Cloud

GSA wants feedback on cloud contract language

Shutterstock image: cloud interface. 

When federal agencies acquire cloud services and products, they write requirements set under the Federal Risk and Authorization Management Program into their contracts. Unfortunately, sometimes those requirements are inconsistent or unclear.

To help agencies improve their cloud services contracts, the General Services Administration's Secure Cloud Portfolio division wants feedback from industry on agency attempts to enforce requirements via contract language.

General cloud service acquisitions can be derailed by confusion over deployment, portability, interoperability, data ownership, migration issues and integration with legacy systems. The request for information asks for specific examples of both effective and problematic contract language as well as suggestions on how to incorporate cloud services into different contract vehicles for direct solicitations, resellers and system integrators.

The FedRAMP process faces some similar issues but also suffers from confusion regarding the roles and responsibilities of vendors and their sponsoring agencies. Issues can arise when dealing with security assessments, FedRAMP requirements timelines and communication with agency officials over problems that develop. GSA wants examples that clearly delineate the roles and responsibilities and requirements federal agencies and vendors play when addressing FedRAMP requirements.

GSA also wants examples of clear and problematic language related to other security requirements, such as integration of personal identity verification and common access cards, background investigations of key personnel, encryption and data locations.

Some of the information collected from the RFI will be posted publicly to serve as a resource for agencies looking to leverage cloud services. Responses are due by Dec. 15.

More details from the RFI can be found here.

This article first appeared in FCW's sibling publication GCN

About the Author

Sara Friedman is a reporter/producer for GCN, covering cloud, cybersecurity and a wide range of other public-sector IT topics.

Before joining GCN, Friedman was a reporter for Gambling Compliance, where she covered state issues related to casinos, lotteries and fantasy sports. She has also written for Communications Daily and Washington Internet Daily on state telecom and cloud computing. Friedman is a graduate of Ithaca College, where she studied journalism, politics and international communications.

Friedman can be contacted at sfriedman@gcn.com or follow her on Twitter @SaraEFriedman.

Click here for previous articles by Friedman.


Featured

  • Contracting
    8 prototypes of the border walls as tweeted by CBP San Diego

    DHS contractors face protests – on the streets

    Tech companies are facing protests internally from workers and externally from activists about doing for government amid controversial policies like "zero tolerance" for illegal immigration.

  • Workforce
    By Mark Van Scyoc Royalty-free stock photo ID: 285175268

    At OPM, Weichert pushes direct hire, pay agent changes

    Margaret Weichert, now acting director of the Office of Personnel Management, is clearing agencies to make direct hires in IT, cyber and other tech fields and is changing pay for specialized occupations.

  • Cloud
    Shutterstock ID ID: 222190471 By wk1003mike

    IBM protests JEDI cloud deal

    As the deadline to submit bids on the Pentagon's $10 billion, 10-year warfighter cloud deal draws near, IBM announced a legal protest.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.