DISA recalculating acquisition strategy for commercial IaaS

The Defense Information Systems Agency is making adjustments as it continues to assess the needs of its Defense Department customers for cloud services to host nonsensitive data. A draft request for proposals was initially issued in June. Now DISA is tweaking its approach to buy commercial infrastructure-as-a-service and other support services, including cloud-based storage, virtual machine, database, and web hosting services. According to the Nov. 8 FedBizOpps.gov notice, “This strategy may result in a solicitation for a new contract at a significantly lowered ceiling or the leveraging of contracts previously awarded which contain the appropriate scope for meeting this demand.” DISA’s chief information officer, Dave Bennett, told Federal News Radio in a recent interview the agency is still navigating its role as the Pentagon’s chief cloud provider. “A lot of this stuff we’re trying to figure out as we go along… there’s no magic book out there,” said Bennet said in an “Agency of the Month” interview in October. He said, “a lot is figured out through dialog with the vendors and the customers, getting to understand what the art of the possible is and what the level of risk is that you’re willing to accept.” DISA’s Component Acquisition Executive Dr. Jennifer Carter, speaking in a separate “Agency of the Month” interview, said DISA is trying to find the right fit to meet DoD’s security requirements and achieve commercial pricing through a large number of users, whether it be full commercial or a partitioned cloud. DISA has published security information and guides in an effort to be proactive so that commercial vendors can then use that information as they develop products. Carter says that by meeting these security requirements industry will, in turn, gain a competitive advantage in the commercial space.