DISA, NIST Developing Catalog of Cloud SLA Metrics

The Defense Information Systems Agency (DISA) and the National Institute of Standards and Technology (NIST) are collecting industry feedback to create a “catalog of standardized metrics” for Federal commercial cloud service level agreements, according to a DISA request for information.

The RFI notes that “an inter-agency working group is developing a catalog of metrics that can be available to Federal agencies for use in their commercial cloud procurements.” These metrics will not be mandatory, but will serve as a “helpful tool” for agencies developing requests for proposals.

“Having a catalog of standard SLA metrics will assist Federal Agencies in compliance with GAO Report 16-325, Agencies Need to Incorporate Key Practices to Ensure Effective Performance,” the RFI notes, calling back to GAO’s 2016 report on the Office of Management and Budget’s (OMB’s) guidance on cloud SLAs. In that report, GSA found that most cloud contracts were not fully utilizing identified key practices.

DISA and NIST identified 10 categories where Federal agencies need metrics: Accessibility, Availability, Performance, Service Reliability, Data Management, Attestations, Certs and Audits, Change Management, Cloud Service Support, Governance, and Termination of Service. Industry is invited to provide metrics that fit within these categories by September 10th.

Recent