FBI eyes major move to the cloud

EDITOR'S NOTE: This article first appeared on FCW.com.

The Federal Bureau of Investigation is requesting feedback on its options for adopting a new secure, large-scale cloud computing service.

FBI posted request for information Feb. 16 to solicit industry input on acquiring a cloud computing system in line with the government's "cloud-first" policy across government. In it, the bureau states it is looking to acquire platform-as-a-service and software-as-a-service offerings "from an established cloud service provider with an existing, large-scale commercial offering" with the capability of providing services for multiple government agencies.

The move comes as the bureau's $30 billion Information Technology Supplies and Support Services contact vehicle is set to expire this October. The contract was awarded in October 2010, and covered one year plus seven option years.

Last November, the FBI posted a notice to industry about the pending expiration of IT-SSS, indicating that internal deliberations were ongoing about a possible recompete.

The FBI is a member of the intelligence community, and the bureau wants any commercial cloud service it adopts to meet IC requirements for handling classified data, as well as supporting big data management and processing and cognitive computing.

The bureau is also looking for services that provide middleware, such as identity and security management, log analysis and audit capabilities.

At a minimum, the RFI states, vendors should maintain at least two commercial multi-tenant data centers that have reserved, firewalled space for governmental use, within the U.S. border and 1,000 miles apart, to support roughly 50,000 users.

The FBI also wants to know about potential providers' status in the Federal Risk and Authorization Management Program, as well as any Department of Defense Information Assurance and Federal Information System Controls Audit Manual accreditations. Respondents are asked to explain whether the bureau will retain responsibility for system authorization and network connectivity, whether government can audit all hosting infrastructure changes, if the provider can provide and install infrastructure needed to build and operate the secret cloud environment, and whether the bureau can use its own cryptography.

The FBI also wants review and approval authority over the vendor's force-protection firm for physical security personnel.

As for service requirements, interested providers should be able to support multiple operating systems, host and manage third-party applications and provide business solutions in addition to tech infrastructure solutions.

The bureau also is trying to get a sense of how companies establish pricing models or fee structures for similar-in-scope storage, network and application-hosting services.

The deadline for submissions is March 2.