"Put bluntly, "NSF needs to improve its acquisition of cloud services and its reviews of the agency's IT portfolio." This includes developing guidance "regarding standardizing cloud service-level agreements." The GAO believes that the NSF should "consistently" hold cloud service providers accountable for performance, with clear SLAs and remediation plans for non-compliance. The GAO wants to see an SLA with every cloud vendor, and recommends the CIO develop guidance standardizing such SLAs."
"And recommends that the agency complete "annual reviews of its IT portfolio consistent with federal requirements" to identify areas of duplication and ways of streamlining operations and optimizing resource allocation. The letter also mentions "multiple open recommendations in the area of cybersecurity," referring to the Federal Information Security Modernization Act of 2014. The letter was cc'd to the Federal CIO, Gregory Barbaccia of the OMB, who is on a mission to drive down costs and standardize procurement across the government."
The Government Accountability Office pressed the National Science Foundation CIO to improve planning, management, and procurement of technology. The GAO identified recommendations tied to the CIO's roles in effectively managing IT and said attention will help ensure effective IT use. The GAO called for improved acquisition of cloud services, including guidance to standardize cloud service-level agreements and consistent accountability for cloud providers with clear SLAs and remediation plans. The GAO recommended overhauling contracts for high-value cloud-managed assets and completing annual IT portfolio reviews to identify duplication and optimize resource allocation. The GAO also cited multiple open cybersecurity recommendations under FISMA 2014.
Read at Theregister
Unable to calculate read time
Collection
[
|
...
]