Countdown to America's 250th Anniversary:
An official website of the United States government
Here’s how you know
Official websites use .gov
A .gov website belongs to an official government organization in the United States.
Secure .gov websites use HTTPS
A lock
(
)
or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.
We encourage you to share your insights and perspectives with us by submitting a public comment. Your input is valuable!
We review public comments to inform our recommendations and ensure that FedRAMP remains effective and responsive to the evolving cloud security landscape. Public comments are essential to the Federal Advisory Committee Act, which ensures transparency, accountability, and public participation in the process by which federal agencies obtain advice and recommendations from expert groups.
We’ll post submitted comments for public review, typically within 3-5 business days. Our designated federal officer will review all comments before each scheduled public meeting and read relevant comments during the meeting. We’ll share all comments with committee members prior to the next scheduled meeting. Please note that while we consider all comments, we may not be able to respond to each one individually.
We appreciate your contributions!
| Date | Name | Public comment |
|---|---|---|
| 6/3/2026 | Kim Hernandez | TekRamp is a women-led, USAF veteran-founded company building an OSCAL-native FedRAMP and CMMC compliance platform. We submit this comment as a CSP-side tooling developer with a direct stake in the success of FedRAMP modernization. With CR26 publishing this month and FedRAMP 20x advancing a machine-readable, KSI-driven model, the tooling layer that produces and maintains authorization artifacts becomes structurally important to the program’s goals. Three observations for the Committee’s consideration: The re-authoring tax is the real barrier for small CSPs. The friction is less in the controls than in producing SSP narratives, evidence, and assessment responses as static documents and rebuilding them for each assessment and agency. A machine-readable mandate only delivers its efficiency if the data model is authored once and reused — not exported to OSCAL after the fact. Continuous monitoring and initial authorization are still separate workflows. Building ConMon on the same data model as the SSP, rather than as parallel spreadsheets, is where 20x’s automation potential is realized or lost. Multi-party collaboration remains email- and document-bound. Modernization that addresses the shared workspace among CSP, 3PAO, and agency, not just the file format, would meaningfully lower the barrier for resource-constrained CSPs. Especially with our companion AI built into the process to help anyone secure their software or offering to the standard of FedRAMP with practical steps and agentic implementation is the exact modernization that would enable our governmnet be more effective. We would welcome the chance to provide more detailed written input on OSCAL-native workflows and reusable-evidence models, and to serve as a CSP-side resource as the Committee weighs implementation. Our interest is in making the OSCAL ecosystem work end-to-end for small CSPs. Thank you for the Committee’s work supporting secure cloud adoption. |
| 5/11/2026 | Kim Hernandez | The Federal Secure Cloud Advisory Committee’s mandate to advise on FedRAMP modernization aligns with several policy questions worth surfacing from the perspective of small and emerging CSPs. For context, I am the founder of TekRamp, an OSCAL-native FedRAMP and CMMC compliance acceleration platform, currently with three federal-cyber design partners on paid pilots. The observations below come from direct work alongside CSPs navigating the authorization process today. 1. The OSCAL readiness gap is wider than program documentation suggests. FedRAMP 20x and the CR26 machine-readable mandate set the right strategic direction, but the operational reality across CSPs, 3PAOs, and agency reviewers is still Word documents and email attachments. The tooling layer — workspaces that produce OSCAL-native packages natively rather than as a post-hoc export — is years behind the policy. The Committee may wish to advise the PMO on realistic sequencing of the machine-readable mandate, paired with ecosystem-wide investment in OSCAL-native tooling and 3PAO assessor readiness. 2. Evidence reuse is the highest-leverage policy lever the Committee can advocate for. Today, every CSP authoring its package builds evidence artifacts from scratch — even where the same controls and the same evidence types apply across hundreds of CSPs. A FedRAMP-blessed framework for evidence reuse across CSPs (or within a CSP across multiple offerings) would materially reduce the 18-month, $2M authorization burden that disproportionately blocks small and emerging CSPs from federal markets. 3. The CMMC–FedRAMP alignment opportunity is time-bound. With CMMC enforcement beginning November 2026 and CR26 publishing this June, the federal cloud and DIB compliance ecosystems are converging on a shared evidence model. The Committee is well-positioned to advise the PMO on shared OSCAL primitives between FedRAMP and CMMC — eliminating duplicate work for CSPs that serve both pipelines and removing one of the most common obstacles small contractors cite for not pursuing federal markets. I would welcome the opportunity to contribute written input in greater depth or to brief the Committee directly. As an early-stage company building tooling in this space, my interest is in making the OSCAL ecosystem work end-to-end across vendors, assessors, and agencies. Thank you for the Committee’s work supporting secure cloud adoption across federal government. |
Error, The Per Diem API is not responding. Please try again later.
No results could be found for the location you've entered.
Rates for Alaska, Hawaii, and U.S. territories and possessions are set by the Department of Defense.
Rates for foreign countries are set by the Department of State.
Rates are available between 10/1/2023 and 09/30/2026.
The End Date of your trip can not occur before the Start Date.
Traveler reimbursement is based on the location of the work activities and not the accommodations, unless lodging is not available at the work activity, then the agency may authorize the rate where lodging is obtained.
Unless otherwise specified, the per diem locality is defined as "all locations within, or entirely surrounded by, the corporate limits of the key city, including independent entities located within those boundaries."
Per diem localities with county definitions shall include"all locations within, or entirely surrounded by, the corporate limits of the key city as well as the boundaries of the listed counties, including independent entities located within the boundaries of the key city and the listed counties (unless otherwise listed separately)."
When a military installation or Government - related facility(whether or not specifically named) is located partially within more than one city or county boundary, the applicable per diem rate for the entire installation or facility is the higher of the rates which apply to the cities and / or counties, even though part(s) of such activities may be located outside the defined per diem locality.
U.S. General Services Administration