The federal government has made a number of moves on several fronts in the past two weeks with respect to its cloud computing initiatives. It has issued a new request for quotations for infrastructure-as-a-service, updated its Apps.gov cloud computing store, released a report on the state of public sector cloud computing, revealed details about a cloud security effort, and formally launched a cloud standards effort.
First, after a failed first attempt, the General Services Administration last week quietly re-started its search for infrastructure-as-a-service providers whose services will eventually appear in the federal government's cloud computing application store, Apps.gov. GSA has posted an RFQ on the GSA's newly announced cloud computing reference site, info.apps.gov, whereas the old RFQ was only posted on a site made available to government employees and some contractors.
The new procurement vehicle replaces one that was posted last summer that sought similar services. The earlier RFQ laid out the ground rules for being an infrastructure-as-a-service provider to the federal government, but was canceled at the beginning of March in order to create a new RFQ that better represents the government's needs and the state of the fast-evolving cloud computing market. Quotes based on the new RFQ are due from vendors by June 15.
The 78-page document, first posted on eBuy on May 13, includes requests for storage services, virtual machine services, and cloud-based Web hosting. It lays out the government's requirements for infrastructure as a service, including essential elements like on-demand self-service, ubiquitous network access, location independent resource pooling, rapid elasticity, and visibility into service usage. In addition, it outlines service provisioning requirements, an uptime requirement of 99.5% service availability, disaster recovery requirements, and more.
The new RFQ has been expected to place a greater emphasis on security as well -- the old RFQ covered only "low impact" systems as characterized by federal cybersecurity compliance guidance, while the new RFQ requires services to meet the needs of "moderate impact" systems in terms of confidentiality, data integrity and availability.