Notice ID 2021-0005
The SEC executed a limited source justification to increase the BPA value by $1.5M for the SEC’s AWS Cloud IaaS service. The existing BPA was issued to Amazon Web Services under GSA schedule # 47QTCA19D00C. This justification increased the BPA ceiling value to $1,749,900…”
“3. Description of the supplies or services required to meet the needs of SEC and the estimated value.
This requirement is for:
The use of the Amazon Web Services (AWS) such as Infrastructure as a Service (IaaS), Platform as a Service (PaaS) and professional Consulting services to plan, design, build, migrate and operate SEC on-premise services to AWS Cloud.
Where it’s to be used:
Selected SEC on-premise services will be migrated to AWS utilizing a phased approach. A road map and implementation plan for the deployment of the AWS development platform and full migration of applications has been developed.
Who is to use it:
The Office of Information Technology and primarily the SEC AWS Cloud Environment (ACES) team.
The SEC requirement it satisfies:
SEC requires the following key features from CSP for the Cloud migration and operation of system applications and data:
- The ability to meet compliance with key government/security standards including: Federal Risk and Authorization Management Program (FedRAMP) at the moderate level (required); Service Organizational Controls (SOC) 1-3 Compliant; and International Organization of Standards (ISO) 27001 Certified.
- Compatibility with existing applications hosted by the SEC and SEC partners in order to reduce application refactoring during migration…
- Compatibility with the SEC’s Information Security Controls Manual…
- Availability and resiliency requirements: …”
“When and how long the item is needed:
The BPA period of performance is through FY22…”
- The authority and supporting rationale…
What is unique about the item?
The AWS cloud service is currently used by the SEC for hosting and operating applications in the Cloud environment…
How only that item can meet the SEC’s requirement and none other?
AWS is the only CSP that meets all of the SEC’s requirements identified in paragraph 3 of this LSJ for Infrastructure as a Service (IaaS) General Support System (GSS)…
What would happen if the item were not procured?
This results in unacceptable security exposure of critical SEC computing resources to CSB personnel and has a negative financial impact by not delivering needed capability…”