CRS INSIGHT
The DOD's JEDI Cloud Program
Updated December 12, 2018 (IN10990)
|
Heidi M. Peters
|
Heidi M. Peters, Analyst in U.S. Defense Acquisition Policy (hpeters@crs.loc.gov, 7-0702)
In September 2017, Deputy Secretary of Defense (DSD) Patrick Shanahan issued a memorandum
calling for the
accelerated adoption of a Department of Defense (DOD)-wide cloud computing system. Under the Joint Enterprise
Defense Infrastructure (JEDI) Cloud program, DOD seeks to "acquire a ... cloud services solution that can support
Unclassified, Secret, and Top Secret requirements," with a focus on commercially available services. Significant
industry and congressional attention has been focused on the JEDI Cloud contract.
What is Cloud Computing?
Broadly speaking, cloud computing refers to the practice of remotely storing and accessing information and software
programs through the internet, instead of storing data on a computer's hard drive or accessing it through an
organization's intranet. It relies on cloud infrastructure, a collection of hardware and software that may include
components such as servers and a network. This infrastructure can be deployed privately to a select user group, or
publicly through commercial services available to the general public.
What is the Current Status of DOD's Adoption of Cloud Services?
DOD maintains more than 500 public and private cloud infrastructures that support Unclassified and Secret
requirements. DOD has described its current cloud services use as "decentralized," creating "additional layers of
complexity for managing data and services at an enterprise level." In a statement accompanying the release of the JEDI
Cloud Request for Proposal (RFP) on July 26, 2018, DOD Chief Information Officer (CIO) Dana Deasy noted that the
department requires an enterprise-wide cloud "that allows for data-driven decision making [and] enables DOD to take
advantage of our applications and data resources" to provide worldwide support for DOD operations.
What Policies Apply to DOD Cloud Acquisitions?
While the Federal Acquisition Regulation (FAR) does not specifically provide acquisition guidance for cloud computing
services, select sections (such as FAR Part 39, Acquisition of Information Technology) may apply. Other government-
wide policies for cloud products and services, such as the Federal Risk and Authorization Management Program
(FedRAMP), may also apply.
DOD policies for acquiring cloud services are prescribed by Defense Federal Acquisition Regulation Supplement
