SPECIAL NOTICE
D -- Cloud Computing (CC) Software as a Service
- Notice Date
- 7/30/2009
- Notice Type
- Special Notice
- NAICS
- 541512
— Computer Systems Design Services
- Contracting Office
- General Services Administration, Federal Technology Service (FTS), FTS-SmartBUY-Fairfax, 10304 Eaton Place, Fairfax, Virginia, 22030-2213
- ZIP Code
- 22030-2213
- Solicitation Number
- GS00T08SBA0027
- Point of Contact
- Michael W. Hargrove, Phone: 703-306-7701
- E-Mail Address
-
michael.hargrove@gsa.gov
(michael.hargrove@gsa.gov)
- Small Business Set-Aside
- N/A
- Description
- This Special Notice identifies GSA’s outline of requirements for NIST FIPS 199 defined Low and Moderate Impact Cloud Computing (CC) Software as a Service (SaaS) offering. Cloud Computing is a major initiative to modernize Information Technology (IT) within the Government. Cloud computing has the capability to reduce the cost of IT infrastructure using commercially available technology that is based on virtualization of servers, databases and applications to allow for capital cost savings. In anticipation of a possible issuance of an RFQ referring to Cloud Computing Software as a Service (SaaS), the following information is provided: In CC, security responsibilities are shared between the Contractor and the Consumer, in this case a Federal Government Agency. The Contractor will be responsible for provisioning, securing, monitoring, and maintaining the hardware, network(s), and software that support the infrastructure that is offered. In addition the Contractor will be responsible for the security of the Operating System (OS) and any additional software (i.e., any data base management systems), including the applications provided. If individual (named) user access is required, the specific Service Level Agreement shall document who is responsible for creating and maintaining user accounts. The Service Level Agreements shall also document how the user accounts will be created and maintained. The implementation of a new Federal Government IT system requires a formal approval process known as Certification and Accreditation (C&A). NIST Special Publication 800-37, Revision 1 gives guidelines for performing the C&A process. At the Low and Moderate Impact levels, the Contractor must prepare and provide required documentation that describes the security mechanisms and processes used to maintain a secure environment. The contractor must also provide evidence of an independent assessment of these mechanisms, processes, and documents. GSA’s Federal Acquisition Service Security staff will be available for consultation during the process, and will review the results before issuing a Certification and subsequent Accreditation decision. At its option, GSA may choose to inspect the infrastructure and security test results before issuing the decision. Consumer agencies will be able to leverage the C&A documentation prepared by the Contractor and GSA to accredit the application systems that take advantage of this contract vehicle. The Contractor is advised to review the GSA security guidance documents to determine the level of effort that will be necessary to complete the requirements. The Contractor shall meet and comply with all GSA IT Security Policies and all applicable GSA and NIST standards and guidelines, other Government-wide laws and regulations, and GSA and FAS directives, guidelines, and requirements for protection and security of Information Technology. This list is not all inclusive. References: •GSA IT Security Policies & Procedural Guide •GSA Information Technology (IT) Security Policy, CIO 2100.1E •GSA IT Security Procedural Guide 04-26, “FISMA Implementation.” •GSA IT Security Procedural Guide 06-29, “Contingency Plan Testing.” •GSA IT Security Procedural Guide 06-30, “Managing Enterprise Risk.” •GSA IT Security Procedural Guide 08-39, “FY 2009 IT Security Program Management Implementation Plan.” •GSA IT Security Procedural Guide 09-44, “Plan of Action and Milestones (POA&M).” Interested contractors should begin to prepare and accumulate relevant security artifacts as defined in NIST 800 series publications and the GSA IT Security Policies and Procedural Guide. This notice is not a request for competitive proposal and is not pursuant to a Request for Proposal (RFP) nor is the GSA obligated to conduct a competitive procurement. For more information, interested parties should contact Michael.Hargrove@gsa.gov Fax 703-306-6816.
- Web Link
-
FBO.gov Permalink
(https://www.fbo.gov/spg/GSA/FTS/SmartBUY-Fairfax/GS00T08SBA0027/listing.html)
- Place of Performance
- Address: General Services Administration, Federal Acquisition Services (FAS), FAS-SmartBUY- Fairfax, 10304 Eaton Place, Fairfax, VA 22030-2213, UNITED STATES, Fairfax, Virginia, 22030, United States
- Zip Code: 22030
- Zip Code: 22030
- Record
- SN01892945-W 20090801/090730235425-84317cbecb74c1f08471a130fc61933e (fbodaily.com)
- Source
-
FedBizOpps Link to This Notice
(may not be valid after Archive Date)
| FSG Index | This Issue's Index | Today's FBO Daily Index Page |