As debate swirls around the Department of Defense’s (DoD) multibillion dollar Joint Enterprise Defense Infrastructure (JEDI) cloud acquisition, the department’s push toward commercial cloud services is continuing on other fronts. One example is the Defense Information Systems Agency’s (DISA) comparatively stealthy Defense Enterprise Office Solutions (DEOS) acquisition, which is intended to deliver integrated collaboration and productivity services in both classified and unclassified settings out to the edge of DoD’s networks.
Like JEDI, the DEOS contract could extend for up to 10 years, and has a similarly hefty total value. JEDI is estimated to be worth up to $10 billion; DEOS is being projected at as much as $8 billion. And also like JEDI, DEOS is planned as a single award—something that has proved to be a sore point for some in the industry, but which is in keeping with DISA’s and DoD’s overall approach. DISA issued a draft Request for Proposals for DEOS April 17. Responses were due this week, and DISA plans to present an overview on DEOS at the AFCEA Defensive Cyber Operations Symposium May 16 in Baltimore.
DISA plans DEOS as an integrated enterprise cloud offering that would replace current services, including “voice, video, collaboration, email, content management, records management, and office productivity,” according to the draft RFP. It would supplant the DoD Enterprise Email (DEE), as well as DoD Enterprise Portal Service (DEPS), and Defense Collaboration Services (DCS). And it will support DoD’s cloud-based Joint Information Environment.
DEOS also is expected to work on both the Non-classified Internet Protocol Router Network (NIPRNet) and the Secret Internet Protocol Router Network (SIPRNet), including those with “denied, disconnected, intermittent, and limited bandwidth,” according to the RFP. The cloud solution must also meet DoD security requirements, including the ability to operate at Impact Levels 5 (Controlled Unclassified Information that supports National Security Systems) and 6 (up to Secret level) of DoD’s Cloud Computing Security Requirements Guide.
DEOS will be a single-award Indefinite-Delivery, Indefinite-Quantity (IDIQ) contract with a five-year base ordering period followed by five one-year options for Software as a Service (SaaS).
Some vendors have criticized JEDI for being planned as a single award, but DOD officials have maintained that a single award doesn’t necessarily mean a single vendor—the department has invited teams to bid on both JEDI and DEOS—but that a single award would streamline implementation and keep down costs. As well, in the case of JEDI, DoD is leaving the door open to other participants after JEDI’s initial two-year ordering period.
The single award approach also is part of DISA’s other cloud efforts. In its forecast to industry late last year, DISA’s Services Development Directorate—which described DEOS as a turnkey commercial, cloud-based SaaS solution to modernize the department’s collaboration and productivity—also spelled out other projects, including those covering cybersecurity support, human resources management, the Integrated Defense Enterprise Acquisition System (IDEAS), and Integrated Resource Information System (IRIS). All are planned as single awards.
Another sticking point with the two cloud acquisitions is the security requirements of handling data on both NIPRNet and SIPRNet. DoD has said that JEDI, for example, would start with NIPRNet and eventually add SIPRNet services, which would give vendors time to get their services certified.
DoD’s move toward commercial cloud services ultimately is about getting high-quality information to warfighters as quickly (and cost effectively) as possible, department officials have said. In addition to opting for cloud services, DISA recently announced that it is implementing a tenfold speed increase on the Defense Information Systems Network (DISN) from an optical transport system with 10 gigabits per second (Gbps) transport speeds to a 100 Gbps packet-optical transport system.