The General Services Administration (GSA) on July 29 put out a request for information seeking market research that will help the agency move forward with its Ascend Blanket Purchase Agreement (BPA) to simplify and standardize the way that Federal government agencies buy cloud products and services.
Work on the Ascend BPA, GSA said, is informed by research showing that Federal agencies face a “highly complex and evolving marketplace when it comes to acquiring cloud products and services,” and a “difficult and time consuming effort” in navigating security, data ownership, terms and conditions, and operational practices.
The Ascend BPA would help GSA realize its goals of creating a one-stop-shop for Federal agencies to buy secure cloud commercial products and services.
“The Ascend BPA is part of the General Services Administration’s (GSA’s) Cloud Marketplace vision of empowering agencies to develop and implement enterprise-level cloud acquisition strategies through a modernized and simplified approach to meet their IT and cybersecurity requirements,” GSA said in the RFI.
The BPA, GSA said, will “emphasize Cloud Smart/Security Smart objectives, and establish minimum baseline requirements for the acquisition, business, operations, reporting, and technology capabilities provided by commercial Cloud Service Providers (CSPs) and cloud-focused labor service providers that are not currently accessible under other GSA Multiple Award Schedule (MAS) or Governmentwide Acquisition Contracts (GWACs).”
“The Ascend BPA will focus on enabling support for both vertical (e.g., IaaS, PaaS, SaaS) and horizontal capabilities across the ecosystem and will provide more effective system integration and managed support services for the delivery of flexible, diverse, and secure cloud solutions,” GSA said.
“The BPA will also emphasize cybersecurity supply chain risk management (C-SCRM) and resiliency by establishing minimum cybersecurity baselines for customers to ensure their cloud solutions are compliant with applicable cybersecurity legislation, regulations, policies (e.g., Cyber Executive Order 14028), and National Institute of Standards and Technology (NIST) best practices,” GSA said.
“Integration of these requirements, along with Zero Trust Architecture (ZTA) principles will reduce the risk of evolving threats” and mitigate impacts of negative cybersecurity incidents, the agency said.
GSA is looking for feedback on the RFI by August 8.