Cloud computing opens new questions for procurements

The General Services Administration is figuring out what its options are now that the Government Accountability Office has sustained a protest of GSA's solicitation for cloud computing services.

“We are currently reviewing the GAO’s recommendation that GSA clarify the requirements language in the two sustained protest grounds,” Steve Kempf, commissioner of GSA’s Federal Acquisition Service, said in a statement.

GAO sustained a protest by two companies that challenged where a data center storing government information should be located. As reported in FCW sister publication Washington Technology, the companies argued that GSA’s solicitation, which requires vendors to locate their data services in “designated countries,” based on the Trade Agreements Act, unduly restricts competition. They also said the requirement has no basis in law or regulation.

GAO agreed.

“We conclude that GSA has failed to proffer an adequate explanation for limiting non-U.S. based data centers to those countries listed as designated countries,” GAO wrote.

GAO said GSA should amend the solicitation to reflect its actual needs concerning non-U.S. data center locations. GAO also sustained another protest regarding a clarification of a term in the solicitation.

Kempf said GSA officials will “make a decision on corrective action following a thorough review of the GAO’s decision.”

About the Author

Matthew Weigelt is a freelance journalist who writes about acquisition and procurement.

The Fed 100

Read the profiles of all this year's winners.


  • Shutterstock image (by wk1003mike): cloud system fracture.

    Does the IRS have a cloud strategy?

    Congress and watchdog agencies have dinged the IRS for lacking an enterprise cloud strategy seven years after it became the official policy of the U.S. government.

  • Shutterstock image: illuminated connections between devices.

    Who won what in EIS

    The General Services Administration posted detailed data on how the $50 billion Enterprise Infrastructure Solutions contract might be divvied up.

  • Wikimedia Image: U.S. Cyber Command logo.

    Trump elevates CyberCom to combatant command status

    The White House announced a long-planned move to elevate Cyber Command to the status of a full combatant command.

  • Photo credit: John Roman Images /

    Verizon plans FirstNet rival

    Verizon says it will carve a dedicated network out of its extensive national 4G LTE network for first responders, in competition with FirstNet.

  • AI concept art

    Can AI tools replace feds?

    The Heritage Foundation is recommending that hundreds of thousands of federal jobs be replaced by automation as part of a larger government reorganization strategy.

  • DOD Common Access Cards

    DOD pushes toward CAC replacement

    Defense officials hope the Common Access Card's days are numbered as they continue to test new identity management solutions.

Reader comments

Thu, Oct 20, 2011

GSA, if you are reading this... there is a partial solution to the problem where GAO disallowed your methodology for limiting cloud data centers in certain countries. Your RFP contains requirements for cryptography, which generally is subject to export control restrictions for certain rogue states (Cuba, Iran, Libya, North Korea, Syria, Sudan, etc). A vendor likely cannot meet the solictation's requirements for implementation of cryptography if they cannot export crypto technology to their data centers. And for EZGovOpps, you would understand why data centers in foreign countries are a concern if you understood network and application security and the threat of foreign actors who routinely target U.S. Government data. The benefits of cloud computing do not change the fact that the government has a legitimate interest in protecting the confidentiality and integrity of sensitive data.

Wed, Oct 19, 2011

Cloud computing technology should be embraced and encouraged in as many areas of business as possible, including B2B and B2G, and with as few unnecessary regulations as possible. Providers of cloud-based computing services and products have extensive security measures in place. Because of its affordability and efficiency, Cloud technology --- even with data services in locations other than the “designated countries” --- helps small businesses stay competitive in the government market. Absent any legitimate security concerns, I cannot understand why government contractors would have to be limited on which non-U.S. based data centers they can use for their data services. Allowing this requirement would definitely place an undue restriction on vendors competing for government contracts.

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group