Skip to main content

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Share your experience with the FAS IT-Playbook by taking this brief survey

Cloud Onboarding Process Archive

The Cloud Smart Journey consists of five phases that can only be accomplished through collaboration across FCS, the Modernization Teams, Business leadership. Utilize the contents of this page to obtain a deeper understanding of the tasks, outcomes, and artifacts encompassed in each phase of the Cloud Smart Journey.

Cloud Smart Journey

Click on the following link to view the Cloud Smart Journey Personas

Phases

Phase 0 - Intake
Purpose

The purpose of the Intake Phase is to begin a collaborative partnership with the tenant, obtain an understanding of the application needs through the Lean Intake Assessment and application Requirements Template, and assess cloud readiness.

A diagram that illustrates the intake phase of the Cloud Smart Journey. The Tenant submits a Cloud Advisory Service Request, then completes the Lean Intake Questionnaire. The Cloud Advisory group sets up tenant space and provides guidance on development and Cloud Advisory Working Group (CAWG) template, while Security and Compliance evaluates the the data types and data sharing outlines in the lean intake assessment. Next the tenant will develop the requirements document which Cloud Advisory team reviews to begin the initial Cloud Rationalization Assessment and High Level cloud projection. Meanwhile CAWG Sponsor scores the effort and impact of the cloud project to prioritize it among other projects, then coordinates with the tenant to present the Cloud Project to the CAWG meeting.

Cloud Advisory Services*: Any changes related to the architecture, operational model, security boundary to existing services or products. New Capability enablement or Capability enhancements to existing products. New product(s) to be brought into FCS to develop to be a new service.

Cloud Advisory Intake Form

Navigation Path: Home > Service Catalog > Enterprise Services > Cloud Services > CISS Cloud Service

Outcomes
  • Completed intake request
  • Increased understanding of tenant needs
  • Completed set of requirements
Security Outcomes
FCS Tenant:

  • Completes Security section of the Intake Questionnaire
  • Defines roles and responsibilities, to include POCs such as System Owner (SO), Lead Developer (if applicable)

View Templates

Phase 1 - Advisory

Purpose

The purpose of the Advisory Phase is to orient tenants to the Cloud Smart Journey process; and validate requirements which will drive the assessment and target model leading to a cloud migration rationalization strategy.

A diagram that illustrates the Advisory phase of the Cloud Smart Journey. In this phase, The Cloud Advisory works with the tenant to gather any additional information that may be needed to assess the cloud project. Cloud advisory then conducts an analysis and assessment of the project, including cost analysis, application rationalization, architecture review, security, risks, and compliance assessments, and other requirements review. This helps the cloud advisory develop an initial cloud advisory recommendation and path forward. In parallel, cloud product provider and the security and compliance team work with the cloud advisory team to establish a roadmap to achieving critical milestones that ensures security and cloud compliance. The cloud advisory recommendation is then shared with the tenant for tenant approval. This concludes the Advisory phase.
Outcomes
  • Completed assessment
  • Initial rationalization strategy
Security Outcomes
FCS Tenant:

  • Obtains FCS ATO Package and Templates
  • Provides details for planned System/Data Interconnections; including disclosure of any additional baseline security requirements
  • Discloses all necessary security requirements to Cloud Advocate

View Templates
Phase 2 - Enablement
Purpose

The purpose of the Enablement Phase is to collaborate with FCS Security and FCS Product Team to develop and gain concurrence on the Cloud Modernization Plan. Completion of the Cost Estimate, Schedule, and Onboarding Checklist are put in place to execute the Cloud Modernization Plan.

A diagram that illustrates the Enablement phase of the Cloud Smart Journey. In this phase, The Cloud Advisory uses the information gathered in the previous phase to develop Cloud Modernization Plan and the Cost Projection with inputs from the tenant and the Product Providers for t-shirt sizing and any additional feedback as needed. The finalized modernization plan and the cost projection are shared with the tenant for their approval. The tenant takes the plan and the cost projection for internal consensus and secures project funding aligned with the projected cost. Once confirmed, Cloud advisory works with the tenant and the Cloud Enablement Triage Team, or the CETT team, to baseline the onboarding checklist. The Cloud Advisory team, which has been the primary point of contact for the tenant, hands off to the CETT team for moving forward in the cloud smart journey. This concludes the enablement phase.”
Outcomes
  • Rough Order of Magnitude
  • Cloud Modernization Plan
Modernization Agreement Overview
The Modernization Agreement formally defines the relationship between the Cloud Ecosystem and each Tenant and establishes mutually accepted expectations for the partnership. Read the Modernization Agreement Overview for more information.
Security Outcomes
FCS Tenant provides:

  • Clear and achievable strategy to addressing FCS security requirements (example: initial control gap assessment)
  • Plans to address security artifact delivery and identifying potential delivery risks
  • Draft Rough Order of Magnitude (ROM) based on ISSO checklist and other considerable factors
  • Detailed System Description (Use and Purpose required)
  • Synchronize development timeline with security artifact(s) development
  • Determination of applicable Security Documents (example: incident response plan may not be applicable)

View Templates
Phase 3 - Adoption
Purpose

The purpose of the Adoption Phase is to enable production readiness, complete all security requirements to achieve the ATO, implement supporting structures to drive adoption, and monitor the project from kickoff to launch to ensure the anticipated outcomes of the Cloud Modernization Plan are met.

A diagram that illustrates the Adoption phase of the Cloud Smart Journey. In this phase, The CETT team kicks off the onboarding process with the tenant and guides the tenant through project management and prioritization for organizing and driving project milestone progress per cloud strategy, assessing and communicating any new feature requests, and capturing any risks in real-time. The CETT team also assists with production deploy support to engage GSA IT security, product teams, and other stakeholders to drive the resolution of critical launch dependencies. Meanwhile, the CETT team also provides ongoing tenant support via chatops, touchpoints, and JSM tickets. The Cloud Product Provider meanwhile prepares the deployment setting up dev, test, stage, prod environments, any application pipelines, and training. The Product Provider also develops any approved new features from the cloud strategy, readies the production deployment, and support the tenant software development lifecycle via the JIRA ticket system. The Product provider also provides any go-live support for the production deployment. While this is going on, the security and compliance team readies the systems security plan consisting of 14 documents in the ATO package in collaboration with the tenant. The security and compliance team also assists with security and engineering review cycles, penetration testing, and security assessment reviews which result in a security assessment recommendation. The tenant’s role in this phase is application planning, development, and release, coupled with security and engineering design reviews, testing, and other document development to ready the application for deployment. Cloud Advisory continues to support from strategic, architectural, and technical guidance perspective for the tenants and collaborates with CETT for project reporting. When the application is deployed successfully, this phase is concluded.
Outcomes
  • Tenants are fully active and onboarded to their environment with operational support structures in place

Cloud Smart Journey Adoption (Phase 3) Kickoff

This Kickoff is the first meeting with CETT on continuation of phases in the Cloud Smart Journey. This presentation will get things started with the right teams and help get everyone on the same page with clear communication between all parties involved. View the Kickoff presentation here.

Kickoff Adoption Plans

Take a look at adoption plans for customers standing up services in the enviornments that compose our FAS-IT Cloud Services.

Workspace Adoption Kickoff VPCaaS Adoption Kickoff Cloud Support Sandbox Adoption Kickoff MCaaS Adoption Kickoff Cloud Support Lab Adoption Kickoff Data Adoption Kickoff
Security Outcomes
FCS Tenant ensures:

  • Clear understanding of Security Assessment Plan (SAP) amongst key stakeholders
  • Initial Security Authorization timeline is approved by all-parties
  • Final FIPS 199 categorization is determined
  • PTA and PIA Forms are reviewed and approved (if applicable)
  • Final e-Auth Level is determined
  • Security review and approval of draft SSPP
  • Actionable next steps to initiating and completing applicable Security Documentation such as but not limited to: Contingency Plan (CP), Business Impact Assessment (BIA), Incident Response Plan (IRP)
  • Security Assessment Report (SAR) and Authorization decision are obtained

View Templates
Phase 4 - Optimization
Purpose

The purpose of the Optimization Phase is to provide ongoing service support and maintenance for onboarded tenants, track cloud utilization measures, and partner on continuous modernization efforts.

A diagram that illustrates the Optimization phase of the Cloud Smart Journey. In this phase, the tenant monitors the application operations and engages with other stakeholders as necessary to address service and security issues while maintaining ongoing development and engaging in optimization opportunities. Cloud Advisory partners with the tenant for out-year roadmap planning for modernization and optimization opportunities with risks and funding considerations and continues to provide strategic, technical, and architectural guidance to tenants as needed. The cloud compliance team conducts ongoing monitoring and security operations to mitigate and respond to vulnerabilities and threats. Cloud Product Provider supports applications in ongoing development or addressing technical issues and concerns with after hours requests if needed. The Product provider also identifies opportunities for services and optimizations when the opportunity arises. The CETT team orients the tenants to available self-service options, trainings, and other ongoing tenant JSM ticket prioritization and support to resolve issues, implement process improvements, and continuously improve the tenant experience.

Transition To Operations

At the conclusion of the Optimization Phase (standard is 90 days post go-live), the Cloud Support team will host a Site Reliability Engineering (SRE) transition meeting with the FCS Operations team. From that point forward, the FCS Operations team becomes the tenants main point of contact and is responsible for handling routine maintenance, incidents and outages, certificate rotation, off business hours support, and other O&M activities. Cloud Support will continue to triage and manage Jira Service Management tickets and requests.

Outcomes
  • Tenants are self-managed and operating in optimized environments
  • Feedback is collected to achieve continuous improvement
Security Outcomes
FCS Tenant must partake in recurring Continuous Monitoring activities such as:

  • Discussion for ongoing audits
  • Vulnerability Scans (Weekly/Ad-Hoc)
  • Active ATO Progress (e.g. re-authorization)
  • Planned Security Activities
  • Security Roadblocks
  • Executive Orders, Updates to NIST Publications/RMF/ FISMA Data Calls
  • ISSO Self Assessments and Checklist status update
  • Plan Of Action and Milestones (POA&M) updates
  • Discuss Risk Based Decisions for risk acceptance (when applicable)
  • Review list of SecOps approved security tools to determine tenant's operational needs.
  • Payment Card Industry (PCI-DSS) Assessment progress (if applicable)

View Templates