On March 7th, the Department of Defense (DoD) held its Joint Enterprise Defense Initiative (JEDI) Cloud Industry Day and released its draft JEDI Cloud Request for Proposals (the RFP). DoD announced, and the draft RFP reflects, a single-award IDIQ approach to execute a contract lasting up to 10-years for potentially billions of dollars in IT infrastructure services. This approach is being proffered notwithstanding the fact that there exists a statutory and regulatory preference for multiple award IDIQs versus a single award IDIQ, and FAR 16.504 requires DoD to document its decision/rationale for a single award (which, from our perspective, should be made public).
The RFP calls for what appears to be an IT infrastructure solution built on the cloud. Specifically, it seeks “enterprise-level, commercial cloud services as Infrastructure as a Service (IaaS) and Platform as a Service (PaaS) to the U.S. Department of Defense and related mission partners.” According to the RFP, “the JEDI Cloud service will be offered at all classification levels, across the home front and to the tactical edge, including disconnected and austere environments, and closed loop networks.” See the RFP’s Statement of Objectives (SOO). The SOO further states that its purpose “is to enable the acquisition of modern, enterprise-level cloud services in support of Department related missions and projects from a Cloud Service Provider (CSP) with an existing, large, globally available public offering.”
The Industry Day and draft RFP reinforce the ongoing confusion, uncertainty, and concern surrounding DoD’s acquisition strategy. As a threshold matter, the single-award contract approach raises significant concerns regarding the long term negative impact on access to competition and innovation from the commercial market place. A single-award contract vehicle creates the ultimate barrier to entry for new, emerging technologies and/or capabilities, the very capabilities DoD needs to maintain the technological advantage necessary to defend this nation. A single-award contract also raises security concerns, especially as one looks across the globally integrated, commercial market for cloud products and services.
There also appears to be confusion within DoD regarding single-award versus multiple award IDIQs. For example, in responding to press questions regarding the single-award approach, a spokesperson for the Defense Digital Service (DDS) indicated that a single contract award did not mean it would go to a single vendor. A single award to a prime contractor and its subcontractors is not the same as the award of multiple contracts to multiple prime contractors. Moreover, DDS cannot have it both ways. If the infrastructure work is not to go to a single vendor, then there is no reason to limit the competition to a single awardee.
Additionally, the SOO’s scope, as compared to the CLIN structure services outlined in the draft RFP, raises questions regarding whether and how additional professional IT services will be needed/acquired as part of the overall JEDI effort. Will new/additional JEDI capabilities/services be added through full and open competition or as a sole source to the single-award JEDI contractor? The broad scope and limited CLIN structure underscore the concerns many have raised regarding 10-year vendor lock-in.
Questions also already are being raised regarding the so-called “provisioning tool” mentioned repeatedly by DoD at the industry day. The “provisioning tool” apparently refers to a migration capability that will be provided as Government Furnished Equipment (GFE) to the JEDI Cloud contractor. Little is known about this tool, such as the circumstances surrounding its development, the developer, whether any technological biases or assumptions are associated with it, and whether any potential cloud provider competitors were involved in any way with its development, thus giving rise to a potential conflict of interest or unfair competitive advantage in the JEDI cloud procurement.
Section M of the draft RFP provides limited information, creating significant uncertainty around the evaluation process. It simply is not clear how any evaluation will assess the relative quality between proposals, and, with no metrics or standards, industry cannot make intelligent business decisions between tradeoffs in capability versus price. Moreover, there appears to be some confusion in explaining the evaluation criteria to the public. In response to questions from the press, a DDS spokesperson focused on industry’s understanding of the “gate criteria” to position themselves to be competitive. The gate criteria (Factor 1), which themselves are unclear, will set the competitive field. To position themselves competitively for the single, best-value award, however, vendors need much more information regarding the metrics for the qualitative criteria in Section M (Factors 2 through 9).
Finally, the deadline for submission of comments and questions on the draft RFP is March 21st. The formal RFP is expected to be released in early May. This timing is significant. A two-week timeframe to review and submit comments on such a significant procurement has raised questions as to whether the Department really is interested in hearing from industry and adjusting the RFP based on industry input before formal release in early May. This approach simply is not sound procurement practice.
In sum, during the industry day, DoD said it was bending around the commercial cloud. Based on the presentation and the draft RFP, however, one wonders whether it is bending around a specific cloud solution.