Documents

Acquiring Cloud - A Contracting Officer's and Attorney's Perspective

• Authorship: Defense Information Systems Agency (DISA), US Air Force (USAF)
• Publication Date: 2019-07-22
• Status: Active
• Resource Type: Document
• Sub-Resource Type: Guidance
• Information: Acquisitions

The "Acquiring Cloud - A Contracting Officer's and Attorney's Perspective" provides an overview of cloud computing services, applicable acquisition regulations and guidance, including those applicable to the Department of Defense (DoD), and key considerations and requirements Contracting Officers (COs) need to be aware of and address in the acquisition of cloud computing services.

Application Rationalization Playbook (& Supporting Materials), An Agency Guide to Portfolio Management, The

• Authorship: Federal CIO Council
• Publication Date: 2020-09-25
• Status: Active
• Resource Type: Document
• Sub-Resource Type: Framework, Guidance, Playbook
• Information: Management, Operations
• Sub-Information: Application Rationalization

"The Application Rationalization PLAYBOOK, An Agency Guide to Portfolio Management" is a practical guide for application rationalization and Information Technology (IT) portfolio management. Application rationalization is the effort to strategically identify business applications across an organization to determine which should be kept, replaced, retired, or consolidated. This includes developing a detailed inventory, with attributes and functionality, determining business value and Total Cost of Ownership (TCO), and then comparing or rationalizing that inventory of applications as a whole to eliminate redundancies, lower costs, and maximize efficiency. Application rationalization helps Portfolio Managers improve their agency's approach to IT modernization. There is no one-size-fits-all application rationalization process, rather agencies should tailor their approach to fit mission, business, technology, human capital, and security needs.

Business of Cloud - Driving Cloud Program Success

• Authorship: LMI Consulting LLC
• Publication Date: 2020-01-01
• Status: Active
• Resource Type: Document
• Sub-Resource Type: Best Practices
• Information: Acquisitions, Governance, Management, Operations, Security, Technology, Workforce

The "Business of Cloud - Driving Cloud Program Success", developed by LMI Consulting, LLC, provides an overview of best practices and characteristics for successful federal cloud programs.

Cloud Adoption Center of Excellence Playbook

• Authorship: General Services Administration (GSA), Technology Transformation Services (TTS), IT Modernization Centers of Excellence (CoE), Cloud Adoption (CA)
• Publication Date: 2020-09-01
• Status: Active
• Resource Type: Document
• Sub-Resource Type: Framework, Guidance, Playbook, Strategy
• Information: Management, Operations

The "Cloud Adoption Center of Excellence Playbook" provides 9-plays to help agencies deliver modern digital services by adopting cloud computing. The "Cloud Adoption Center of Excellence Playbook" recommends optimal pathways to cloud adoption based on agile feature delivery methods and enhanced cybersecurity practices. The 9-plays include: Create Business Alignment, Align and Engage Stakeholders, Identify an Empowered Leader, Inventory Systems & Rationalize Application, Develop Cloud Adoption Plan, Develop New Cloud Capabilities, Use Strategic Communications, Pilot Solutions, and Iterate.

Cloud Migration Acquisition Journey Map

• Authorship: General Services Administration (GSA), Technology Transformation Services (TTS), IT Modernization Centers of Excellence (CoE), Cloud Adoption (CA)
• Publication Date: 2023-03-23
• Status: Active
• Resource Type: Document
• Sub-Resource Type: Best Practices, Diagram, Journey Map
• Information: Acquisitions
• Sub-Information: Acquisition Planning, Award, Cost Estimation, Market Research, Performance Metrics & Monitoring, Post Award, Requirements Document, Solicitation

The "Cloud Migration Acquisition Journey Map" follows 3 key stakeholders in the cloud migration acquisition process (i.e., contracting officer, technical lead, business owner). It provides the federal acquisition workforce with a better understanding of the cloud migration acquisition process, helps them define requirements, address pain points, identify the technical skills needed for successful cloud acquisitions, and provides links to acquisition documents for their cloud migration procurements.

Cloud Operations Best Practices & Resource Guide

• Authorship: General Services Administration (GSA), Office of Technology Policy
• Publication Date:
• Status: Active
• Resource Type: Document
• Sub-Resource Type: Best Practices, Guidance, Handbook
• Information: Management, Operations, Security, Technology
• Sub-Information: Budget, Costs, Organizational Change Management (OCM), Performance, Supply Chain Risk Management (SCRM), Zero Trust Architecture (ZTA)

The "Cloud Operations Best Practices & Resource Guide" supports a federal agency’s journey to optimize its cloud operations.

Whether purchasing new cloud services, migrating applications, or simply managing your current IT investments, your agency’s ability to manage the cost, capability, security and quality of your cloud impacts how well it serves its mission and its stewardship of taxpayer dollars.

The overarching theme of this guide is that cloud operations fundamentally differ from traditional IT operations. This difference emerges in virtually every aspect of IT operations, including strategy, planning, budgeting, governance, monitoring, provisioning, and more.

A second theme focuses on the practices presented as part of a continuous effort to improve operations. There is no one-and-done, one-size-fits-all best practice. Instead, successful improvement in cloud operations will be incremental and repeated. Furthermore, these practices are often interconnected.

Cloud Readiness Preparing Your Agency for Migration

• Authorship: General Services Administration (GSA), Office of Governmentwide Policy (OGP), Data Center Optimization Initiative (DCOI)
• Publication Date: 2018-04-18
• Status: Superseded
• Resource Type: Document
• Sub-Resource Type: Framework, Guidance, Strategy
• Information: Appropriations, Management, Operations, Security, Technology, Workforce

Superseded by the "Federal Cloud Strategy Guide - Agency Best Practices for Cloud Migration" authored by the General Services Administration (GSA), Office of Government-wide Policy (OGP), The Data Center and Cloud Optimization Initiative Program Management Office (DCCOI PMO).

Cloud Tagging Strategy Guide

• Authorship: General Services Administration (GSA), Office of Government-wide Policy (OGP), Office of Information Integrity and Access
• Publication Date: 2022-02-02
• Status: Active
• Resource Type: Document
• Sub-Resource Type: Framework, Guidance, Strategy
• Information: Management, Operations, Security
• Sub-Information: Costs, Resources, Asset Management, Automation, Technology Business Management (TBM), Identity Access Management (IAM)

The "Cloud Tagging Strategy Guide" aims to help agencies strategically approach their cloud tagging efforts pertaining to Infrastructure as a Service (laaS) and Platform as a Service (PaaS) cloud solutions. The centerpiece of this guide is a recommended five-step process for developing a cloud tagging strategy, consisting of different managerial and technical considerations that build upon each other toward successful, agency-wide implementation. Beyond the aforementioned process, this guide brings the Federal IT community the most relevant information on cloud tagging tools and use cases, including Technology Business Management (TBM).

Common DoD Contracting Issues and Guidance for Procuring Cloud (DRAFT)

• Authorship: Department of Defense (DoD), Cloud Center of Excellence
• Publication Date: 2017-09-05
• Status: Active
• Resource Type: Document
• Sub-Resource Type: Guidance
• Information: Acquisitions

The "Common DoD Contracting Issues and Guidance for Procuring Cloud (DRAFT)" provides information on issues for Contracting Officers (COs), Information Technology (IT) Professionals, and Program Managers (PMs) to address in cloud computing contracts. Issues address include: Asset Availability, Banner, Continuous Monitoring, Cybersecurity Compliance, Data Breach and Incident Reporting, Facility Inspection, Indemnification, Insurance, Law Enforcement, Location of Data, Maintenance, Misuse of Government Data and Metadata, Non-Disclosure Agreements (NDAs), Notification, Personnel Access, Physical Access, Records, Terms of Service, Terms of Service Level Agreements (SLAs), Spillage, Supply Chain, and Use of Subcontractors.

Containerization Readiness Guide

• Authorship: General Services Administration (GSA), Office of Governmentwide Policy (OGP), Office of Information Integrity and Access
• Publication Date: 2021-05-12
• Status: Active
• Resource Type: Document
• Sub-Resource Type: Best Practices, Case Study, Guidance, Lessons Learned
• Information: Technology
• Sub-Information: Containers

The “Containerization Readiness Guide'' provides a basic overview of container technologies to educate agencies that have limited to no containerization maturity. It will help agencies make informed and intelligent decisions on adopting container technologies. The “Container Readiness Guide" covers topics on container technology, container management, container business value, complementary technologies, application development and containers, common container use cases, container challenges, container adoption assessment, and container service delivery models.

Department of Defense Cloud Computing Acquisition Guidebook, Version 1.2

• Authorship: Department of Defense (DoD), Defense Acquisition University (DAU)
• Publication Date: 2019-11-01
• Status: Active
• Resource Type: Document
• Sub-Resource Type: Framework, Guidance, Strategy
• Information: Acquisitions, Appropriations, Governance, Management, Operations, Security, Technology, Workforce

The "Department of Defense Cloud Computing Acquisition Guidebook" assists Department of Defense (DoD) executive sponsors, Program Managers (PMs), Contracting Officers (COs), and supporting professionals to understand and be confident about their cloud acquisitions and associated deployments. The "DoD Cloud Computing Acquisition Guidebook" is structured to provide DoD specific and tailored information for Program Managers (PMs), contracting personnel, engineers/IT technical personnel, financial managers, attorneys, and cybersecurity professionals.

Department of Defense Cloud Computing Security Requirements Guide (DoD CC SRG)

• Authorship: Department of Defense (DoD), Defense Information Systems Agency (DISA)
• Publication Date: 2022-01-14
• Status: Active
• Resource Type: Document
• Sub-Resource Type: Guidance
• Information: Security
• Sub-Information: Assessment & Analysis (A&A), Authentication and Authorization, Cybersecurity Monitoring, Encryption, Identity Access Management (IAM), Incident Recovery, Incident Response, Information Protection Processes and Procedures, Risk Management

The "Department of Defense Cloud Computing Security Requirements Guide (DoD CC SRG)" provides: The security requirements and guidance to DoD and commercial Cloud Service Providers (CSPs) (DoD contractors) that wish to have their Cloud Service Offerings CSO(s) included in the DoD Cloud Service Catalog; Establishes a basis on which DoD will assess the security posture of a DoD or non-DoD CSP's CSO, supporting the decision to grant a DoD Provisional Authorization (PA) that allows a CSP to host DoD missions; Establishes a basis on which a DoD Component's Authorizing Official (AO) will assess the security posture of a DoD CSP's CSO, supporting the decision to grant a DoD Component's Authorization to Operate (ATO) for the CSP/CSO, and a DoD PA if the CSO might be leveraged by other DoD Components. (e.g., DISA's ATO/PA for milCloud); Defines the requirements and architectures for the use and implementation of DoD or commercial cloud services by DoD Mission Owners; Provides guidance to DoD Mission Owners, Security Control Assessors (SCA), Authorizing Officials, (formerly Certification and Accreditation (C&A) officials), and others in planning and authorizing the use of a CSO; Supports the DoD Chief Information Officer's (CIO) Cloud initiative to migrate DoD web sites and applications from physical servers and networks within DoD networks and data centers into lower cost commodity IT services which typically include virtual servers and networks that are an integral part of most cloud services provided by both DoD and commercial CSPs; and Supports the DoD CIO's and Federal Government's Data Center Reduction initiatives.

Department of Defense Cloud Strategy

• Authorship: Department of Defense (DoD), Chief Information Officer (CIO)
• Publication Date: 2018-12-01
• Status: Active
• Resource Type: Document
• Sub-Resource Type: Strategy
• Information: Operations, Technology

The “Department of Defense Cloud Strategy” reasserts our commitment to cloud and the need to view cloud initiatives from an enterprise perspective for more effective adoption. It recognizes our experience and identifies seven strategic objectives (enable exponential growth, scale for the episodic nature of the DoD mission, proactively address cyber challenges, enable AI and data transparency, extend tactical support for the warfighter at the edge, take advantage of resiliency in the cloud, drive IT reform at DoD) along with four guiding principles (warfighter first, cloud smart-data smart, leverage commercial industry best practices, create a culture better suited for modern technology evolution) to set a path forward. It emphasizes mission and tactical edge needs along with the requirement to prepare for artificial intelligence while accounting for protection and efficiencies.

The strategy drives implementation toward the enterprise cloud environment, an ecosystem composed of a General Purpose and Fit For Purpose clouds. It focuses implementation activities on two fundamental types of work: first is the stand up of cloud platforms ready to receive data and applications, and second is the ongoing work to migrate existing applications and to develop new applications in the cloud.

Department of Defense Outside the Continental United States (OCONUS) Cloud Strategy

• Authorship: Department of Defense (DoD), Chief Information Officer (CIO)
• Publication Date: 2021-04-01
• Status: Active
• Resource Type: Document
• Sub-Resource Type: Strategy
• Information: Operations, Technology

The “Department of Defense Outside the Continental United States (OCONUS) Cloud Strategy” establishes the vision and goals for enabling a dominant all-domain advantage through cloud innovation at the tactical edge. It identifies areas requiring modernization to realize the potential of cloud computing in direct support of the warfighter, specifically: security, redundancy, reliability, and availability. It focuses on extending Continental United States (CONUS) cloud computing to the globally deployed (i.e., OCONUS) elements of the Department to include the African, European, Indo-Pacific, Middle Eastern, and South American Theaters to the tactical edge. The outcomes of the strategy align with and further the priorities of the National Defense Strategy and DoD Digital Modernization Strategy.

DoD is committed to providing cloud computing to the warfighter at the tactical edge. These resources are fundamental to enabling a Joint Force capable of quickly and decisively mobilizing air, land, sea, space, and cyberspace capabilities in response to adversaries threatening United States (U.S.) and Allied National Security priorities and objectives

Enterprise Cloud Adoption Framework (ECAF)

• Authorship: MITRE Corporation
• Publication Date: 2018-09-11
• Status: Active
• Resource Type: Document
• Sub-Resource Type: Framework, Guidance, Strategy
• Information: Acquisitions, Appropriations, Community, Governance, Management, Operations, Security, Technology, Workforce

The "Enterprise Cloud Adoption Framework (ECAF)", developed by MITRE Corporation, provides guidance for developing and implementing cloud adoption strategies while addressing the Political leadership, Organizational, Economic, Technical, and Security (POETS) factors.

Federal Chief Information Officers Handbook

• Authorship: Office of Management and Budget (OMB), Office of the Federal Chief Information Officer (OFCIO), Chief Information Officers Council
• Publication Date:
• Status: Active
• Resource Type: Document
• Sub-Resource Type: Handbook
• Information: Acquisitions, Appropriations, Governance, Management, Security, Technology, Workforce

The "Federal Chief Information Officers Handbook" is provided for newly designated Chief Information Officers (CIOs), Deputy CIOs, agency heads and other senior leaders during transition to both understand the role of the federal CIO and the Federal CIO Council. It reviews the statutory responsibilities that define the CIO’s mandate in eight responsibility areas, the corresponding Laws and Executive Orders, and any applicable implementation guidance issued by the Office of Management and Budget (OMB) and other government-wide organizations; describes the applicable laws relevant to the CIO’s role, other authorities, key stakeholders that CIOs should meet in their first month, and key organizations and their role in federal IT; outlines government-wide IT policies and initiatives, summarizes the many kinds of reporting activities the CIO must conduct to keep their agency accountable to government-wide authorities, and provides a reporting calendar with the most up-to-date reporting activities available. Overall, it is intended to be useful to both executives with no federal government experience and to seasoned federal employees.

Federal Chief Information Officers Small Agency CIO and IT Executive Handbook

• Authorship: Office of Management and Budget (OMB), Office of the Federal Chief Information Officer (OFCIO), Small Agency Chief Information Officer Council (SACC)
• Publication Date: 2023-04-01
• Status: Active
• Resource Type: Document
• Sub-Resource Type: Handbook
• Information: Acquisitions, Appropriations, Governance, Management, Security, Technology, Workforce

The "Small Agency CIO and IT Executive Handbook" provides agency IT Executives with a foundational understanding of responsibilities related to IT. It is focused on federal agencies that do not have a full suite of IT leadership roles, such as federal agencies that don’t have a designated CIO, individuals fulfilling multiple roles in IT management, and executives with more limited technical and organizational experience. It is a resource to small federal agency executives who may not have subject-matter expertise across all technical or organizational components but play a leadership role in IT strategy, operations, security, and compliance. It expands on the Federal CIO Handbook and includes responsibilities related to cloud, cybersecurity, data management, and privacy, highlighting and referencing handbooks for other IT Executives, including the Chief Information Security Officer (CISO) and Chief Data Officer (CDO). In addition, it contains general information for executives who may be new to the federal government, including topics such as federal procurement and the budget cycle. Overall, it is intended to be useful to both executives with no federal government experience and to seasoned federal employees.

Federal Cloud Strategy Guide - Agency Best Practices for Cloud Migration

• Authorship: General Services Administration (GSA), Office of Governmentwide Policy (OGP), The Data Center and Cloud Optimization Initiative Program Management Office (DCCOI PMO)
• Publication Date: 2020-12-01
• Status: Active
• Resource Type: Document
• Sub-Resource Type: Best Practices, Framework, Guidance, Strategy
• Information: Acquisitions, Appropriations, Community, Governance, Management, Operations, Security, Technology, Workforce

The "Federal Cloud Strategy Guide - Agency Best Practices for Cloud Migration" provides a collection of strategies and best practices that will assist agencies in structuring and developing agency-specific cloud adoption strategies that are tailored to meet the agency's specific mission, business, technology, workforce, and security requirements.

FedRAMP Control Specific Contract Clauses, Version 3.0

• Authorship: General Services Administration (GSA), Federal Risk and Authorization Management Program (FedRAMP)
• Publication Date: 2017-12-08
• Status: Active
• Resource Type: Document
• Sub-Resource Type: Guidance
• Information: Acquisitions, Security
• Sub-Information: Assessment & Analysis (A&A)

The "FedRAMP Control Specific Contract Clauses Version 3.0" provides guidance on contractual language that might be used for FedRAMP cloud computing projects to address applicable laws, regulations, standards, guidance, and agency specific requirements and parameters.

FedRAMP Vulnerability Scanning Requirements for Containers, Version 1.0

• Authorship: General Services Administration (GSA), Federal Risk and Authorization Management Program (FedRAMP)
• Publication Date: 2021-03-16
• Status: Active
• Resource Type: Document
• Sub-Resource Type: Guidance
• Information: Security, Technology
• Sub-Information: Assessment & Analysis (A&A), Cybersecurity Monitoring, Containers

The "FedRAMP Vulnerability Scanning Requirements for Containers Version 1.0" bridges the vulnerability scanning compliance gaps between traditional cloud systems and containerized cloud systems. The requirements described in this document are part of the "FedRAMP Continuous Monitoring Strategy Guide" and "FedRAMP Vulnerability Scanning Requirements". The vulnerability scanning requirements for containerized systems serve to supplement and update existing requirements defined in those documents and to ensure that risks relative to the use of container technology are mitigated or otherwise addressed.

GAO-12-756 Information Technology Reform: Progress Made but Future Cloud Computing Efforts Should be Better Planned

• Authorship: Government Accountability Office (GAO)
• Publication Date: 2012-07-11
• Status: Active
• Resource Type: Document
• Sub-Resource Type: Report
• Information: Acquisitions, Appropriations, Community, Governance, Management, Operations, Security, Technology, Workforce

The Government Accountability Office (GAO) was asked to assess the progress selected agencies have made in implementing the Office of Management and Budget (OMB) "Cloud First" policy and identify challenges they are facing in implementing the policy. To do so, GAO selected seven agencies, analyzed agency documentation, and interviewed agency and OMB officials; and identified, assessed, and categorized common challenges.

GAO-14-413 Federal Software Licenses: Better Management Needed to Achieve Significant Savings Government-Wide

• Authorship: Government Accountability Office (GAO)
• Publication Date: 2014-05-22
• Status: Active
• Resource Type: Document
• Sub-Resource Type: Report
• Information: Management, Operations
• Sub-Information: Software License Management

The Government Accountability Office (GAO) was asked to review federal agencies' management of software licenses. GAO (1) assessed the extent to which OMB and federal agencies have appropriate policies on software license management, (2) determined the extent to which agencies adequately manage licenses, and (3) described agencies' most widely used software and extent to which they were over or under purchased. GAO assessed policies from 24 agencies and OMB against sound licensing policy measures. GAO also analyzed and compared agencies' software inventories and management controls to leading practices, and interviewed responsible officials. To identify sound licensing policy measures and leading practices, GAO interviewed recognized private sector and government software license management experts.

GAO-14-753 Cloud Computing: Additional Opportunities and Savings Need to Be Pursued

• Authorship: Government Accountability Office (GAO)
• Publication Date: 2014-09-25
• Status: Active
• Resource Type: Document
• Sub-Resource Type: Report
• Information: Appropriations

The Government Accountability Office (GAO) was asked to assess agencies' progress in implementing cloud services. GAO's objectives included assessing selected agencie' progress in using such services and determining the extent to which the agencies have experienced cost savings. GAO selected for review the seven agencies that it reported on in 2012 in order to compare their progress since then in implementing cloud services; the agencies were selected using the size of their IT budgets and experience in using cloud services. GAO also analyzed agency cost savings and related documentation and interviewed agency and OMB officials.

GAO-16-325 Cloud Computing: Agencies Need to Incorporate Key Practices to Ensure Effective Performance

• Authorship: Government Accountability Office (GAO)
• Publication Date: 2016-04-07
• Status: Active
• Resource Type: Document
• Sub-Resource Type: Report
• Information: Acquisitions, Management, Operations, Security

The Government Accountability Office (GAO) was asked to examine federal agencies' use of SLAs. GAO's objectives were to (1) identify key practices in cloud computing SLAs and (2) determine the extent to which federal agencies have incorporated such practices into their SLAs. GAO analyzed research, studies, and guidance developed by federal and private entities to develop a list of key practices to be included in SLAs. GAO validated its list with the entities, including OMB, and analyzed 21 cloud service contracts and related documentation of five agencies (with the largest fiscal year 2015 IT budgets) against the key practices to identify any variances, their causes, and impacts.

GAO-19-58 Cloud Computing: Agencies Have Increased Usage and Realized Benefits, but Cost and Savings Data Need to be Better Tracked

• Authorship: Government Accountability Office (GAO)
• Publication Date: 2019-04-04
• Status: Active
• Resource Type: Document
• Sub-Resource Type: Report
• Information: Appropriations

The Government Accountability Office (GAO) was asked to review agencies' reported use of cloud services. This report discusses selected agencies' progress in implementing cloud services, the extent to which those agencies increased cloud service spending and achieved savings or cost avoidances, and examples of agency reported cloud investments with notable benefits. GAO selected 16 agencies to review based on their fiscal year 2017 IT budgets and analyzed their use of cloud services, associated spending and savings data, and guidance for assessing investments for these services. GAO interviewed agency officials in charge of cloud services and reviewed pertinent documents to identify acquisitions with notable benefits. GAO also interviewed OMB staff about their agency?s role in federal cloud computing and related OMB guidance.

GAO-20-126 Cloud Computing Security: Agencies Increased Their Use of the Federal Authorization Program, but Improved Oversight and Implementation Are Needed

• Authorship: Government Accountability Office (GAO)
• Publication Date: 2019-12-12
• Status: Active
• Resource Type: Document
• Sub-Resource Type: Report
• Information: Security

The Government Accountability Office (GAO) was asked to review FedRAMP. The objectives were to determine the extent to which 1) federal agencies used FedRAMP to authorize cloud services, 2) selected agencies addressed key elements of the program's authorization process, and 3) program participants identified FedRAMP benefits and challenges. GAO analyzed survey responses from 24 federal agencies and 47 cloud service providers. GAO also reviewed policies, plans, procedures, and authorization packages for cloud services at four selected federal agencies and interviewed officials from federal agencies, the FedRAMP program office, and OMB.

GAO-22-104422 Technology Assessment: Quantum Computing and Communications Status and Prospects

• Authorship: Government Accountability Office (GAO)
• Publication Date: 2021-10-19
• Status: Active
• Resource Type: Document
• Sub-Resource Type: Report
• Information: Technology
• Sub-Information: Quantum Computing

The Government Accountability Office (GAO) conducted a technology assessment on (1) the availability of quantum computing and communications technologies and how they work, (2) potential future applications of such technologies and benefits and drawbacks from their development and use, and (3) factors that could affect technology development and policy options available to help address those factors, enhance benefits, or mitigate drawbacks.

To address these objectives, GAO reviewed key reports and scientific literature; interviewed government, industry, academic representatives, and potential end users; and convened a meeting of experts in collaboration with the National Academies of Sciences, Engineering, and Medicine. GAO is identifying policy options in this report.

GSA MAS Cloud SIN 518210C Ordering Guide

• Authorship: General Services Administration (GSA), Information Technology Category (ITC)
• Publication Date: 2022-07-12
• Status: Active
• Resource Type: Document
• Information: Acquisitions
• Sub-Information: Acquisition Planning

This Ordering Guide gives guidance on navigating many aspects of the cloud buying process, from requirements to award. It provides guidance on topics such as: Acquisition Strategies, Market Research, Cloud IGCEs, Contract Types, FedRAMP, Multi-cloud Strategies, Funding, Reference Laws, CLIN Structures and much more. This SIN 518210C Ordering Guide will only provide guidance to Ordering Activities. It will not prescribe or limit what cloud services contractors provide, nor is it binding to Ordering Activities as they will have to execute in accordance with their Ordering Activity policies and practices.

IaaS Considerations for the Data Center Community Version 1.11

• Authorship: General Services Administration (GSA), Office of Governmentwide Policy (OGP), Data Center Optimization Initiative (DCOI)
• Publication Date: 2017-03-15
• Status: Superseded
• Resource Type: Document
• Sub-Resource Type: Guidance, Lessons Learned
• Information: Appropriations, Management, Operations, Security, Workforce

Superseded by the "Federal Cloud Strategy Guide - Agency Best Practices for Cloud Migration" authored by the General Services Administration (GSA), Office of Government-wide Policy (OGP), The Data Center and Cloud Optimization Initiative Program Management Office (DCCOI PMO).

Infrastructure Optimization Center of Excellence Playbook

• Authorship: General Services Administration (GSA), Technology Transformation Services (TTS), IT Modernization Centers of Excellence (CoE), Infrastructure Optimization (IO)
• Publication Date: 2020-09-01
• Status: Active
• Resource Type: Document
• Sub-Resource Type: Framework, Guidance, Strategy
• Information: Management, Operations

The "Infrastructure Optimization Center of Excellence Playbook" provides 10-plays that help federal government agencies develop and implement strategies for infrastructure optimization, cloud computing integration, and data center consolidation. The 10-plays include: Define the Objectives, Roles, and Responsibilities for Infrastructure Optimization, Conduct a Data Center Discovery Assessment, Conduct Application Rationalization, Consolidate Data Centers, Obtain Authority to Test/Operate, Achieve Operational Excellence, Create an Agile Infrastructure, Implement Automation, Develop a Communication Plan, and Ensure Ongoing Executive Reporting and Interaction.

Key Cost Considerations for Agencies Planning Cloud Migrations

• Authorship: General Services Administration (GSA), Office of Governmentwide Policy (OGP), Data Center Optimization Initiative (DCOI)
• Publication Date: 2017-11-27
• Status: Active
• Resource Type: Document
• Sub-Resource Type: Best Practices, Lessons Learned
• Information: Management, Operations, Security, Workforce

The "Key Cost Considerations for Agencies Planning Cloud Migrations" is based on interviews with agencies that have used or provided one or more cloud solutions spanning the service model spectrum of Infrastructure as a Service (IaaS), Platform as a Service (PaaS), and Software as a Service (SaaS). The agency experiences and recommendations in this document are intended to be relevant regardless of whether an organization is using a private, public, or hybrid cloud deployment model. Although this document is written to help agencies prepare for cloud adoption and lower their future costs in any cloud environment, some stories and recommendations are more applicable to a particular service or deployment model.

Multi-Cloud and Hybrid Cloud Guide

• Authorship: General Services Administration (GSA), Office of Governmentwide Policy (OGP), Office of Information Integrity and Access
• Publication Date: 2021-09-03
• Status: Active
• Resource Type: Document
• Sub-Resource Type: Best Practices, Case Study, Guidance
• Information: Management, Technology
• Sub-Information: Architecture

The “Multi-Cloud and Hybrid Cloud Guide” brings together the most relevant information on different cloud architectures, compares the advantages and disadvantages of each, and walks your agency through important considerations pertaining to an Infrastructure as a Service (IaaS) cloud solution. As cloud computing environments expand and become more diverse, agencies face an ever-growing number of cloud services, offerings, and options. Informed strategy is needed to understand, anticipate, rationalize, and optimize major cloud architecture decisions. This document is organized into four primary sections, Cloud Architectures, Management, Analysis of Alternatives, and Determine Your IaaS Cloud Solution.

Shifting the Balance of Cybersecurity Risk: Principles and Approaches for Security-by-Design and -Default

• Authorship: Department of Homeland Security (DHS), Cybersecurity & Infrastructure Security Agency (CISA)
• Publication Date: 2023-04-13
• Status: Active
• Resource Type: Document
• Sub-Resource Type: Strategy
• Information: Security
• Sub-Information: Information Protection Processes and Procedures, Risk Management, Supply Chain Risk Management (SCRM)

Joint U.S. (i.e., Cybersecurity & Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), National Security Agency (NSA)) & international partners (i.e., Australian Cyber Security Centre (ACSC), Canadian Centre for Cyber Security (CCCS), United Kingdom’s National Cyber Security Centre (NCSC-UK), Germany’s Federal Office for Information Security (BSI), Netherlands’ National Cyber Security Centre (NCSC-NL), Computer Emergency Response Team New Zealand (CERT NZ) and New Zealand’s, National Cyber Security Centre (NCSC-NZ))
guide urging industry partners (e.g., technology manufactures, software manufacturers) to take necessary steps to make technology products (e.g., cloud, hardware, IoT, SaaS, software) secure-by-design and secure-by-default.

State Software Budgeting Handbook

• Authorship: General Services Administration (GSA), Technology Transformation Services (TTS), 18F
• Publication Date: 2019-08-01
• Status: Active
• Resource Type: Document
• Sub-Resource Type: Best Practices, Guidance, Handbook
• Information: Management
• Sub-Information: Budget, Costs

The "State Software Budgeting Handbook" is designed for executives, budget specialists, legislators, and other "non-technical" decision-makers who fund or oversee state government technology projects that receive federal funding and implement the necessary technology to support federal programs. The handbook can help in setting these projects up for success by asking the right questions, identifying the right outcomes, and equally important, providing a basic knowledge of the fundamental principles of modern software design.

The handbook provides the tools needed to start tackling related problems like: The need to use, maintain, and modernize legacy systems simultaneously; Lock-in from legacy commercial arrangements; Siloed organizations and risk-averse cultures; Long budget cycles that don't always match modern software design practices; Security threats; and Hiring, staffing, and other resource constraints.

The handbook is written specifically for procurement of custom software, but it's important to recognize that commercial off-the-shelf software (COTS) is often custom and Software as a Service (SaaS) often requires custom code. Once any customization is made, the bulk of this advice in this handbook applies to these commercial offerings.

Strategic Plan to Advance Cloud Computing in the Intelligence Community

• Authorship: Office of the Director of National Intelligence (ODNI)
• Publication Date: 2019-06-26
• Status: Active
• Resource Type: Document
• Sub-Resource Type: Framework, Guidance, Strategy
• Information: Acquisitions, Governance, Management, Operations, Technology, Workforce

The "Strategic Plan to Advance Cloud Computing in the Intelligence Community" lays out seven interrelated objectives and 38 initiatives to be used by executives and engineers alike to align the Intelligence Community (IC) efforts; guide IT development and acquisition; modify or establish IC policy, guidance, and specifications; and provide a consensus-driven approach to advancing cloud computing within the IC.