Your browser does not support JavaScript!

Chapter 28 - Agency IT Procurement Security and Cloud Requirements for Solicitations and Contracts

28.1 VITA Information security policies, standards and guidelines (Security PSGs) required in all IT solicitations and contracts

28.1.4 Executive Order Number 19 (2018)

Executive Order Number 19 (2018), Cloud Service Utilization and Readiness, directs VITA to develop governance documents in support of the Order's cloud approach that addresses requirements for evaluating new and existing IT for cloud readiness. This process, which shall apply to Executive Branch agencies as defined in § 2.2-2006 of the Code of Virginia, will include details regarding the following areas:

Development of New IT Applications and Solutions

  • As of the effective date of this Executive Order, all new IT solutions proposed for development must either be cloud-enabled or have a documented exemption approved by the Commonwealth Chief Information Officer (CIO).

  • Agencies shall minimize in-house development of custom IT solutions and applications and leverage cloud solutions if recommended by VITA's cloud governance process.

Existing Systems/Applications Cloud Enablement

  • Agencies shall evaluate the continued use of dedicated hardware supporting premise-based IT solutions.

  • Agencies shall develop formal processes to enable application development and business services to evaluate cloud service options when deploying, updating, or investing in existing IT solutions.

All agency cloud solutions shall adhere to VITA security and infrastructure policies, standards, and guidelines that will be located in the ITRM Policies, Standards & Guidelines. All agency cloud solutions shall be obtained through VITA's services as outlined by the agency unless otherwise approved by the CIO.

Agency Reporting

  • VITA shall collect information from each agency indicating the percentage of physical and virtually deployed IT system components as well as cloud-ready workloads.

  • By December 1, 2018, and annually thereafter, each agency shall identify each system's cloud-readiness status (cloud-ready or not cloud-ready) and report this information to VITA, unless granted a temporary or permanent exemption by the CIO.

  • By January 15, 2019, agencies shall provide to VITA information regarding resource requirements necessary to make systems cloud-ready within their IT strategic plans, unless granted an exemption by the CIO. This information shall be evaluated by VITA for cloud-readiness as part of the IT strategic planning process.

  • By June 1, 2019, VITA shall report to the Secretary of Administration on the status of identifying cloud-ready systems within the Commonwealth.

  • Beginning September 1, 2019, VITA shall report annually to the Secretary of Administration on the progress of migrating systems identified as appropriate for cloud solutions.