Agencies across government continue to struggle with buying and adopting cloud technologies. GSA repeatedly hears customers say that they want and need an acquisition vehicle that addresses cloud-specific technologies and requirements, offers a less complicated way to buy them, and provides standardized security and data management features.
The Ascend Blanket Purchase Agreement (BPA), to complement GSA’s Multiple Award Schedule Cloud SIN 518210C, will meet the government’s demand for more comprehensive, secure and compliant cloud-based solutions. It allows GSA to develop a solution for federal, state, local, tribal and territorial governments that will make buying cloud less complicated.
With Ascend, GSA delivers what agencies are looking for:
- Security requirements: Cybersecurity and interoperability requirements, regulations and standards are extremely challenging to navigate. Ascend will include recently updated standards on supply chain risk management (SCRM) and cyber SCRM (C-SCRM). It will provide access only to FedRAMP– or Department of Defense Cloud Authorization Services (DCAS)– authorized cloud solutions. Ascend will make it easier for agencies to comply with cybersecurity mandates.
- Data ownership and portability: Ascend establishes the requirement that agencies own their accounts and data, and cloud service providers (CSPs) have to make the data portable in case the agency wants to move it.
- Standardized reporting: Customers require visibility into financial information for contract administration, cost control, chargeback and budget management/forecasting (i.e., FinOps). Ascend offers standardized reporting of this information.
- Subject matter expertise: Leaders need to ensure that contracted technical personnel have knowledge, skills, abilities, taskings and mindsets for cloud services, not just general IT skills. Ascend is built on the Cloud SIN 518210C, which accounts for specific cloud technologies and cloud-related IT professional services.
- Compliance: Federal agencies must comply with constantly updating executive orders, OMB memos, acquisition laws and policy targets. Ascend has these complex requirements built in upfront to reduce agencies’ risks and ensure compliance.
- Ease of ordering: Customers across government need access to a catalog of cloud services under a single acquisition solution to promote flexibility, agility and continuous injection of emerging technologies. Catalogs are standardized at the BPA level to make it easier for customers to compare services and associated prices.
Industry input, implemented
We’re closer to releasing a final solicitation of Ascend Pool 1, which covers the basic BPA requirements and Infrastructure as a Service/Platform as a Service requirements through three subpools. We recognize how important your invaluable feedback is through your responses to our requests for information, draft performance work statement and the draft solicitation. We heard you! We carefully balanced your feedback against agencies’ needs to be able to buy and manage cloud effectively.
As a result of your feedback, we’ve changed some of the BPA requirements:
Order catalogs: At first, we required contractors to provide catalogs at the ordering level.
- Now the requirement is to deliver and maintain catalogs at the BPA level following a specific format to standardize Ascend BPA catalogs.
Cybersecurity logs: At first, the contractor had to provide cybersecurity logs.
- Now the requirement is to enable the feature for eligible users upon request.
Authorized cloud services: The BPA includes only what is in the BPA catalog. At first, we required the contractor to restrict cloud services usage.
- Now contractors must provide the capability for eligible users to restrict the usage of cloud services through configuration files and policies, which in turn, gives eligible users more control over what cloud services are being used.
Cybersecurity incident reporting and incident response timelines: Aside from following timelines established by current law, we required incidents to be reported to the administrative agency.
- Now the requirement is less complex and no longer requires reporting to the administrative agency. Reports are further defined at the task order level for reporting to eligible users.
Carbon Pollution-Free Electricity (CFE): At first, GSA specified required sources of CFE.
- Now the requirement is to offer cloud services that comply with current environment and sustainability legislation, regulation and policies at any given time.
FinOps: At first, contractors were required to monitor and automatically suspend cloud services when consumption reached certain thresholds.
- Now the requirements are to enable metering options and allow for eligible users to set metering thresholds and automate suspending specific cloud services once metering thresholds are at a certain level. The contractor must also notify the eligible users.
Next steps
We are still working through minor adjustments. We plan to send out another draft solicitation and hold another industry day before issuing the final solicitation. Again, we appreciate the feedback we have received throughout the market research process.
Resources
For questions about the Ascend BPA, please reach out via email to cloudenterprisewide@gsa.gov.
Our cloud subject matter experts are here to provide guidance, and support agencies and vendors navigating our contract vehicles. Reach them at cloudinfo@gsa.gov.
Follow our Cloud and Software community on GSA Interact to learn the latest Ascend updates, or use our IT Solutions Navigator to find the vehicle that’s right for you.
Follow us on LinkedIn to join our ongoing conversations about government IT.
To get updates for this blog, please sign up on the right-hand side of the page where it says Sign up for Blog Updates.