GSA to set baseline requirements for cloud providers through Ascend
The General Services Administration wants to establish minimum baseline requirements for cloud providers and labor services with the Ascend blanket purchase agreement, according to a draft performance work statement.
Requirements will emphasize Cloud Smart objectives and cybersecurity supply chain risk management (C-SCRM) in keeping with the National Institute of Standards and Technology guidance and Cyber Executive Order.
GSA intends the Ascend blanket purchase agreement (BPA) to streamline agencies’ acquisition of Infrastructure as a Service (IaaS), Platform as a Service (PaaS), Software as a Service (SaaS), Anything as a Service (XaaS), and related IT services that are unavailable under the Multiple Award Schedule or governmentwide acquisition contracts by leveraging their common cloud requirements.
“Integration of these requirements, along with zero-trust architecture principles, will reduce the risk of evolving threats; mitigate impacts of negative cybersecurity incidents; and ensure the confidentiality, integrity and availability for customers’ cloud solutions,” reads the draft performance work statement.
Baselines will include use of DevSecOps, continuous integration/continuous deployment, minimizing downtime, meeting emerging needs, and conservation of resources.
Under Ascend, cloud providers will be responsible for obtaining and maintaining Federal Risk and Authorization Management Program authorizations for their solutions at the appropriate levels. GSA will determine if independent cyber assessments and evaluations warrant the suspension or termination of Ascend awardees and share those recommendations with Department of Defense Cloud Authorization Services or FedRAMP, which can suspend or terminate authorizations.
The Ascend BPA will consist of three primary pools and a growing number of subpools on-ramped to account for new capabilities and technologies.
Pool 1 covers IaaS and PaaS solutions with unclassified and classified subpools, Pool 2 SaaS solutions and Pool 3 cloud IT professional services.
The Ascend BPA is part of GSA’s Cloud Marketplace vision that envisions agencies implementing their own cloud acquisition strategies.
GSA hasn’t determined award dates but plans to release more information via eBuy and SAM.gov once interested vendors respond to its request for information by 5 p.m. EST on Aug. 8, 2022.
The agency wants the Ascend BPA to offer an open source experience.
“This will enable full data accessibility, ownership and portability for the government, and facilitates a government model for the reuse of common applications that would function across multiple agencies,” reads the performance work statement.