Skip to main content
U.S. flag

An official website of the United States government

Helpful Documents

We have developed and collected helpful training documents, how-to guides, tutorials, and reference materials for you to review as you develop your own acquisition materials for acquiring cloud services.




Acquiring Cloud - A Contracting Officer's and Attorney's Perspective

  • Authorship: Defense Information Systems Agency (DISA), US Air Force (USAF)
  • Publication Date: 2019 07 22
  • Status: Active
  • Resource Type: Document
  • Sub-Resource Type: Guidance
  • Information: Acquisitions
  • Sub-Information:
Short Description:

The "Acquiring Cloud - A Contracting Officer's and Attorney's Perspective" provides an overview of topics COs need to be aware of and address in the acquisition of cloud computing services.

Long Description:

The "Acquiring Cloud - A Contracting Officer's and Attorney's Perspective" provides an overview of cloud computing services, applicable acquisition regulations and guidance, including those applicable to the Department of Defense (DoD), and key considerations and requirements Contracting Officers (COs) need to be aware of and address in the acquisition of cloud computing services.


Application Rationalization PLAYBOOK, An Agency Guide to Portfolio Management Version 1.1, The

  • Authorship: Federal CIO Council
  • Publication Date: 2020 09 25
  • Status: Active
  • Resource Type: Document
  • Sub-Resource Type: Framework, Guidance, Playbook
  • Information: Governance, Management, Operations
  • Sub-Information:
Short Description:

"The Application Rationalization PLAYBOOK, An Agency Guide to Portfolio Management Version 1.1" is a practical six-step process guide for executing application rationalization with IT portfolio management.

Long Description:

"The Application Rationalization PLAYBOOK, An Agency Guide to Portfolio Management Version 1.1" is a practical guide for application rationalization and Information Technology (IT) portfolio management. Application rationalization is the effort to strategically identify business applications across an organization to determine which should be kept, replaced, retired, or consolidated. This includes developing a detailed inventory, with attributes and functionality, determining business value and Total Cost of Ownership (TCO), and then comparing or rationalizing that inventory of applications as a whole to eliminate redundancies, lower costs, and maximize efficiency. Application rationalization helps Portfolio Managers improve their agency's approach to IT modernization. There is no one-size-fits-all application rationalization process, rather agencies should tailor their approach to fit mission, business, technology, human capital, and security needs.


Business of Cloud - Driving Cloud Program Success

  • Authorship: LMI Consulting, LLC
  • Publication Date: 2020
  • Status: Active
  • Resource Type: Document
  • Sub-Resource Type: Best Practices
  • Information: Acquisitions, Governance, Management, Operations, Security, Technology, Workforce
  • Sub-Information:
Short Description:

The "Business of Cloud - Driving Cloud Program Success" provides an overview of best practices and characteristics for successful federal cloud programs.

Long Description:

The "Business of Cloud - Driving Cloud Program Success", developed by LMI Consulting, LLC, provides an overview of best practices and characteristics for successful federal cloud programs.


Cloud Adoption Center of Excellence Playbook

  • Authorship: General Services Administration, Technology Transformation Services (TTS), IT Modernization Centers of Excellence (CoE), Cloud Adoption (CA)
  • Publication Date: 2020 09
  • Status: Active
  • Resource Type: Document
  • Sub-Resource Type: Framework, Guidance, Strategy
  • Information: Management, Operations
  • Sub-Information:
Short Description:

The "Cloud Adoption Center of Excellence Playbook" provides 9-plays to help agencies deliver modern digital services by adopting cloud computing.

Long Description:

The "Cloud Adoption Center of Excellence Playbook" provides 9-plays to help agencies deliver modern digital services by adopting cloud computing. The "Cloud Adoption Center of Excellence Playbook" recommends optimal pathways to cloud adoption based on agile feature delivery methods and enhanced cybersecurity practices. The 9-plays include: Create Business Alignment, Align and Engage Stakeholders, Identify an Empowered Leader, Inventory Systems & Rationalize Application, Develop Cloud Adoption Plan, Develop New Cloud Capabilities, Use Strategic Communications, Pilot Solutions, and Iterate.


Common DoD Contracting Issues and Guidance for Procuring Cloud (DRAFT)

  • Authorship: Cloud Center of Excellence
  • Publication Date: 2017 09 05
  • Status: Active
  • Resource Type: Document
  • Sub-Resource Type: Guidance
  • Information: Acquisitions
  • Sub-Information:
Short Description:

The "Common DoD Contracting Issues and Guidance for Procuring Cloud (DRAFT)" provides information on issues for COs, IT Professionals, and PMs to address in cloud computing contracts.

Long Description:

The "Common DoD Contracting Issues and Guidance for Procuring Cloud (DRAFT)" provides information on issues for Contracting Officers (COs), Information Technology (IT) Professionals, and Program Managers (PMs) to address in cloud computing contracts. Issues address include: Asset Availability, Banner, Continuous Monitoring, Cybersecurity Compliance, Data Breach and Incident Reporting, Facility Inspection, Indemnification, Insurance, Law Enforcement, Location of Data, Maintenance, Misuse of Government Data and Metadata, Non-Disclosure Agreements (NDAs), Notification, Personnel Access, Physical Access, Records, Terms of Service, Terms of Service Level Agreements (SLAs), Spillage, Supply Chain, and Use of Subcontractors.


Department of Defense Cloud Computing Acquisition Guidebook

  • Authorship: Department of Defense (DoD), Defense Acquisition University (DAU)
  • Publication Date: 2019 11
  • Status: Active
  • Resource Type: Document
  • Sub-Resource Type: Framework, Guidance, Strategy
  • Information: Acquisitions, Appropriations, Governance, Management, Operations, Policy, Security, Technology, Workforce
  • Sub-Information:
Short Description:

The "DoD Cloud Computing Acquisition Guidebook" provides guidance to DoD professionals responsible for the acquisition and deployment of cloud solutions.

Long Description:

The "Department of Defense Cloud Computing Acquisition Guidebook" assists Department of Defense (DoD) executive sponsors, Program Managers (PMs), Contracting Officers (COs), and supporting professionals to understand and be confident about their cloud acquisitions and associated deployments. The "DoD Cloud Computing Acquisition Guidebook" is structured to provide DoD specific and tailored information for Program Managers (PMs), contracting personnel, engineers/IT technical personnel, financial managers, attorneys, and cybersecurity professionals.


Department of Defense Cloud Computing Security Requirements Guide (DoD CC SRG)

  • Authorship: Department of Defense (DoD), Defense Information Systems Agency (DISA)
  • Publication Date: 2017 03 06
  • Status: Active
  • Resource Type: Document
  • Sub-Resource Type: Guidance
  • Information: Security
  • Sub-Information: Assessment & Analysis, Incident Response
Short Description:

The "DoD CC SRG" outlines the security model by which DoD will leverage cloud computing along with the security controls and requirements necessary for using cloud-based solutions.

Long Description:

The "Department of Defense Cloud Computing Security Requirements Guide (DoD CC SRG)" provides: The security requirements and guidance to DoD and commercial Cloud Service Providers (CSPs) (DoD contractors) that wish to have their Cloud Service Offerings CSO(s) included in the DoD Cloud Service Catalog; Establishes a basis on which DoD will assess the security posture of a DoD or non-DoD CSP's CSO, supporting the decision to grant a DoD Provisional Authorization (PA) that allows a CSP to host DoD missions; Establishes a basis on which a DoD Component's Authorizing Official (AO) will assess the security posture of a DoD CSP's CSO, supporting the decision to grant a DoD Component's Authorization to Operate (ATO) for the CSP/CSO, and a DoD PA if the CSO might be leveraged by other DoD Components. (e.g., DISA's ATO/PA for milCloud); Defines the requirements and architectures for the use and implementation of DoD or commercial cloud services by DoD Mission Owners; Provides guidance to DoD Mission Owners, Security Control Assessors (SCA), Authorizing Officials, (formerly Certification and Accreditation (C&A) officials), and others in planning and authorizing the use of a CSO; Supports the DoD Chief Information Officer's (CIO) Cloud initiative to migrate DoD web sites and applications from physical servers and networks within DoD networks and data centers into lower cost commodity IT services which typically include virtual servers and networks that are an integral part of most cloud services provided by both DoD and commercial CSPs; and Supports the DoD CIO's and Federal Government's Data Center Reduction initiatives.


Enterprise Cloud Adoption Framework (ECAF)

  • Authorship: MITRE Corporation
  • Publication Date: 2018 09 11
  • Status: Active
  • Resource Type: Document
  • Sub-Resource Type: Framework, Guidance, Strategy
  • Information: Acquisitions, Appropriations, Community, Governance, Management, Operations, Security, Technology, Workforce
  • Sub-Information:
Short Description:

The "ECAF" provides guidance for developing and implementing cloud adoption strategies while addressing POETS factors.

Long Description:

The "Enterprise Cloud Adoption Framework (ECAF)", developed by MITRE Corporation, provides guidance for developing and implementing cloud adoption strategies while addressing the Political leadership, Organizational, Economic, Technical, and Security (POETS) factors.


Federal Cloud Strategy Guide - Agency Best Practices for Cloud Migration

  • Authorship: General Services Administration (GSA), Office of Government-wide Policy (OGP), The Data Center and Cloud Optimization Initiative Program Management Office (DCCOI PMO)
  • Publication Date: 2020 12
  • Status: Active
  • Resource Type: Document
  • Sub-Resource Type: Framework, Guidance, Strategy
  • Information: Acquisitions, Appropriations, Community, Governance, Management, Operations, Security, Technology, Workforce
  • Sub-Information:
Short Description:

The "Federal Cloud Strategy Guide - Agency Best Practices for Cloud Migration" assists agencies in structuring and developing agency-specific cloud adoption strategies.

Long Description:

The "Federal Cloud Strategy Guide - Agency Best Practices for Cloud Migration" provides a collection of strategies and best practices that will assist agencies in structuring and developing agency-specific cloud adoption strategies that are tailored to meet the agency's specific mission, business, technology, workforce, and security requirements.


GAO-12-756 Information Technology Reform: Progress Made but Future Cloud Computing Efforts Should be Better Planned

  • Authorship: Government Accountability Office (GAO)
  • Publication Date: 2012 07 11
  • Status: Active
  • Resource Type: Document
  • Sub-Resource Type: Report
  • Information: Acquisitions, Appropriations, Community, Governance, Management, Operations, Security, Technology, Workforce
  • Sub-Information:
Short Description:

The GAO was asked to assess the progress selected agencies have made in implementing the "Cloud First" policy and identify challenges they are facing in implementing the policy.

Long Description:

The Government Accountability Office (GAO) was asked to assess the progress selected agencies have made in implementing the Office of Management and Budget (OMB) "Cloud First" policy and identify challenges they are facing in implementing the policy. To do so, GAO selected seven agencies, analyzed agency documentation, and interviewed agency and OMB officials; and identified, assessed, and categorized common challenges.


GAO-14-753 Cloud Computing: Additional Opportunities and Savings Need to Be Pursued

  • Authorship: Government Accountability Office (GAO)
  • Publication Date: 2014 09 25
  • Status: Active
  • Resource Type: Document
  • Sub-Resource Type: Report
  • Information: Appropriations
  • Sub-Information:
Short Description:

The GAO was asked to assess agencies' progress in implementing cloud services and determining the extent to which the agencies have experienced cost savings.

Long Description:

The Government Accountability Office (GAO) was asked to assess agencies' progress in implementing cloud services. GAO's objectives included assessing selected agencie' progress in using such services and determining the extent to which the agencies have experienced cost savings. GAO selected for review the seven agencies that it reported on in 2012 in order to compare their progress since then in implementing cloud services; the agencies were selected using the size of their IT budgets and experience in using cloud services. GAO also analyzed agency cost savings and related documentation and interviewed agency and OMB officials.


GAO-16-325 Cloud Computing: Agencies Need to Incorporate Key Practices to Ensure Effective Performance

  • Authorship: Government Accountability Office (GAO)
  • Publication Date: 2016 04 07
  • Status: Active
  • Resource Type: Document
  • Sub-Resource Type: Report
  • Information: Acquisitions, Management, Operations, Security
  • Sub-Information:
Short Description:

The GAO was asked to examine agencies' use of SLAs to identify key practices in cloud computing SLAs and determine the extent to which agencies have incorporated such practices into their SLAs.

Long Description:

The Government Accountability Office (GAO) was asked to examine federal agencies' use of SLAs. GAO's objectives were to (1) identify key practices in cloud computing SLAs and (2) determine the extent to which federal agencies have incorporated such practices into their SLAs. GAO analyzed research, studies, and guidance developed by federal and private entities to develop a list of key practices to be included in SLAs. GAO validated its list with the entities, including OMB, and analyzed 21 cloud service contracts and related documentation of five agencies (with the largest fiscal year 2015 IT budgets) against the key practices to identify any variances, their causes, and impacts.


GAO-19-58 Cloud Computing: Agencies Have Increased Usage and Realized Benefits, but Cost and Savings Data Need to be Better Tracked

  • Authorship: Government Accountability Office (GAO)
  • Publication Date: 2019 04 04
  • Status: Active
  • Resource Type: Document
  • Sub-Resource Type: Report
  • Information: Appropriations
  • Sub-Information:
Short Description:

The GAO was asked to review agencies' progress in implementing cloud services, the extent to which those agencies increased cloud services spending, and achieved savings or cost avoidances.

Long Description:

The Government Accountability Office (GAO) was asked to review agencies' reported use of cloud services. This report discusses selected agencies' progress in implementing cloud services, the extent to which those agencies increased cloud service spending and achieved savings or cost avoidances, and examples of agency reported cloud investments with notable benefits. GAO selected 16 agencies to review based on their fiscal year 2017 IT budgets and analyzed their use of cloud services, associated spending and savings data, and guidance for assessing investments for these services. GAO interviewed agency officials in charge of cloud services and reviewed pertinent documents to identify acquisitions with notable benefits. GAO also interviewed OMB staff about their agency?s role in federal cloud computing and related OMB guidance.


GAO-20-126 Cloud Computing Security: Agencies Increased Their Use of the Federal Authorization Program, but Improved Oversight and Implementation Are Needed

  • Authorship: Government Accountability Office (GAO)
  • Publication Date: 2019 12 12
  • Status: Active
  • Resource Type: Document
  • Sub-Resource Type: Report
  • Information: Security
  • Sub-Information:
Short Description:

The GAO was asked to review FedRAMP to determine the extent to which federal agencies used FedRAMP to authorize cloud services and to identify benefits and challenges.

Long Description:

The Government Accountability Office (GAO) was asked to review FedRAMP. The objectives were to determine the extent to which 1) federal agencies used FedRAMP to authorize cloud services, 2) selected agencies addressed key elements of the program's authorization process, and 3) program participants identified FedRAMP benefits and challenges. GAO analyzed survey responses from 24 federal agencies and 47 cloud service providers. GAO also reviewed policies, plans, procedures, and authorization packages for cloud services at four selected federal agencies and interviewed officials from federal agencies, the FedRAMP program office, and OMB.


Infrastructure Optimization Center of Excellence Playbook

  • Authorship: General Services Administration (GSA), Technology Transformation Services (TTS), IT Modernization Centers of Excellence (CoE), Infrastructure Optimization (IO)
  • Publication Date: 2020 09
  • Status: Active
  • Resource Type: Document
  • Sub-Resource Type: Framework, Guidance, Strategy
  • Information: Management, Operations
  • Sub-Information:
Short Description:

The "Infrastructure Optimization Center of Excellence Playbook" provides 10-plays to help agencies optimize their infrastructures (i.e., data center, cloud).

Long Description:

The "Infrastructure Optimization Center of Excellence Playbook" provides 10-plays that help federal government agencies develop and implement strategies for infrastructure optimization, cloud computing integration, and data center consolidation. The 10-plays include: Define the Objectives, Roles, and Responsibilities for Infrastructure Optimization, Conduct a Data Center Discovery Assessment, Conduct Application Rationalization, Consolidate Data Centers, Obtain Authority to Test/Operate, Achieve Operational Excellence, Create an Agile Infrastructure, Implement Automation, Develop a Communication Plan, and Ensure Ongoing Executive Reporting and Interaction.