DISA wants to standardize metrics for commercial cloud contracts across government
The Defense Information Systems Agency hopes to create a catalog of standardized metrics for service level agreements (SLAs) that all federal agencies can use as they adopt commercial cloud.
Working with the National Institute of Standards and Technology, DISA issued a request for information asking for industry feedback on the types of metrics federal agencies should include in commercial cloud SLAs — the terms that an agency and a cloud vendor agree to for a contract, defining the level of service to be expected and the metrics by which to measure that.
“The US Government is looking to develop a catalog of standardized metrics for SLAs that can be used by all Federal Agencies for commercial cloud contracts,” the RFI says. “It is the intention of the US Government to use these responses from industry to help in the development and guide the description of US Government SLA metrics.”
The solicitation says there is an “inter-agency working group” — presumably headed by DISA and National Institute of Standards and Technology (NIST) — to develop the catalog for agencies to use. It won’t be mandatory to use, though, the RFI notes. “However, it is expected that the metric catalog will be a helpful tool for Federal Agencies as they develop their commercial cloud requirements.”
That group identified 10 categories for which metrics are needed for commercial cloud SLAs: “Accessibility; Availability; Performance; Service Reliability; Data Management; Attestations, Certs, and Audits; Change Management; Cloud Service Support; Governance; and Termination of Service.”
The Government Accountability Office found in 2016 that agencies were doing an OK job crafting SLAs for their cloud contracts, but there was a lack of consistency across government. GAO called for better guidance to help agencies include more of the practices it deemed to be “key.”
Of course, this new DISA and NIST effort applies only to commercial cloud procurements — that is, services hosted in a vendor’s off-premise environment, where often it also provides services to other clients.
The Department of Defense itself is ready to embark on a pair of massive commercial cloud acquisitions: the Joint Enterprise Defense Infrastructure, an enterprise infrastructure and platform services acquisition meant to bring the Pentagon into the 21st century; and the Defense Enterprise Office Solutions, “a replacement for disparate DoD legacy enterprise information technology (IT) services, such as voice, video, collaboration, email, content management, records management, and office productivity.”
