Did DOD keep its JEDI report promise?
By
Nick Wakeman
The Defense Department was to submit required reports to Congress on May 7 to explain its JEDI strategy.
Today -- May 7 to be exact -- was the day Defense Department officials promised Congress they would submit a pair of reports required in the fiscal year 2018 omnibus spending bill before DOD can release the final solicitation for its $10 billion JEDI cloud computing contract.
UPDATE: Bloomberg is reporting that the reports were submitted but are marked "For Official Use Only" and are not public at this time.
The original due date was later in May. But during a Senate Armed Services Committee hearing on April 26, Defense Department Chief Financial Officer David Norquist said that the reports would be submitted by May 7.
DOD was accepting comments on the second draft solicitation through April 30 and they said that day that they received 394 comments from 14 vendors, one coalition and two government offices.
Comments and answers will be released when the final solicitation comes out sometime this month.
A few more insights into the contract were released today with the draft DD Form 254, a document interested companies will need to complete to gain access to classified information needed for their proposals.
It appears that most of the work will be done on the contractor’s premises, which makes sense because DOD wants to buy a commercial cloud service. The contractor’s facility will need to have a "Top Secret" clearance.
The contractor will be able to store "Top Secret" and "Secret" information and hardware at their facility. That classified information includes items such as nuclear weapon designs and foreign governments.
Any classified documents and materials will need to be returned to DOD when the contract ends.
That is, unless there is an approved request for the contractor to keep the information.
The document also describes the various security clearance requirements and approvals needed for work to be done. This includes the approvals needed for any work done by subcontractors.
There is no mention of FedRAMP in the document, but the contractor will have to comply with the requirements of an approved cybersecurity plan.
Comments on the Form 254 are due by May 11.