Update governance.html

updating content about TAG and board

_layouts/governance.html

@@ -110,33 +110,36 @@ <h2  class="margin-top-1">Who makes up FedRAMP within the government?</h2>
 				<div class="full-row grid-row grid-gap auth-resources-row">
 					<h3>The FedRAMP Board</h3>
 					<p>A body of federal executives that are responsible for reviewing and approving FedRAMP policies, and for bringing together their fellow federal technology leaders to expand FedRAMP’s capacity for authorizing cloud services.</p>
-					<p>The FedRAMP Board is defined in 44 USC 3610 and reinforced in M-24-15. See below for more information.</p>					
+					<p>The FedRAMP Board is defined in <a href="https://uscode.house.gov/view.xhtml?req=granuleid:USC-prelim-title44-section3610&num=0&edition=prelim#futureamendment-note" target="_blank" rel="noopener noreferrer">44 USC 3610</a> and reinforced in <a href="https://www.whitehouse.gov/omb/management/ofcio/m-24-15-modernizing-the-federal-risk-and-authorization-management-program-fedramp/" target="_blank" rel="noopener noreferrer">M-24-15</a>.</p>					
 					<div class="full-col tablet:grid-col-10 padding-right-4">
-						<p><b>44 USC 3610</b></p>
+						<p><b><a href="https://uscode.house.gov/view.xhtml?req=granuleid:USC-prelim-title44-section3610&num=0&edition=prelim#futureamendment-note" target="_blank" rel="noopener noreferrer">44 USC 3610</a></b></p>
 						<p><em>“to provide input and recommendations to the Administrator regarding the requirements and guidelines for, and the prioritization of, security assessments of cloud computing products and services.”</em></p>
-						<p><b>M-24-15</b></p>
-						<p><em>“Structurally, FedRAMP consists of two parts: the PMO and the FedRAMP Board. The PMO, located within GSA and led by the FedRAMP Director, is responsible for operating a security authorization process that meets the needs of Federal agencies, provides a navigable experience for CSPs, and complies with applicable laws and policies, including this memorandum. The FedRAMP Board, composed of Federal technology leaders appointed by OMB, provides input to GSA, establishes guidelines and requirements for security authorizations, consistent with relevant standards and guidelines of NIST, and supports and promotes the program within the Federal community.“</em></p>
+						<p><b><a href="https://www.whitehouse.gov/omb/management/ofcio/m-24-15-modernizing-the-federal-risk-and-authorization-management-program-fedramp/" target="_blank" rel="noopener noreferrer">M-24-15</a>.</b></p>
+						<p><em>“The FedRAMP Board, composed of Federal technology leaders appointed by OMB, provides input to GSA, establishes guidelines and requirements for security authorizations, consistent with relevant standards and guidelines of NIST, and supports and promotes the program within the Federal community.“</em></p>
 					</div>
 				</div>
 			</div>
 			<div class="full-col tablet:grid-offset-1 tablet:grid-col-10 padding-4 margin-bottom-4 white-bkg auth-resources">	
 				<div class="full-row grid-row grid-gap auth-resources-row">
 					<h3>The Federal Secure Cloud Advisory Committee (FSCAC)</h3>
 					<p>An independent advisory body with government and private-sector members that makes recommendations to GSA on making FedRAMP a more effective program.</p>
-					<p>More about the FSCAC can be found in 44 USC 3610, M-24-15, and FSCAC's web page.</p>					
+					<p>More about the FSCAC can be found in <a href="https://uscode.house.gov/view.xhtml?req=granuleid:USC-prelim-title44-section3616&num=0&edition=prelim#futureamendment-note" target="_blank" rel="noopener noreferrer">44 USC 3616</a></b>, <a href="https://www.whitehouse.gov/omb/management/ofcio/m-24-15-modernizing-the-federal-risk-and-authorization-management-program-fedramp/" target="_blank" rel="noopener noreferrer">M-24-15</a>, and <a href="https://www.gsa.gov/technology/government-it-initiatives/federal-secure-cloud-advisory-committee" target="_blank" rel="noopener noreferrer">FSCAC's web page</a>.</p>					
 					<div class="full-col tablet:grid-col-10 padding-right-4">
-						<p><b>44 USC 3610</b></p>
+						<p><b><a href="https://uscode.house.gov/view.xhtml?req=granuleid:USC-prelim-title44-section3616&num=0&edition=prelim#futureamendment-note" target="_blank" rel="noopener noreferrer">44 USC 3616</a></b></p>
 						<p><em>“ensure effective and ongoing coordination of agency adoption, use, authorization, monitoring, acquisition, and security of cloud computing products and services to enable agency mission and administrative priorities.”</em></p>
+
+						<p><b><a href="https://www.whitehouse.gov/omb/management/ofcio/m-24-15-modernizing-the-federal-risk-and-authorization-management-program-fedramp/" target="_blank" rel="noopener noreferrer">M-24-15</a>.</b></p>
+						<p><em>“...GSA and the FedRAMP Board should engage with industry, through the FSCAC and other mechanisms as appropriate...“</em></p>
 					</div>
 				</div>
 			</div>
 			<div class="full-col tablet:grid-offset-1 tablet:grid-col-10 padding-4 white-bkg auth-resources">	
 				<div class="full-row grid-row grid-gap auth-resources-row">
 					<h3>The FedRAMP Technical Advisory Group (TAG)</h3>
 					<p>An advisory body made up of federal employees with significant practical experience and expertise in modern cloud technology. The Technical Advisory Group provides advice to FedRAMP and the FedRAMP Board as requested.</p>
-					<p>More about the TAGC can be found in  M-24-15.</p>					
+					<p>More about the TAGC can be found in <a href="https://www.whitehouse.gov/omb/management/ofcio/m-24-15-modernizing-the-federal-risk-and-authorization-management-program-fedramp/" target="_blank" rel="noopener noreferrer">M-24-15</a>.</b>.</p>					
 					<div class="full-col tablet:grid-col-10 padding-right-4">
-						<p><b>44 USC 3610</b></p>
+						<p><b><a href="https://www.whitehouse.gov/omb/management/ofcio/m-24-15-modernizing-the-federal-risk-and-authorization-management-program-fedramp/" target="_blank" rel="noopener noreferrer">M-24-15</a>.</b></b></p>
 						<p><em>“OMB and GSA will establish a Technical Advisory Group (TAG) to provide additional subject matter expertise to FedRAMP. The FedRAMP TAG will consist of a team of Federal practitioners not directly associated with the FedRAMP program that will provide advice and insights to FedRAMP on an as-needed basis. The TAG is not a governance body and only provides technical advice on pre-decisional information and situations, making it distinct from the FSCAC or the FedRAMP Board.”</em></p>
 					</div>
 				</div>