DISA, GSA clarify classified requirement for DEOS bidders

Aspiring vendors for the Pentagon's $8 billion back-office cloud contract won't have to be certified to host classified data on the date of the award.

Questions from vendors are due on the Defense Enterprise Office Solutions procurement on Feb. 15, but the draft solicitation was updated on Feb. 11 in anticipation of questions on the proposed stringent security requirements.

Vendors will have to meet cloud computing security requirements for impact levels 5 and 6 -- controlled unclassified information and classified. But vendors with a level 5 certification can bid on the contract, with the understanding that a classified certification can follow.

However, permitting vendors lacking level 5 certification to bid on the communications and productivity solicitation, "would unnecessarily delay delivery of capabilities," according to the update.

The deadline for vendor questions coincides with the end of the current continuing resolution covering multiple agencies including the General Services Administration, which is conducting the DEOS procurement on behalf of the Defense Information Systems Agency via its Schedule 70 vehicle.

During the last shutdown, GSA's Federal Acquisition Service, which oversees the federal schedules including IT Schedule 70, remained in operation, even though some GSA personnel were sidelined. FAS is funded by customer fees.

A partial shutdown won't derail DEOS, the agency said.

"A potential government shutdown commencing after February 15, 2019, would have no immediate impact on [GSA's] ability to receive and process responses to the draft DEOS RFQ. The Department of Defense said.

The draft solicitation was first issued on Jan. 31, just days after the conclusion of a 35-day partial government shutdown.