GSA’s Ascend cloud RFI emphasizes baseline requirements for vendors

Mina De La O/Getty Images

The General Services Administration seeks feedback from the private sector on its highly anticipated one-stop shop for federal agencies seeking commercial cloud solutions.

The General Services Administration took another step closer toward its goal of launching the federal government's one-stop shop for secure cloud commercial products and services.

GSA released a request for information (RFI) on Friday about its plans to launch a multi-purpose, multi-award blanket purchase agreement for cloud technologies, officially outlining its vision for the highly anticipated initiative that will serve all federal agencies seeking cloud solutions.

Companies hoping to participate in Ascend will have to comply with authorized vendor responsibilities outlined in a performance work statement included in the RFI, from providing specific levels of operational support for infrastructure as a service and software as a service to conducting regular cybersecurity assessments and evaluations. 

The performance work statement also pointed to market research that revealed the complexities federal agencies face in cloud acquisitions and said the objective is to "simplify and standardize" the process with the new BPA. 

GSA wants Ascend to become the go-to destination for all federal agencies as they transition away from legacy IT software and begin increasingly procuring commercial cloud products and services, streamlining the often lengthy and difficult process of understanding various security and data ownership requirements and operational practices for different services. 

The BPA will feature vendors who meet specific baseline responsibilities as GSA focuses on providing agencies with "more effective system integration and managed support services for the delivery of flexible, diverse and secure cloud solutions," according to the performance work statement. Those vendors must also comply with various federal guidelines around cybersecurity and cybersecurity supply chain risk management (C-SCRM), including the White House cyber executive order and the National Institute of Standards and Technology's best practices. 

GSA first announced plans for the new BPA in May of last year, later walking back a timeline for the initiative to allow for further engagement with the private sector. 

Sonny Hashmi, commissioner of GSA's Federal Acquisition Service, hinted at FCW's Cloud Summit in April that the BPA will "allow agencies to acquire and implement secure commercial cloud service offerings" and "have built-in minimum thresholds for security, data ownership, common terms and conditions."

"The driving factor around this is going to be demand signal generation," Hashmi said. "We want to make sure that we understand deeply the commonality across the government of requirements, expectations, minimum capabilities ... those kinds of things that are common for all agencies – we want to make sure they're baked into the foundation."

Ascend will be categorized into four pools – IaaS, SaaS, platform as a service and Cloud Professional Services – and rolled out on a competitive basis. Agencies will be able to purchase commercial cloud services on a pay-as-you-go basis, allowing for improved cost management and oversight. 

GSA is requesting feedback to the RFI from key stakeholders and anyone interested in participating in Ascend by Aug. 8, 2022.