Skip to main content
An Official Website Of The United States Government
Acquisition.gov
  • Covid 19
  • Section 889
  • Regulations

    FAR

    Smart MatrixFAR Smart Matrix

    Chapter 99 Chapter 99 (CAS)

    • DFARS DFARS
    • DFARSPGI DFARSPGI
    • AFARS AFARS
    • AFFARS AFFARS
    • DARS DARS
    • DLAD DLAD
    • NMCARS NMCARS
    • SOFARS SOFARS
    • TRANSFARS TRANSFARS
    • AGAR AGAR
    • AIDAR AIDAR
    • CAR CAR
    • DEARS DEAR
    • DIARS DIAR
    • DOLARS DOLAR
    • DOSARS DOSAR
    • AGAR DTAR
    • EDAR EDAR
    • EPAAR EPAAR
    • FEBAR FEHBAR
    • GSAM GSAM/R
    • HHSAR HHSAR
    • HSAR HSAR
    • HUDAR HUDAR
    • IAAR IAAR
    • JAR JAR
    • LIFAR LIFAR
    • NFS NFS
    • NRCAR NRCAR
    • TAR TAR
    • VAAR VAAR
  • Archives
  • Policy Network
    • CAO.gov
    • Civilian Agency Acquisition Council (CAAC)
    • Federal Acquisition Regulatory Council
    • Interagency Suspension and Debarment Committee (ISDC)
  • Search
    Search:
    Website
    Regulations
Part Number: 
  • 5101
  • 5102
  • 5103
  • 5104
  • 5105
  • 5106
  • 5107
  • 5108
  • 5109
  • 5110
  • 5111
  • 5112
  • 5113
  • 5114
  • 5115
  • 5116
  • 5117
  • 5118
  • 5119
  • 5120
  • 5121
  • 5122
  • 5123
  • 5124
  • 5125
  • 5126
  • 5127
  • 5128
  • 5129
  • 5130
  • 5131
  • 5132
  • 5133
  • 5134
  • 5135
  • 5136
  • 5137
  • 5138
  • 5139
  • 5140
  • 5141
  • 5142
  • 5143
  • 5144
  • 5145
  • 5146
  • 5147
  • 5148
  • 5149
  • 5150
  • 5151
  • 5152
  • 5153
  • Appx AA
  • Appx BB
  • Appx CC
  • Appx DD
  • Appx EE
  • Appx FF
  • Appx GG
  • Appx HH
Add Bookmark Open Bookmark Print Document Download PDF Document

HomeRegulationsAFARSPolicy and Pws Language
Army Federal Acquisition Regulation Supplementafars

Army Federal Acquisition Regulation Supplement


My Favorites

add this page

Previous Page

Table Of Contents

Policy and PWS Language

 

     

 

 

 

 

    Building Blocks    

    Contract Actions    

 

    Subject Area    

    Policy    

    Policy Reference/Source (AR, DFARS, AFARS, DOD, etc.)    

    PWS language    

    1a) Migrating to the Cloud    

    1b) New SW Development in the Cloud    

    2) Follow-on contracts related to common services and management    

    3) Cloud Hosting, use of Enterprise solutions    

    New Contracts    

    Orders Against Existing Contracts    

    Existing Contracts    

    CDRL    

    Cloud    

    All commercial cloud usage must be reported into the Army Portfolio Management System (APMS) per data EXORD 009-20    

    EXORD 009-20    

    N/A    

 

 

 

 

 

 

 

 

    Use of Enterprise Services    

    All Army systems/applications developed in, migrated to and hosted in the commercial cloud will use cArmy Enterprise common services and data services. The Army will not duplicate common services or data services that are accredited in cArmy, to include the components of the DoD Secure Cloud Computing Architecture (SCCA). If a service is required that is not yet available in cArmy, the Application/System Owner must work with the Enterprise Cloud Management Office (ECMO) before any development of that service occurs (or any dollars are obligated towards the development). A list of the currently available (as of 1 May 2020) services is included in the next tab in this spreadsheet. In the future, a dynamic website will be available that will include up-to-date listing and description of available Enterprise services: www.cloud.army.mil.     

    EXORD 009-20: 3.D.5.G. (U) DIRECT THE ENTERPRISE CLOUD MANAGEMENT OFFICE (ECMO) TO DEVELOP A PLAN TO CONSOLIDATE EXISTING CLOUD INSTANCES TO THE GREATEST POSSIBLE EXTENT, AND WITHOUT SIGNIFICANT IMPACT TO ONGOING OPERATIONS, TO GAIN VISIBILITY AND CONTROL OF ARMY CLOUD MIGRATIONS NLT 01 JAN 2020.    

    The contractor must use cArmy Enterprise common services, and data services, and all DoD Secure Cloud Computing Architecture (SCCA) components when developing, migrating to and hosting Army systems/applications in the commercial cloud. A list of the currently available common services is included in the next tab in this spreadsheet. In the future, a dynamic website will be available that will include up-to-date listing and description of available Enterprise services: www.cloud.army.mil    

    Required    

    Required    

    N/A    

    N/A    

    Yes    

    No    

    No    

    Migration Plan or Strategy to use the common services     

    Use of Enterprise Services    

    Existing cloud common services will be consolidated into cArmy as is reasonable over time, per EXORD 009-20. As existing common service contract options expire, mission owners should work with the Enterprise Cloud Management Office (ECMO) to onboard their applications into cArmy and reduce the duplicity of services across the Army.     

    EXORD 009-20: 3.D.5.G. (U) DIRECT THE ENTERPRISE CLOUD MANAGEMENT OFFICE (ECMO) TO DEVELOP A PLAN TO CONSOLIDATE EXISTING CLOUD INSTANCES TO THE GREATEST POSSIBLE EXTENT, AND WITHOUT SIGNIFICANT IMPACT TO ONGOING OPERATIONS, TO GAIN VISIBILITY AND CONTROL OF ARMY CLOUD MIGRATIONS NLT 01 JAN 2020.    

 

    N/A    

    N/A    

    Required    

    N/A    

    Yes    

    No    

    No    

    Catalog or Inventory of common services utilized within the app.    

    Modernization/Migration    

    The Army will modernize applications applying Cloud Native Design Principles, which will prioritize the use of Software as a Service (SaaS) and Platform as a Service (PaaS) (to include container technology) over Infrastructure as a Service (IaaS) models to reduce toil and overhead of maintaining Information Technology (IT) systems. Use of IaaS will be by exception and at the approval of the Enterprise Cloud Management Office (ECMO). According to the Cloud Native Computing Foundation, cloud native technologies empower organizations to build and run scalable applications in modern, dynamic environments such as public, private, and hybrid clouds. Containers, service meshes, micro-services, immutable infrastructure, and declarative APIs exemplify this approach. These techniques enable loosely coupled systems that are resilient, manageable, and observable. Combined with robust automation, they allow engineers to make high-impact changes frequently and predictably with minimal toil. *     

    Army Cloud Plan    

    The contractor must modernize applications migrating to commercial cloud applying Cloud Native Design Principles and will prioritize use of Software as a Service (SaaS) and Platform as a Service (PaaS) over Infrastructure as a Service (IaaS).     

    Mandatory    

    N/A    

    N/A    

    N/A    

    Yes    

    No    

    No    

    System design document    

    Modernization/Migration    

    Legacy systems undergoing modifications to adapt to a service-enabled architecture should design anti-corruption layers** to support the transitional period. Pre-bundled COTS products are excluded.     

    Army Cloud Plan    

    The contractor must ensure that legacy systems undergoing modifications to adapt to a service-enabled architecture will design anti-corruption layers to support the transitional period.    

    Required except pre-bundled COTS products    

    N/A    

    N/A    

    N/A    

    Yes    

    No    

    No    

    Architecture Drawing and Description of Solution    

    Software Development    

    The Army will build to the highest abstraction of cloud services, where possible, to include SaaS, PaaS, Database Management as a Service, and so forth, in order to accelerate testing, accreditation and fielding to the Army. Use of IaaS will be by exception and at the approval of the Enterprise Cloud Management Office (ECMO).    

    Army Cloud Plan    

    The contractor must build to the highest abstraction of cloud services in order to meet functional, technical, performance and cost goals. These services include commercial SaaS, PaaS, Database Management as a Service, and so forth, in order to accelerate testing, accreditation and fielding to the Army.     

    N/A    

    Required    

    N/A    

    N/A    

    Yes    

    No    

    No    

    Architecture Drawing and Description of Solution    

    Software Development    

    All new software development must use modern software development methodologies (e.g., agile, DevSecOps) to support rapid delivery of standardized, reliable, integrated and secure mission capabilities.    

    Army Cloud Plan    

    The contractor must use modern software development methodologies (e.g., agile, DevSecOps) to support rapid delivery of standardized, reliable, integrated and secure mission capabilities.    

    Optional    

    Required    

    N/A    

    N/A    

    Yes    

    No    

    No    

    Software Development Plans    

    Software Development    

    All new software acquisitions should use microservices architecture and automation where technically and economically feasible.     

    Army Cloud Plan    

    The contractor must use microservices architecture and automation where technically and economically feasible.     

    Optional    

    Required    

    N/A    

    N/A    

    Yes    

    No    

    No    

    Software Development Plan and Architecture    

    Software Development    

    In order to create interoperable, accessible and visible services, all interface information will be published in the Army Enterprise Data Services Catalog (EDSC).          

    Army Data Plan    

    The contractor must comply with publishing all application programming interface (API) information within the Enterprise Data Services Catalog (EDSC)    

    Required    

    Required    

    N/A    

    N/A    

    Yes    

    Yes    

    No    

    Plan and Schedule for publishing to EDSC    

    Security    

    Reference DoD Instruction 8580.1; each DoD information system is required to have an Information System Security Manager (ISSM) and must implement DoD Risk Management Framework (RMF) governed by DoD Instruction 8510.01, for DoD Information Technology (IT). All cloud instances will inherit RMF controls to the greatest extent allowable by the Authorizing Official.    

    Mandatory Implementation of Army Data Standards Services Requirements Memo (10 April 2020), Principle DSR-1. 2. Impact-level Guidance for Data Migrating to Army-approved Cloud Environments (1 May 2020) 3. Authorization Guidance for IT Capabilities Migrating to Army-approved Cloud Environments. (1 May 2020)    

    The contractor must comply with implementation of the DoD Risk Management Framework (RMF) as governed by DoD Instruction 8510.01, for DoD Information Technology (IT).    

    Required    

    Required    

    N/A    

    N/A    

    Yes    

    Yes    

    No    

 

    Security    

    All Army cloud instances will use Army Future Command (AFC)'s Command, Control, Communications, Computers, Cyber, Intelligence, Surveillance and Reconnaissance Center (C5ISR) as their Cybersecurity Service Provider (CSSP). Exceptions can only be granted by the Army Cyber Command (ARCYBER) or the Chief Information Officer (CIO)/G6.    

    New    

    The contractor must work with Army Future Command (AFC)'s Command, Control, Communications, Computers, Cyber, Intelligence, Surveillance and Reconnaissance Center (C5ISR) to establish Cyber Security Service Provider (CSSP) services (as required by DoDI 8530 and as described by the DISA Cloud Computing Security Requirements Guide) for Army applications hosted in commercial cloud.     

    Required    

    Required    

    Required    

    N/A    

    Yes    

    Yes    

    Yes    

 

    Data    

    All new and existing applications, systems, or services deemed non-legacy shall expose their data and functionality through service interfaces (for example, OpenAPI specification). (Mandatory Implementation of Army Data Standards Services Requirements Memo (10 April 2020), Principle DSR-6)    

    Mandatory Implementation of Army Data Standards Services Requirements Memo (10 April 2020)    

    The contractor must ensure that all new and existing applications, systems, or services deemed non-legacy shall expose their data and functionality through service interfaces (for example, OpenAPI specification).    

    Required    

    Required    

    N/A    

    N/A    

    Yes    

    No    

    No    

 

    Data    

    All service interfaces, without exception, must be designed to be consumable from external sources and must plan and design to be able to expose the interface to developers. (Mandatory Implementation of Army Data Standards Services Requirements Memo (10 April 2020), Principle DSR-7)    

    Mandatory Implementation of Army Data Standards Services Requirements Memo (10 April 2020)    

    The contractor must ensure that all service interfaces, without exception be designed to be consumable from external sources and must plan and design to be able to expose the interface to developers.     

    Required    

    Required    

    N/A    

    N/A    

    Yes    

    No    

    No    

 

    Data    

    Metadata about all Army data assets must be registered in the Army Enterprise Data Service Catalog (EDSC) and comply with Dublin Core Metadata Element Sets and International Standards Organization Metadata Registries requirements.(Mandatory Implementation of Army Data Standards Services Requirements Memo (10 April 2020), Principle DSR-3.)     

    Mandatory Implementation of Army Data Standards Services Requirements Memo (10 April 2020)    

    The contractor must ensure that all Army data assets are registered in the Army Enterprise Data Service Catalog (EDSC) and comply with Dublin Core Metadata Element Sets and International Standards Organization Metadata Registries requirements.    

    Required    

    Required    

    N/A    

    N/A    

    Yes    

    No    

    No    

 

    Data    

    All Army data sources must be developed with built-in data exchange capabilities. Data mapping must also be implemented to increase efficiency and ease of use of data assets as they are being translated or transformed. At a minimum, programs and initiatives are required to comply with Global Force Management Data Initiative; International Standards for dates; Geopolitical Entities, Names and Codes, Common (GENC); Joint Consultation, Command and Control Exchange Data Model; or Resource Description Framework standards and schemas. (Mandatory Implementation of Army Data Standards Services Requirements Memo (10 April 2020), Principle DSR-4)    

    Mandatory Implementation of Army Data Standards Services Requirements Memo (10 April 2020)    

    The contractor must ensure that All Army data sources are developed with built-in data exchange capabilities. Data mapping must also be implemented to increase efficiency and ease of use of data assets as they are being translated or transformed. At a minimum, programs and initiatives are required to comply with Global Force Management Data Initiative; International Standards for dates; Geopolitical Entities, Names and Codes, Common (GENC); Joint Consultation, Command and Control Exchange Data Model; or Resource Description Framework standards and schemas.    

    Optional    

    Required    

    N/A    

    N/A    

    Yes    

    No    

    No    

 

    Data    

    Data must be managed across its lifecycle and captured in a data management plan. (Mandatory Implementation of Army Data Standards Services Requirements Memo (10 April 2020), Principle DSR-5)    

    Mandatory Implementation of Army Data Standards Services Requirements Memo (10 April 2020),    

    N/A    

    Required    

    Required    

    N/A    

    N/A    

    Yes    

    Yes    

    No    

    Data Management Plan    

    Data    

    All custom software or customized COTS software written by the Army or developed with Army funding will be centrally controlled and made available to all DoD, IC and inter-agency partners within the approved Army source code repositories on the Unclassified, Secret, and Top Secret networks in accordance with Army Directive 2018-26 (Enabling Modernization Through the Management of Intellectual Property) (Mandatory Implementation of Army Data Standards Services Requirements Memo (10 April 2020), Principle DSR-8)    

    Mandatory Implementation of Army Data Standards Services Requirements Memo (10 April 2020),    

    The contractor must utilize government approved centralized source code repositories to store all government funded software development or customization of COTS products.     

    Required    

    Required    

    Required    

    N/A    

    Yes    

    No    

    No    

 

    Data    

    There will be no other form of Inter-Process communication allowed: no direct linking, no direct reads of another data store, no shared-memory model, and no back-doors whatsoever. The only Inter-Process communication allowed is intra-system data exchanges or service interface calls over the network. All other requests or methods require CIO approval ((Mandatory Implementation of Army Data Standards Services Requirements Memo (10 April 2020), Principle DSR-9)    

    Mandatory Implementation of Army Data Standards Services Requirements Memo (10 April 2020),    

    The contractor must ensure that there will be no other form of Inter-Process communication allowed: no direct linking, no direct reads of another data store, no shared-memory model, and no back-doors whatsoever. The only Inter-Process communication allowed is intra-system data exchanges or service interface calls over the network.     

    Optional    

    Mandatory    

    N/A    

    N/A    

    Yes    

    No    

    No    

 

    CSP     

    Once available, procurement of all DoD Information Impact Level (IL) 6 and below Cloud Service Provider (CSP) Offerings will use the Army s Enterprise CSP Reseller contract. Exceptions to this policy include programs funded by Military Intelligence Program (MIP)/National Intelligence Program (NIP) monies. Other exceptions can only be granted by the ECMO. As contract options expire, existing CSP service contracts will also be migrated to the Army s Enterprise CSP reseller contract.     

    New    

    All Cloud Service Offering (CSO) requirements up through DoD Information Impact Level (IL) 6 that are within scope of the Army Enterprise Cloud Contract Vehicle will be purchased off that vehicle.     

    Required, Once Available    

    Required, Once Available    

    Required, Once Available    

    Required, Once Available    

    Yes    

    No    

    No    

 

    CSP     

    For those CSP Services that exist outside of the Enterprise reseller contract today, the CSP owner must align and integrate their AWS/Azure cloud instances to the cArmy Cost and Utilization Management Tool, to ensure ECMO can view all Army CSP resources and spend.    

    New    

    The contractor will register all cloud instances into the cArmy cost and utilization management tool with any CSP procurement. Cloud instances will be registered into cArmy's management tool within 15 business days of procurement.    

    Required    

    Required    

    Required    

    Required    

    Yes    

    No    

    No    

 

    Data    

    All data will reside physically within the legal jurisdiction of the United States. If the location of the data is not physically maintained within the legal jurisdiction of the United States, written determination from the Contracting Officer to authorize use of another location is required IAW DFARS 239.7602-2(b).     

    DFARS 239.7602-2(b)    

    The Contractor must maintain all data within the legal jurisdiction of the United States IAW DFARS 239.7602-2(b).     

    Required    

    Required    

    Required    

    Required    

    Yes    

    No    

    No    

 

    Security Incident Planning    

    The Army must adhere to the DoD Cloud Computing Security Requirements Guide version 1 release 3 (or superseding versions or releases). IAWS DFARS 239.7604    

    DoD Cloud Computing Security Requirements Guide (DoD CC SRG) Version 1 Revision 3, Section 6.5.1, IAW DFARS 239.7604    

    The contractor must adhere to the DoD Cloud Computing Security Requirements Guide version 1 release 3 (or superseding versions or releases). In particular, contractors must provide security incident response plans. Updates to the plans are required on an annual basis or when a significant change occurs to the technical or operational environment.    

    Required    

    Required    

    Required    

    Required    

    Yes    

    No    

    No    

 

    Security    

    Contracts shall only be awarded to a cloud service provider that DISA granted a DoD Provisional Authorization (PA), at the level appropriate to the requirement, to deliver the relevant cloud computing model IAW with the DoD CC SRG.    

    DoD Cloud Computing Security Requirements Guide (CC SRG)    

    The Contractor will ensure that the cloud environment fully complies or exceeds the security requirements for level ___in the DoD Cloud Security Model SRG. The Contractor will make the environment accessible for a DoD security team to evaluate the environment prior to the placement of any DoD data in the environment and allow for periodical security reviews of the environment during the performance of this contract.    

    Required    

    Required    

    Required    

    Required    

    Yes    

    No    

    No    

 

   Security   

   Data must be encrypted at rest and in-transit   

   CNSSP 15, AR 25-2   

   The contractor shall ensure that all data-at-rest and data in-transit is encrypted utilizing NSA-approved encryption.   

    Required    

    Required    

    Required    

    Required    

    Yes    

    No    

    No    

 

    Cost Management and Reporting    

      Cost Report (Cost Summary Data Report 1921, 1921-5) and CWBS Dictionary      

    EXORD 009-20    

    The Contractor shall ensure that all cloud-related costs/price, which include but are not limited to: cost of modernization and migration of applications, Cloud Service Provider (CSP) costs, and cloud Operations and Maintenance (O&M) costs/prices  are clearly identified and available for government reporting purposes.    

    Required    

    Required    

    Required    

    Required    

    Yes    

    No    

    No    

    Cost/price Report    

 

Common and Data Services

 

  

 

    Service Name    

    Service Description    

    1    

    Operating System Vulnerability Scanning    

    Operating System vulnerability scanning service (e.g., Assured Compliance Assessment Solution [ACAS])    

    2    

    IP Address Management    

    Planning, tracking, and managing the Internet Protocol (IP) address space used in the cloud environment     

    3    

    Virtual Datacenter Security Stack (VDSS)     

    All VDSS components and services (e.g. Web Application Firewall, Reverse Proxy, etc.) listed in DISA cloud SRG and SCCA documents, and DoD enclave protection firewall    

    4    

    Key Management    

    PKI certificate signing, administration, and key management    

    5    

    Network Infrastructure Management and Monitoring    

    Monitor, manage, and alert on events related to network utilization and availability    

    6    

    DDos Protection Service    

    Protects applications in the cloud environment from Distributed Denial of Service (DDoS) attacks    

    7    

    DNS Hosting, Caching, Recursion    

    DNS lookup for cloud-based applications and hierarchical DNS management delegated to mission owners    

    8    

    PKI Cert Validation    

    Online Certificate Status Protocol (OCSP) responder to validate if PKI certificates are valid or revoked    

    9    

    Network Time    

    Cybersecurity mandated accurate time source for DoD systems hosted in the cloud    

    10    

    Patch Management    

    Patch repositories for common operating system patch files.    

    11    

    SMTP Relay    

    Simple Mail Transport Protocol (SMTP) based email relay    

    12    

    Enterprise Directory Services    

    Privileged administrative user and non-person entity Identity, Credential, and Access Management (ICAM) (e.g., Active Directory [AD], Lightweight Directory Access Protocol [LDAP])    

    13    

    Federated Access Management    

    User Identity, Credential, and Access Management (ICAM) (e.g., EAMS-A, SAML Services)    

    14    

    Secure File Transfer Service (SFTP)    

    Securely transfer large files to the cloud environment    

    15    

    Notification Services    

    Alerting and notification (e.g., Short Message Service [SMS])    

    16    

    Endpoint Monitoring    

    Protects computing endpoints from malware and other cyber security threats (e.g., Host Based Security Service [HBSS])    

    17    

    Remote Privileged Access     

    Secure administrative access from the Internet or DODIN to DoD servers in secure cloud enclaves.     

    18    

    Centralized Logging/Auditing    

    Consolidated aggregation point for receiving and storing logs from systems and applications in the cloud environment    

    19    

    Security Information and Event Management (SIEM) and Log Analytics    

    Identifies and categorizes security related incidents and events    

    20    

    Data Dissemination Service    

    Accelerates and consolidates data for transfer utilizing secure network tunnels.    

    21    

    Code Repository    

    Code repository for source code configuration management to support a software factory    

    22    

    STIG Compliant Virtual Server Templates    

    A library which stores DISA Security Technical Implementation Guide (STIG) compliant virtual machine template images    

    23    

    License/Software Management    

    Operating System (OS) level license management    

    24    

    Asset Management Services    

    Discover and track assets such as resources, licensed software, etc. within the cloud environment    

    25    

    Cross Domain Solution (CDS)    

    Automatically move appropriately vetted files between security classification levels    

    26    

    CSSP Services    

    Standardized tools & processes to meet cloud cyber security requirements;      primarily provided by C5ISR to cArmy tenants. Collaboration with cArmy cloud services ops team    

    27    

    Continuous Integration / Continuous Delivery/Deployment (CI/CD) Tools    

    Tools to enable the CI/CD pipeline (e.g., tools similar to the capabilities provided in DI2E.net)    

    28    

    Enterprise Data Catalog and Service Registry    

    Data and service listing for data and service management and automated data processing    

    29    

    Container Platform    

    Enabling container runtime services (e.g., container orchestration)    

    30    

    Budget and Cost Management    

    Provides cloud cost and budget information to mission owners    

    31    

    Resource Management Portal    

    Portal to manage compute and store resources    

 

 

 

 

 

 

 

 

 

    * Note - This listing is current as of 1 May 2020. The number of services is expected to increase as the Army cloud environment matures.    

 

CLIN SLIN Descriptions

 

    Cloud Migration, Hosting, and Managed Services Work Breakdown Structure Potential CLIN/SLIN) Descriptions (separately identified & priced) (aligned with PWS)    

 

    2.6.1 Cloud Migration Support    

    2.6.1.1 Migration Analysis     : Price for assessment/detailed analysis of the required effort to migrate to cloud environment    

    2.6.1.2 Reengineering:      Price for adjusting code or configuration to ensure Operating Systems and Applications can be supported in target Cloud environment. Includes effort to convert OS to target platform, re-establish interface capabilities, user portal connectivity and access, as well as effort virtualize application or data storage    

    2.6.1.2.1 Refactoring     : Price for re-architecting and recoding portions of the application to be compatible with cloud native frameworks/functionality. Includes, for instance, virtualization and conversion to x86 (Optional Detail)    

    2.6.1.2.2 Re-platforming     : Price for efforts associated with changes to system software and middleware to adhere to the cloud environment target platform without changing applications core functionality (Optional Detail)    

    2.6.1.2.3 Re-hosting     : Price for moving from one hosted environment to another. Includes effort to adjust system API/interfaces (Optional Detail)     

    2.6.1.3 Cybersecurity     : Price for security/RMF to achieve cybersecurity compliance and ATO    

    2.6.1.4 Application or System Migration     : Priced effort to move or install applications, systems or other components    

    2.6.1.5 Data Migration     : Priced Effort to migrate/converge data/databases    

    2.6.1.6 Initial Provisioning/Configuration:      Priced Effort to provision operating environments and configure platform management software    

    2.6.1.7 Cloud Access Point Fee     : Priced Effort to establish Cloud Access Point connection to DISA Network (DoD Network Connectivity)    

    2.6.1.8 Test and Evaluation     : Priced Effort to complete testing to ensure performance criteria can be met    

 

    2.6.2 Recurring Hosting    

    2.6.2.1 Hosting Infrastructure    

    2.6.2.1.1 Compute     : Price for computing resources (vCPU/core, RAM) consumed by operating environments    

    2.6.2.1.2 Database     : Price for database operating environments    

    2.6.2.1.3 Data Transfer (In/Out     ): Price data transfer in/out of the of the network or sent to the systems    

    2.6.2.1.4 Storage/Backup Storage     : Price for cloud storage or back up storage    

    2.6.2.2 Software Licenses     : Price for software licenses that are provided by the cloud provider. This can include, for example, Oracle licenses provided as a part of the cloud operating environment. This does not include, for example, application licenses provided by other vendors that are not part of the cloud offering    

    2.6.2.3 Cloud Management Licenses     : Price for software products including middleware that monitor and manage cloud environment    

    2.6.2.4 Cloud Services    

    2.6.2.4.1 Application Management Services (AMS)     : Price for functional application support (SAP/Oracle applications)    

    2.6.2.4.2 Cloud Managed Support Services    

    2.6.2.4.2.1 Monitoring/Server Administration     : Priced Effort to monitor and manage servers and operating system    

    2.6.2.4.2.2 Database Management/Administration     : Priced Effort to monitor and manage application databases, database administration, and SAP HANA support    

    2.6.2.4.2.3 Security/Information Assurance     : Priced Effort associated with ongoing information assurance, security compliance, and Risk Management Framework    

    2.6.2.4.2.4 Software Patching and Deployment     : Priced Effort associated with implementing operating system software patches as well as database, middleware, and application patches; generally applicable under PaaS    

    2.6.2.4.2.5 Program Management     : Price for project management and oversight. Also includes the preparation of management CDRLs    

    2.6.2.4.2.6 Training     : Price to develop education/training materials or conduct training on cloud related principals and techniques    

    2.6.2.4.2.7 Transition     : Price to develop a transition plan, support a transition to another MSP provider, or support a transition to another cloud or an on-premise solution    

    2.6.2.4.2.8 Continuous Improvement    

    2.6.2.4.2.8.1 Process Automation: Effort to develop and maintain tools and scripts used to improve deployment, elasticity, and cloud management     

    2.6.2.4.2.8.2 Architecture Reengineering: Effort, usually provided under managed services, to optimize cloud infrastructure    

 

Previous Page

Top Of Page

Table Of Contents


Sign up for FAR News

Share the FAR

twitter rss mail

Useful Links

FAR Resources

Training

Acquisition Systems

Contact Us | Privacy and Security Notice | Accessibility Aids | Last updated 03/01/21

GSA logo

This is a U. S. General Services Administration Federal Government computer system that is
"FOR OFFICIAL USE ONLY."
This system is subject to monitoring. Individuals found performing unauthorized activities are subject to disciplinary action including criminal prosecution.