Cloud

GSA wants feedback on cloud contract language

Shutterstock image: cloud interface. 

When federal agencies acquire cloud services and products, they write requirements set under the Federal Risk and Authorization Management Program into their contracts. Unfortunately, sometimes those requirements are inconsistent or unclear.

To help agencies improve their cloud services contracts, the General Services Administration's Secure Cloud Portfolio division wants feedback from industry on agency attempts to enforce requirements via contract language.

General cloud service acquisitions can be derailed by confusion over deployment, portability, interoperability, data ownership, migration issues and integration with legacy systems. The request for information asks for specific examples of both effective and problematic contract language as well as suggestions on how to incorporate cloud services into different contract vehicles for direct solicitations, resellers and system integrators.

The FedRAMP process faces some similar issues but also suffers from confusion regarding the roles and responsibilities of vendors and their sponsoring agencies. Issues can arise when dealing with security assessments, FedRAMP requirements timelines and communication with agency officials over problems that develop. GSA wants examples that clearly delineate the roles and responsibilities and requirements federal agencies and vendors play when addressing FedRAMP requirements.

GSA also wants examples of clear and problematic language related to other security requirements, such as integration of personal identity verification and common access cards, background investigations of key personnel, encryption and data locations.

Some of the information collected from the RFI will be posted publicly to serve as a resource for agencies looking to leverage cloud services. Responses are due by Dec. 15.

More details from the RFI can be found here.

This article first appeared in FCW's sibling publication GCN

About the Author

Sara Friedman is a reporter/producer for GCN, covering cloud, cybersecurity and a wide range of other public-sector IT topics.

Before joining GCN, Friedman was a reporter for Gambling Compliance, where she covered state issues related to casinos, lotteries and fantasy sports. She has also written for Communications Daily and Washington Internet Daily on state telecom and cloud computing. Friedman is a graduate of Ithaca College, where she studied journalism, politics and international communications.

Friedman can be contacted at sfriedman@gcn.com or follow her on Twitter @SaraEFriedman.

Click here for previous articles by Friedman.


Featured

  • Telecommunications
    Stock photo ID: 658810513 By asharkyu

    GSA extends EIS deadline to 2023

    Agencies are getting up to three more years on existing telecom contracts before having to shift to the $50 billion Enterprise Infrastructure Solutions vehicle.

  • Workforce
    Shutterstock image ID: 569172169 By Zenzen

    OMB looks to retrain feds to fill cyber needs

    The federal government is taking steps to fill high-demand, skills-gap positions in tech by retraining employees already working within agencies without a cyber or IT background.

  • Acquisition
    GSA Headquarters (Photo by Rena Schild/Shutterstock)

    GSA to consolidate multiple award schedules

    The General Services Administration plans to consolidate dozens of its buying schedules across product areas including IT and services to reduce duplication.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.