The CIA is reportedly planning to award a multibillion-dollar contract to extend its cloud services for the intelligence community to more than one vendor by summer 2021.

This is the contract you've been looking for: Pentagon releases JEDI bids READ MORE

Perhaps heeding the lessons learned from the Pentagon's tortuous and complaint-ridden bid process for its own cloud contract, JEDI, the CIA will start the process off with multiple vendors.

The intelligence agency is no stranger to controversial cloud awards, having handed a $600m deal to Amazon in 2013, for it to build a private cloud infrastructure for the CIA. This went on to attract what were ultimately unsuccessful bid protests from IBM.

This time, the CIA is planning to bring in multiple commercial cloud vendors – assuming they have an established record for innovation, serve a large customer base, can provide services globally and locally, and meet security and resilience requirements.

According to briefing slides (PDF) shared during an industry day last month and published by US trade outlet Washington Technology, the project, called IC Commercial Cloud Enterprise (C2E), will be worth "tens of billions" and should be open for bids by January 2020.

The work will involve all types of cloud services and associated professional support services, covering unclassified, secret and top secret materials, and must include artificial intelligence, distributed computing, automation and mobile device platform support.

Oracle takes its gripes about Pentagon's JEDI contract to federal court READ MORE

The slides set out a two-phase procurement process: first, to acquire foundational cloud services, including IaaS, PaaS and SaaS from multiple commercial cloud vendors. Second, to acquire specialised PaaS, SaaS and multiple cloud management capabilities to "augment" those from phase one.

Among the CIA's draft high-level requirements is that vendors provide services at the "tactical edge", minimise loss of service and provide application and data interoperability. There should be threat mitigation and security measures, and allow the use of BYOL PaaS and SaaS products.

They should also provide "industry-leading" service level agreements that include "significant penalties" for failing to meet established thresholds in service availability, scalability and data reliability.

According to the slides, the government will release a request for information between April and May 2019, with a draft request for proposal planned for January 2020 and an award of one or more contracts "no later than July 2021". ®