAB is the primary governance and decision-making body for FedRAMP. The JAB consists of the Chief Information Officers from the Department of Defense (DoD), the Department of Homeland Security (DHS), and the General Services Administration (GSA). The JAB is responsible for&#58;</p>
-				<ul class="red-bullets">
-					<li>Defining and regularly updating the FedRAMP security authorization requirements</li>
-					<li>Approving accreditation criteria for Third Party Assessment Organizations (3PAOs)</li>
-					<li>Reviewing authorization packages for cloud services based on the priority queue</li>
-					<li>Granting provisional authorizations for cloud services that can be used as an initial approval that Executive departments and agencies leverage in granting security authorizations and an accompanying Authority to Operate (ATO) for use</li>
-					<li>Ensuring that provisional authorizations are reviewed and updated regularly and notify Executive departments and agencies of any changes to provisional authorizations including removal of such authorizations</li>
-					<li>Establishing and publishing priority queue requirements for authorization package reviews</li>
-				</ul>
+				</div>
 			</div>
-		</div>
+			<div class="full-row grid-row grid-gap fedramp-pilots-card">
+				<div class="full-col desktop:grid-col-4 margin-bottom-4">
+					<div class="padding-2 red-bkg text-white text-center gov-card-head">
+						<h4>Cloud service providers (CSPs):</h4>
+					</div>
+					<div class="white-bkg padding-2 minh-card-lg">
+						<ul class="red-bullets">
+						<li>FedRAMP</li>
+						<li>The Office of the Chief Information Officer at any agency who intends to use your offering</li>
+						<li>The 3PAO contracted to provide independent assessment of your offering</li>
+						</ul>
+					</div>
+				</div>
 
-		<div class="grid-row">
-			<div class="desktop:grid-col-3">
-				<div class="governance-card padding-4 desktop:margin-right-2">
-					<div class="authorization-phase-icon">
-						<img class="home-partners-icon" src="{{site.baseurl}}/assets/img/governance-omb.svg" alt="">
-					</div>	
-					<h3 class="center margin-top-0">Office of Management and Budget (OMB)</h3>
-					<p>The governing body that issued the FedRAMP policy memo which defines the key requirements and capabilities of the program.</p>
+				<div class="full-col desktop:grid-col-4 margin-bottom-4">
+					<div class="padding-2 teal-bkg text-white text-center gov-card-head">
+						<h4>Government agencies:</h4>
+					</div>
+					<div class="white-bkg padding-2 minh-card-lg">
+						<ul class="red-bullets">
+						<li>FedRAMP</li>
+						<li>The CSP who operates the offering</li>
+						<li>The 3PAO contracted by the CSP to assess the offering</li>
+						</ul>
+					</div>
 				</div>
-
+
+				<div class="full-col desktop:grid-col-4 margin-bottom-4">
+					<div class="padding-2 blue-bkg text-white text-center gov-card-head">
+						<h4>Third party assessment organizations (3PAOs):</h4>
+					</div>
+					<div class="white-bkg padding-2 minh-card-lg">
+						<ul class="red-bullets">
+						<li>FedRAMP</li>
+						<li>The CSP who operates the offering</li>
+						<li>The Office of the Chief Information Officer at any agency who intends to use the offering you are assessing</li>
+							</ul>
+					</div>
+
 			</div>
-			<div class="desktop:grid-col-3">
-				<div class="governance-card padding-4 desktop:margin-x-2">
-					<div class="authorization-phase-icon">
-						<img class="home-partners-icon" src="{{site.baseurl}}/assets/img/governance-cio-council.svg" alt="">
+		</div>
+	</div>
+
+</section>
+
+<section class="fedramp-page-container in-page-nav-section in-page-nav-section-horizontal training-courses">
+		<div class="grid-container">
+
+	<div class="full-row grid-row">
+            <div class="full-col desktop:grid-col-12 padding-3">
+              <h2  class="margin-top-1">Who makes up FedRAMP within the government?</h2>
+                <p><FedRAMP coordinates with multiple groups who represent various interests and who play complementary roles within the FedRAMP ecosystem. These groups are:</p>
+			<ul class="red-bullets">
+				<li>The FedRAMP Board</li>
+				<li>The FedRAMP Technical Advisory Group</li>
+				<li><a href="https://www.gsa.gov/technology/government-it-initiatives/federal-secure-cloud-advisory-committee" target="_blank" rel="noopener noreferrer">The Federal Secure Cloud Advisory Committee (FSCAC)</a></li>
+				<li><a href="https://www.gsa.gov/" target="_blank" rel="noopener noreferrer">The General Services Administration</a></li>
+				<li><a href="https://www.whitehouse.gov/omb/" target="_blank" rel="noopener noreferrer">The Office of Management and Budget (OMB) within the Executive Office of the President</a></li>
+				<li><a href="https://www.dhs.gov/" target="_blank" rel="noopener noreferrer">The Department of Homeland Security (DHS)</a></li>
+				<li><a href="https://www.cisa.gov/" target="_blank" rel="noopener noreferrer">The Cybersecurity and Infrastructure Security Agency (CISA) within the Department of Homeland Security</a></li>
+				<li><a href="https://www.nist.gov/" target="_blank" rel="noopener noreferrer">The National Institute of Standards and Technology (NIST) within the Department of Commerce</a></li>
+				<li><a href="https://www.cio.gov/" target="_blank" rel="noopener noreferrer">The Chief Information Officers Council</a></li>
+				<li><a href="https://www.acquisition.gov/cao-home" target="_blank" rel="noopener noreferrer">The Chief Acquisition Officers Council</a></li>
+			</ul>
+
+		</div>
+	</div>
+		</div>
+</section>
+
+<section class="lightest-gray-bkg fedramp-page-container">
+	<div class="grid-container">
+		<div class="full-row grid-row grid-gap">
+			<div class="full-col tablet:grid-offset-1 tablet:grid-col-10 padding-4 margin-bottom-4 white-bkg auth-resources">
+				<div class="full-row grid-row grid-gap auth-resources-row">
+					<h3>The FedRAMP Board</h3>
+					<p>A body of federal executives that are responsible for reviewing and approving FedRAMP policies, and for bringing together their fellow federal technology leaders to expand FedRAMP’s capacity for authorizing cloud services.</p>
+					<p>The FedRAMP Board is defined in <a href="https://uscode.house.gov/view.xhtml?req=granuleid:USC-prelim-title44-section3610&num=0&edition=prelim#futureamendment-note" target="_blank" rel="noopener noreferrer">44 USC 3610</a> and reinforced in <a href="https://www.whitehouse.gov/omb/management/ofcio/m-24-15-modernizing-the-federal-risk-and-authorization-management-program-fedramp/" target="_blank" rel="noopener noreferrer">M-24-15</a>.</p>					
+					<div class="full-col tablet:grid-col-10 padding-right-4">
+						<p><b><a href="https://uscode.house.gov/view.xhtml?req=granuleid:USC-prelim-title44-section3610&num=0&edition=prelim#futureamendment-note" target="_blank" rel="noopener noreferrer">44 USC 3610</a></b></p>
+						<p><em>“to provide input and recommendations to the Administrator regarding the requirements and guidelines for, and the prioritization of, security assessments of cloud computing products and services.”</em></p>
+						<p><b><a href="https://www.whitehouse.gov/omb/management/ofcio/m-24-15-modernizing-the-federal-risk-and-authorization-management-program-fedramp/" target="_blank" rel="noopener noreferrer">M-24-15</a></b></p>
+						<p><em>“The FedRAMP Board, composed of Federal technology leaders appointed by OMB, provides input to GSA, establishes guidelines and requirements for security authorizations, consistent with relevant standards and guidelines of NIST, and supports and promotes the program within the Federal community.“</em></p>
 					</div>
-					<h3 class="center margin-top-0">Chief Information Officer (CIO) Council</h3>
-					<p>Disseminates FedRAMP information to Federal CIOs and other representatives through cross-agency communications and events.</p>
 				</div>
 			</div>
-			<div class="desktop:grid-col-3">
-				<div class="governance-card padding-4 desktop:margin-left-2">
-					<div class="authorization-phase-icon">
-						<img class="home-partners-icon nist-logo" src="{{site.baseurl}}/assets/img/governance-nist.svg" alt="">
+			<div class="full-col tablet:grid-offset-1 tablet:grid-col-10 padding-4 margin-bottom-4 white-bkg auth-resources">	
+				<div class="full-row grid-row grid-gap auth-resources-row">
+					<h3>The Federal Secure Cloud Advisory Committee (FSCAC)</h3>
+					<p>An independent advisory body with government and private-sector members that makes recommendations to GSA on making FedRAMP a more effective program.</p>
+					<p>More about the FSCAC can be found in <a href="https://uscode.house.gov/view.xhtml?req=granuleid:USC-prelim-title44-section3616&num=0&edition=prelim#futureamendment-note" target="_blank" rel="noopener noreferrer">44 USC 3616</a></b>, <a href="https://www.whitehouse.gov/omb/management/ofcio/m-24-15-modernizing-the-federal-risk-and-authorization-management-program-fedramp/" target="_blank" rel="noopener noreferrer">M-24-15</a>, and <a href="https://www.gsa.gov/technology/government-it-initiatives/federal-secure-cloud-advisory-committee" target="_blank" rel="noopener noreferrer">FSCAC's web page</a>.</p>					
+					<div class="full-col tablet:grid-col-10 padding-right-4">
+						<p><b><a href="https://uscode.house.gov/view.xhtml?req=granuleid:USC-prelim-title44-section3616&num=0&edition=prelim#futureamendment-note" target="_blank" rel="noopener noreferrer">44 USC 3616</a></b></p>
+						<p><em>“ensure effective and ongoing coordination of agency adoption, use, authorization, monitoring, acquisition, and security of cloud computing products and services to enable agency mission and administrative priorities.”</em></p>
+
+						<p><b><a href="https://www.whitehouse.gov/omb/management/ofcio/m-24-15-modernizing-the-federal-risk-and-authorization-management-program-fedramp/" target="_blank" rel="noopener noreferrer">M-24-15</a></b></p>
+						<p><em>“...GSA and the FedRAMP Board should engage with industry, through the FSCAC and other mechanisms as appropriate...“</em></p>
 					</div>
-					<h3 class="center margin-top-0">National Institute for Standards and Technology (NIST)</h3>
-					<p>Advises FedRAMP on Federal Information Security Modernization Act (FISMA) compliance requirements.</p>
 				</div>
-
 			</div>
-
-			<div class="desktop:grid-col-3">
-				<div class="governance-card padding-4 desktop:margin-left-2">
-					<div class="authorization-phase-icon">
-						<img class="home-partners-icon" src="{{site.baseurl}}/assets/img/FSCAC-stacked-logo.png" alt="">
+			<div class="full-col tablet:grid-offset-1 tablet:grid-col-10 padding-4 white-bkg auth-resources">	
+				<div class="full-row grid-row grid-gap auth-resources-row">
+					<h3>The FedRAMP Technical Advisory Group (TAG)</h3>
+					<p>An advisory body made up of federal employees with significant practical experience and expertise in modern cloud technology. The Technical Advisory Group provides advice to FedRAMP and the FedRAMP Board as requested.</p>
+					<p>More about the TAG can be found in <a href="https://www.whitehouse.gov/omb/management/ofcio/m-24-15-modernizing-the-federal-risk-and-authorization-management-program-fedramp/" target="_blank" rel="noopener noreferrer">M-24-15</a>.</b></p>					
+					<div class="full-col tablet:grid-col-10 padding-right-4">
+						<p><b><a href="https://www.whitehouse.gov/omb/management/ofcio/m-24-15-modernizing-the-federal-risk-and-authorization-management-program-fedramp/" target="_blank" rel="noopener noreferrer">M-24-15</a></b></b></p>
+						<p><em>“OMB and GSA will establish a Technical Advisory Group (TAG) to provide additional subject matter expertise to FedRAMP. The FedRAMP TAG will consist of a team of Federal practitioners not directly associated with the FedRAMP program that will provide advice and insights to FedRAMP on an as-needed basis. The TAG is not a governance body and only provides technical advice on pre-decisional information and situations, making it distinct from the FSCAC or the FedRAMP Board.”</em></p>
 					</div>
-					<h3 class="center margin-top-0">Federal Secure Cloud Advisory Committee (FSCAC)</h3>
-					<p>Provides advice and recommendations to the GSA Administrator, the FedRAMP Board, and agencies on technical, financial, programmatic, and operational matters regarding secure adoption of cloud computing products and services.</p>
 				</div>
-
 			</div>
 		</div>
 	</div>
-
 </section>
diff --git a/_sass/_pages.scss b/_sass/_pages.scss
@@ -1313,4 +1313,8 @@ div.highlight .ln, div.highlight .lnt {
 	background-image: url('../../assets/img/draft.png');
 	background-position: top center;
 	background-repeat: repeat-y;
+}
+
+.gov-card-head {
+	min-height: 5em;
 }
diff --git a/pages/updates/changelog.md b/pages/updates/changelog.md
@@ -9,6 +9,13 @@ summary:
 
 # Fiscal Year 2025 (FY25)
 
+## December, 2024 (FY25 Q1)
+
+- 2024-12-10: Updated content on [Governance page](/governance) to accurately
+  explain various FedRAMP stakeholders after changes in M-24-15.
+- 2024-12-06: Updated content on [the FedRAMP Platform](/updates/platform) to
+  show current progress.
+
 ## November, 2024 (FY25 Q1)
 
 - 2024-11-07: Modified web page to host a clear Updates & Priorities section.

diff --git a/pages/updates/docs/cryptographic-module.md b/pages/updates/docs/cryptographic-module.md
@@ -1,6 +1,6 @@
 ---
 layout: cryptographic-module
-title: FedRAMP DRAFT Policy for Cryptographic Module Selection and Use
+title: FedRAMP Policy for Cryptographic Module Selection and Use
 tab-title: Cryptographic Module
 permalink: /updates/docs/cryptographic-module/
 redirect_from:

diff --git a/pages/updates/jab-transition.md b/pages/updates/jab-transition.md
@@ -1,12 +0,0 @@
----
-layout: base-markdown
-title: JAB Transition
-tab-title: JAB Transition
-permalink: /updates/jab/
-summary: 
----
-
-This content is still going through review and approval for release.
-
-
-