Congress, in its conference report for the National Defense Authorization Act for FY 2019 released earlier this week, is demanding more transparency from the Pentagon regarding the agency’s Joint Enterprise Defense Infrastructure (JEDI) cloud contract.
The JEDI contract has been a source of controversy for some in Federal tech circles due to the Pentagon stating its intention to award the eventual $10 billion contract to a single provider.
Earlier this month Dana Deasy, chief information officer at the Department of Defense (DoD), declined to commit to an official release date for the finalized request for proposal (RFP) for JEDI. The final RFP is now more than a month behind schedule, with DoD missing the May deadline it had initially set for itself.
In the negotiated NDAA legislation, which still needs final votes by the House and Senate and the signature of President Trump before becoming law, legislators are ordering Deasy to submit a report to congressional defense committees regarding the broad strategy behind JEDI. The bill says that Deasy’s report must include:
- A detailed description of what will or won’t be migrated to the cloud under JEDI;
- An update regarding the JEDI timeline;
- Clarification as to how the Pentagon’s current decision to go with a single vendor “provides for a full and open competition”;
- An explanation as to how the single awardee decision enables the DoD to “continuously leverage and acquire new cloud computing capabilities, maintain the ability of the Department to leverage other cloud computing vendor products and services, incorporate elements to maintain security, and provide for the best performance, cost, and schedule to meet the cloud architecture and services requirements of the Department for the duration of such contract”; and
- A description of what effect the JEDI contract is having on existing cloud computing infrastructure, platforms, and service contracts across the DoD. The legislation notes a specific interest in the impact JEDI is having on Defense Information Systems Agency’s MilCloud 2.0.
Also under the NDAA, DoD would be barred from approving new computer systems or applications without first determining whether the system could be cloud-hosted in either the short- or long-term.