Upload
others
View
2
Download
0
Embed Size (px)
Citation preview
AGENDA
2
Opening RemarksIT Procurement Modernization StrategyCALNET UpdateProgress ReportQ & AClosing RemarksNetworking
4
UPDATESReset of Expectations for IT Procurement Modernization It is a two year effort, & it is just the beginning
Service Level Catalog
Hybrid Cloud Services for Infrastructure & Platform – CalCloud 3.0 Demand driven by State government customers & Security requirementsFedRAMP High IaaS & PaaS Cloud ServicesFedRAMP Mod to come soonStatewide Data Center still provides On-Premise services
Simplify Procurement Process State government customers to leverage the Service Request (SR) process Infrastructure & Platform Cloud Services, Data Center Services & VHSS Services
Myths vs Facts
5
MYTH FACTFedRAMP requirement applies to all Cloud Services FedRAMP requirement only applies to Infrastructure and
Platform Cloud Service (IaaS and PaaS) NIST requirement is for Software Cloud Services (SaaS)
For SaaS, NIST requirement will be further revised to NIST 800-171 & SOC 2 Type 2 (DGS will address notification per process)
Customer departments to determine appropriate security level based on individual needs
FedRAMP needs to be certified by each of the state entity who uses the service
FedRAMP just need one Authority to Operate (ATO) by a federal sponsoring entity
All data center on premise equipment will be purchased by CDT
Data center grade equipment will be available to be purchased by predefined data centers in the state
Procurement can be done through existing channels For departments (non data center) purchase of data
center equipment, CDT will be part of the vetting process with exemption process in place
State of CA is not leveraging NASPO State of CA is using NASPO for appropriate products & services, & is in regular dialog with NASPO for further collaboration
6
DEFINITIONSFollows NIST standard definition of IaaS, PaaS, & SaaSFor Procurement purpose only:IaaS PaaS SaaS Includes processing,
storage, networks that enable consumers to deploy & run operating systems & applications.
The consumer does not manage or control the underlying cloud infrastructure.
Minimum security requirement: FedRamp Moderate Authorized
Includes cloud infrastructure that enables customers to deploy consumer-created or acquired applications using programming languages, libraries, services, & tools supported by the Cloud Service Provider.
The consumer does not manage or control the underlying cloud infrastructure including network, servers, operating systems, or storage, but has control over the deployed applications & possibly configuration settings for the application-hosting environment.
Minimum security requirement: FedRamp Moderate Authorized
Includes applications running on a cloud infrastructure that are accessible from a web browser or application programming interface (API).
The consumer does not manage or control the underlying cloud infrastructure including network, servers, operating systems, storage, or even individual application capabilities, with the exception of configuration settings.
Minimum security requirement: NIST 800-171, SOC 2 Type 2
8
FedRAMP OVERVIEW Created by the Federal Government to standardize the approach to for security
assessments, authorization, & continuous monitoring for cloud products & services. Thus far has saved Federal Government $130 million
Now has evolved to include “FedRAMP Accelerated” process which is cheaper/faster & FedRAMP Tailored for low security SaaS solutions. Thus far 15 FedRAMP Ready, 61 in process & 91 authorized products Multiple states utilize FedRAMP as a required security baseline for government contracts
CALNET: NEXT GENERATION OPPORTUNITIES Develop a roadmap to communicate Statewide Telecom strategic vision Increase customer base involvement Add more flexibility into our acquisition methods Improve vendor experience & engagement
12
CALNET: NEXT GENERATION PROPOSED CHANGES
13
CALNET – California Network & Telecommunications Program Statewide telecommunications service offerings under one program
Pre-qualified Multiple Award Contract (PMAC) Expansion Allow vendors to be in the pool based on general administrative requirements Just-in-time, continuous filing Vendors are not limited to specific categories
Adopt flexible acquisition models in addition to the current model Ability to add categories or services Staggered solicitations & not co-terminus Customizes acquisition approach appropriate to a serviceMay utilize Form 20 or RFO
PROGRESS IN PROCUREMENT
15
Winter 2015/16 Smaller procurement for Business
Solution providers (allow more vendors to compete)
Spring/Summer 2016 Pre-qualified vendor pool for Agile
developers, etc. (simplify procurement) Fall/Winter 2016/17 Amended CalNET3 to add new services Streamline process for customers to
acquire infrastructure & platform servicesSpring 2017 IT-MSA refresh (by DGS) On boarded additional Vendor Hosted
Service (VHSS) providers
Expanded Pre-qualified vendor poolSpring/Summer 2017 FedRAMP high contract awarded
Summer 2017 Codify 6611 for CDT with no sunset date
Fall 2017 Continuation of IT procurement
modernization IT-MSA Refresh – November IaaS, PaaS, SaaS T & Cs Refresh –
November FedRAMP Mod Procurement – Upcoming