Compliance community
Cloud.gov and the compliance community
Part of the mission of cloud.gov is to improve cloud adoption across the U.S. government, irrespective of vendor. In that vein, we support the FedRAMP®️ Compliance Practitioner Community of Practice, an email listserv supported by GSA’s Digital.gov.
The goal of the community is to bring together people working on FedRAMP compliance to address common questions and concerns. We strive to maintain an inclusive, professional community that engages in on-topic discussions. The community is not associated with the FedRAMP Program Management Office.
By voluntarily participating in this community, you are agreeing to abide by these guidelines and the TTS code of conduct. If you do not agree, email us at community@cloud.gov, and we will unsubscribe you from the LISTSERV mailing list.
When GSA becomes aware of alleged violations of the guidelines or code of conduct, we will review and evaluate the incident and determine an appropriate course of action. In accordance with GSA’s policies and legal guidance, the cloud.gov team implements this process.
Courses of action include:
- taking no action,
- sending a reminder for infractions, and
- issuing a first or second notice for violations.
Severe or repeated violations may result in temporary or permanent removal from the community.
Email us at community@cloud.gov to report an alleged violation.
Who can join?
The community is open to:
- compliance staff at CSPs listed in the FedRAMP Marketplace as authorized or in-process
- compliance staff at CSPs pursuing authorization per their public statements (website, pdf)
- contracted staff dedicated to supporting FedRAMP authorization for client CSPs
The cloud.gov compliance team will approve memberships based on eligibility evidence.
How to join?
Send an email to community@cloud.gov providing:
- Your name and role
- CSP name and FedRAMP status
- Statement of interest (required if your CSP is not on the marketplace)
Your communications are not private
As a federal agency, GSA is subject to records access requests such as the Freedom of Information Act (FOIA). We must comply with requests for records made under FOIA. All communications made on the mailing lists are subject to release under FOIA, or potentially compromised by an adversary. We are not in a position to background check participants beyond a cursory CSP domain validation.
Follow the ground rules
We all have a responsibility to ensure the community is a safe space for everyone and free from harassment. It is appropriate to have and express differing opinions, as long as they are expressed in a respectful manner.
When dealing with sensitive topics or during disagreements, written statements can often sound more aggressive than when we speak them out loud. Review your message before pressing send. Think about how it may appear to its recipients. Remember, each message goes to thousands of people. When in doubt, don’t send it out.
Words matter. Choose words that create a safe, inclusive, respectful, and welcoming environment. Take a look at the following resources on inclusive language for additional information.
- Inclusive language guidelines - American Psychological Association
- Inclusive language - 18F Content Guide
- Preferred terms for select population groups and communities - Centers for Disease Control and Prevention.
When participating in the community, community members must follow the ground rules for discussions
| Preferred behavior | Discouraged behavior |
|---|---|
| Understand that you are participating in a professional community. | Don’t conduct yourself in a way that’s unbecoming of your organization. |
| Respect your colleagues. Always assume the best of others. | Don’t make personal attacks. |
| Be patient. Understand that community members have various experience levels. | Don’t be condescending or talk down to other people. |
| Listen carefully and actively. Listen as much as you speak. | Don’t disrupt meetings, talks, or discussions, including mailing lists and chats. |
| Review your message before pressing send. | Don’t use inappropriate language, images, or emojis. Don’t reply-all if your message may clutter other members’ inboxes. |
| Share your objective experiences with tools or techniques | Don’t endorse products or services or appear to recommend them in your professional capacity. |
| Keep the conversation relevant and stay on point. Start a new thread if needed. Give others the time and space to participate. | Don’t dominate conversations. Don’t interrupt or talk over other people. |
| Respect members’ real, lived experiences. Recognize that people face systemic discrimination in a multitude of ways. | Don’t belittle others to make your point. |
| Take legal questions to your organizations’s lawyers. | Don’t seek legal advice from the community. Don’t take conversations or shared experiences as interpretations of federal laws and policies. |
| Treat other people’s identities and cultures with respect. Spell and say their name correctly and use their pronouns. | Don’t make derogatory comments on race, color, sex, sexual orientation, gender identity, religion, national origin, age, disability, genetic information, marital status, parental status, political affiliation, or appearance. |
| Ensure the community is free from harassment, including sexual harassment and sexual misconduct. | Don’t harass anyone. This includes, but is not limited to, retaliating against anyone who files a complaint. |
| Remember that everything you write on the mailing list is a federal record and subject to release under FOIA. | Don’t assume your communications are private. |
| Use plain language. | Don’t use confusing or overly technical language. |
Manage your mailing list subscription
Email us at community@cloud.gov and we’ll help you manage your LISTSERV subscription. The most common requests are to:
- receive a daily digest (instead of each individual message),
- access the mailing list archive, and
- unsubscribe.
When you email us, please include the name of the community and what you’d like to update.
