Audit of NARA’s Adoption and Management of Cloud Computing

The NARA CIO, acting as the centralized authority for NARA’s cloud computing program, should take the lead and collaborate with business areas such as Acquisitions and General Counsel, to develop, approve, and implement comprehensive policies and...

The NARA CIO should complete and document a review of existing IT systems for cloud compatibility.

The NARA CIO should update the Enterprise Cloud Strategy with clearly defined roles and responsibilities, and develop and implement a written plan to execute the strategy.

The NARA CIO should conduct and document a risk assessment specific to NARA’s implementation of cloud computing in coordination with NARA's Chief Risk Officer.

The NARA CIO should establish and approve a centralized reporting point for cloud computing inventory and develop, implement and communicate a written mechanism to standardize tracking cloud computing inventory across NARA’s business area lines.

The NARA CIO should coordinate with necessary business areas including Acquisitions and General Counsel to develop, approve, and implement its written cloud provisioning guidelines.

The NARA CIO should coordinate with necessary business areas including Acquisitions and General Counsel to develop, approve, and implement its IT Security Contractual Requirements in addition to a method to monitor and enforce the use of the standards.

The NARA CIO, in conjunction with Acquisitions and General Counsel should develop, approve, and implement written standards for centralized maintenance and standardized monitoring of service level agreements and formally communicate the requirement to...

The NARA CIO should coordinate with the Chief Acquisitions Officer, and General Counsel to establish a working group to evaluate and monitor recommendations and best practices for cloud computing procurement in order to improve the content and...