Gsa infrastructure as a service briefing, 4-21-2010


Published on

  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Gsa infrastructure as a service briefing, 4-21-2010

  1. 1. Discussion of Industry Advisory Council Dave McClure Associate Administrator, Office of Citizens Services and Communications Michael Anastasio Director, Strategic Solutions Contracts Division Federal Acquisition Service Katie Lewin Director Cloud Computing Program , Office of Citizens Services and Communications April 21 – 3:00 – 5:00PM
  2. 2. Agenda • Infrastructure as a Service (IaaS) RFQ – Why was the first RFQ cancelled? – Plan to issue new RFQ in early summer 2010 – Improvements to new RFQ • Reconciliation of CLIN structure with Schedule 70 • Increased security level to Moderate Impact as defined by NIST FIPS 199 • – improvements – Short term • Revised vendor submissions that will result in: – More accurate product categorization – Better displays that show product and product add-ons • Improved search capabilities – Long term • Evolve to a one-stop source for Federal cloud computing information including readiness evaluations, best practices and product descriptions
  3. 3. Infrastructure as a Service • Why was Infrastructure as a Service Cancelled? – Opportunity to improve the RFQ • Security Enhancements • Better mapping of CLINs – Opportunity to use FedRAMP • Centralized Certification and Accreditations (C&A) – Better alignment with • Clear communications of how IaaS RFQ will be available through – Vendor Engagement • Market Maturity
  4. 4. IaaS RFQ • Why Schedule 70? – BPAs can only be issued against schedules • Schedule 70 is primary schedule for IT services – Much quicker than issuing full and open RFP • How to get on schedule – The process for getting on Schedule 70 is detailed at – Contract Teaming Arrangements • Notification to vendors – Proposers required to modify their existing schedules • Required to map their proposal offerings and associated pricing to their current Schedule 70 contract • Successful awardee(s) must have the proposed offerings on their Schedule 70 contracts prior to any resultant award. • See Notice published in FedBizOps on 3/23/10
  5. 5. 3‐Step Process for Vendors to Offer  IaaS Services 1 2 3 Vendor Must Vendor Must Vendor Must be on Schedule 70 Respond to RFQ Submit Quotes The process for  RFQ will be posted on  Quotes in response to  getting on Schedule  eBuy which is viewable by  the future RFQ will be  70 is detailed at  any Schedule 70 holder required to map their proposal offerings and  Current Schedule 70  Vendors that need to  associated pricing to  holders must ensure  add/modify their service  their current Schedule  BPA CLINs map to  offerings should send  70 contract.  their current  email to Schedule 70 contract  • Questions from Schedule 70 holders (and responses to the RFI) should go to • Questions about getting on Schedule 70 should go to the Vendor Support Center at or 703.605.9992
  6. 6. IaaS RFQ • What has changed? – Security requirement - Moderate Level Security Impact – More flexible CLIN structure • Band Width and Bulk Storage CLINs • OS, Web Service and DB CLINs • Notice published in FedBizOps on 3/23/10
  7. 7. C&A Processing FedRAMP – Federal Risk and Authorization Management Program • Government- wide program to provide joint authorizations and continuous security monitoring services – Unified government-wide risk management – Agencies will leverage the government-wide authorization (when applicable) • Does not supplant existing agency authority to use systems that meet their security needs • Initial focus on cloud computing • Creates a unified risk management process – eliminate duplication of effort and associated cost savings – enable rapid acquisition by leveraging pre-authorized solutions, – increased security through focus assessments, – interagency agreed upon security requirements, – ensure compatible security requirements on shared systems, – encourage better system integration with government-wide information security efforts
  8. 8. FedRAMP Components Security FedRAMP Office Joint Authorization Requirement Board - DOD, GSA, Authorities: DHS + sponsoring Technical work by the agency Cloud Computing Security Working Group (CCSWG) Ultimately: ISIMC Working Groups Note: each of the three major components collaborate but maintain independence 8
  9. 9.
  10. 10. – What’s next? • Clean up of Business Apps listings – Short term • RFQ to be issued to all Schedule 70 holders requests changes in product descriptions – will improve usability of site • Improvement to search capability to refine searches – Long term • Redesign site to provide research, assessment and procurement of cloud services • Awarding IaaS RFQ • Developing Platform as a Service capabilities
  11. 11. Questions? 11