GSA wants feedback on cloud contract language
- By Sara Friedman
- Nov 13, 2017
When federal agencies acquire cloud services and products, they write requirements set under the Federal Risk and Authorization Management Program into their contracts. Unfortunately, sometimes those requirements are inconsistent or unclear.
To help agencies improve their cloud services contracts, the General Services Administration's Secure Cloud Portfolio division wants feedback from industry on agency attempts to enforce requirements via contract language.
General cloud service acquisitions can be derailed by confusion over deployment, portability, interoperability, data ownership, migration issues and integration with legacy systems. The request for information asks for specific examples of both effective and problematic contract language as well as suggestions on how to incorporate cloud services into different contract vehicles for direct solicitations, resellers and system integrators.
The FedRAMP process faces some similar issues but also suffers from confusion regarding the roles and responsibilities of vendors and their sponsoring agencies. Issues can arise when dealing with security assessments, FedRAMP requirements timelines and communication with agency officials over problems that develop. GSA wants examples that clearly delineate the roles and responsibilities and requirements federal agencies and vendors play when addressing FedRAMP requirements.
GSA also wants examples of clear and problematic language related to other security requirements, such as integration of personal identity verification and common access cards, background investigations of key personnel, encryption and data locations.
Some of the information collected from the RFI will be posted publicly to serve as a resource for agencies looking to leverage cloud services. Responses are due by Dec. 15.
More details from the RFI can be found here.
Sara Friedman is a reporter/producer for GCN, covering cloud, cybersecurity and a wide range of other public-sector IT topics.
Before joining GCN, Friedman was a reporter for Gambling Compliance, where she covered state issues related to casinos, lotteries and fantasy sports. She has also written for Communications Daily and Washington Internet Daily on state telecom and cloud computing. Friedman is a graduate of Ithaca College, where she studied journalism, politics and international communications.
Friedman can be contacted at firstname.lastname@example.org or follow her on Twitter @SaraEFriedman.
Click here for previous articles by Friedman.