GSA is about to make Cloud purchases a whole lot easier

GSA is about to reveal a plan for a governmentwide marketplace for cloud solutions. This new marketplace will not only make it convenient, it will also set up a one-stop-shop for agencies to purchase commercial Software as a Service, Infrastructure as a Service, and Platform as a Service, offerings. (FedTech October 7, 2021)

On a recent webinar, Laura Stanton, assistant commissioner for the Office of Information Technology Category in the GSA’s Federal Acquisition Service, said, “We’re looking at how we put together a cloud marketplace that then becomes a buying platform for agencies. We want to put together not just a framework, but a market contractual vehicle that will allow our agencies to buy these core cloud services that we’re seeing them need more and more.” (ibid)

The GSA marketplace will provide agencies with professional IT services as well as post-award contract management tools. It would also set the requirements to verify cloud services meet the baseline security and adherence to guidance from the Federal Risk and Authorization Management Program (FedRAMP). (ibid)

GSA wants to streamline the entire cloud procurement process for agencies. According to Laura Stanton, “GSA uses the cloud and cloud-related IT professional services special item number (SIN) 518210C as a vehicle for multiple-award procurements. The contract type can be used to acquire cloud computing services, as defined by the National Institute of Standards and Technology.” Stanton said that GSA is “hearing that agencies have to go to multiple places to buy cloud. We decided it was time to take the next step.” (ibid)

An RFI is expected early in the new fiscal year, which began October 1, 2021. (ibid)

Questions concerning the upcoming RFI? Give us a call.

NIST looking for a Small Cybersecurity Business – Do you qualify?

The National Institute of Standards and Technology (NIST) is looking for a small business to assist with the creation of privacy and cybersecurity standards that will apply to federal agencies. Additionally, NIST hopes to gain assistance with the development and modeling of software and applications for various tools, including the National Vulnerability Database.(Nextgov March 29, 2021)

The sources sought notice posted on beta.SAM.gov states, “with a new and re-energized national emphasis on information security, the NIST Information Technology Laboratory’s (ITL) Computer Security Division (CSD) is uniquely positioned to ensure that new technology initiatives are selected, deployed, and operated in a manner that does not increase the risk to organizational missions, individuals and the Nation.” (ibid)

“NIST expects the requirements of its mission to expand and anticipates the need for support in meeting these requirements. The support needed to ensure a successful mission ranges from internal programmatic support to technical expertise and research consulting in a wide range of cyber and information security areas.” (ibid)

Do you qualify for the cybersecurity SINs? Give us a call.

Updating Govt Cloud Security

Cloud vendors will soon see standardized security liability language in all government contracts. This is partly due to agencies’ migration to the cloud being sped up once the pandemic hit and increased teleworking, making the need for cybersecurity assurances essential. (Nextgov, May 20, 2020)

Thomas Santucci, the director of the Data Center and Cloud Optimization Infrastructure Program Management Office at GSA, recently elaborated on the subject, “I think there is a need to update our [service level agreements] with the cloud providers and we’re actively working on that within [the General Services Administration]…. OMB has just stood up a [program management office] to work on a cloud SLA template for the federal government to be attached to every contract.” (ibid)

When referring to the pandemic, Santucci said, “Users are now remote rather than in a central building or campus. Agencies that are doing well are mostly in the cloud with little or no impact. Remote users do not need a [virtual private network] to gain access to their emails or files, collaboration products have significantly reduced file duplicates, and bandwidth consumption is between the home internet connection and the cloud. It’s a great success story.” (ibid)

Officials at the National Institute of Standards and Technology (NIST) believe moving to the cloud does not mean security is a “one and done” feature. There are many considerations that customers may be responsible for under contracts. Increased use of cloud services is not 100 percent secure.

Rep. Doris Matsui, D-California recently wrote to NIST Director Walter Copan, requesting NIST work to establish metrics to accompany their Cybersecurity Framework. The framework allows entities to implement security controls based on their needs. Matsui’s letter to Copan asked for ways to evaluate the security implications of those decisions.¬†Matsui states, “with quantifiable measurement tools, cybersecurity strategies can be compared across industries and between entities. Metrics and measurements that facilitate comparisons and assess risk will be valuable for consumers, companies, and governments.” (ibid)

Wondering how your contract or upcoming proposal might be impacted by cloud migration and updated service level agreements? Give us a call.