“JWCC requires highly skilled services to support office operations, and the delivery of modern enterprise cloud services and related technologies. These services must include technical expertise in cloud engineering, cybersecurity, financial management, program execution support, and technical writing through direct support of system owners and technical experts regarding various challenges with migration to the cloud and leveraging commercial cloud technologies,” officials wrote. 

The Department of Defense awarded its highly-anticipated enterprise cloud contract to Google, Oracle, Amazon Web Services and Microsoft in late 2022. 

JWCC marks a key element in the DOD’s push for digital modernization, and the original contract has a ceiling of $9 billion. Officials have been somewhat tight-lipped about JWCC progress since the program’s inception — but as of August 2024, the Pentagon had awarded just under $1 billion in task orders to vendors competing for the enterprise cloud initiative.

This latest defense cloud-enabling information request was published by DISA’s Hosting and Compute Directorate, which is responsible for managing the JWCC contract vehicle.

“This is a SOURCES SOUGHT NOTICE to determine the availability and technical capability of 8(a) certified small businesses to provide the required products and/or services,” officials wrote.

Such companies have gone through and been verified by a federal government-run federal contracting and training program designed for experienced small business owners who are considered socially and economically disadvantaged. 

In Thursday’s notice, DISA officials list and define associated in-demand capabilities across three categories: Cloud Infrastructure and Engineering; Cybersecurity and Risk Management; and Infrastructure and Software Engineering.

The work is envisioned to be performed at DISA facilities inside and outside of the continental U.S. The anticipated period of performance is a 1-month transition period, an 11-month base period, and four 12-month option periods.

Businesses that aim to respond must submit information including a brief capabilities statement to an email included in the notice, by July 31.

Earlier this year, DISA unveiled plans to roll out a follow-on to the current enterprise cloud vehicle — named JWCC Next — likely in 2026. A DISA spokesperson declined to answer questions Thursday regarding the motivation behind this new sources sought notice, or how it fits into the agency’s vision for JWCC Next.

“As standard practice, DISA cannot discuss open solicitations posted on SAM.gov or other sites, as it could violate established procurement regulations and policies. Therefore, we have nothing to add at this time,” the spokesperson told DefenseScoop.

The post DISA pursues new engineering and IT partners to enable the Joint Warfighting Cloud Capability appeared first on DefenseScoop.

He entered the role in December 2021, a tumultuous era marked by controversy over the Joint Enterprise Defense Infrastructure (JEDI) cloud effort. In the midst of the fallout, Sherman recognized that the department needed to pivot.

“I truly felt we were figuratively fighting and dying on a hill not worth fighting and dying on,” Sherman told DefenseScoop. “All this litigation that we were stuck in and back-and-forth between the several cloud service providers, I felt we were all expending energy against the wrong goals.”

Six months into his tenure as DOD CIO, he made the recommendation to cancel JEDI — a program that sought a single vendor for the Pentagon’s first enterprise cloud capability — and pivot to a multi-vendor acquisition process under what is now known as the Joint Warfighting Cloud Capability (JWCC).

“That, to me, has been the flagship or one of the top achievements I’ve had as CIO,” Sherman said.

Sherman announced June 6 that he would be departing as Pentagon CIO by the end of the month, moving into a new role at Texas A&M University, his alma mater, as the Dean of the Bush School of Government and Public Service.

During an exit interview with DefenseScoop on Monday, Sherman reflected on his nearly three-decade career in government where he often campaigned for novel approaches and technologies to accomplish missions.

“Anytime you’re doing something new, you’re gonna break some glass doing it,” he said.

A ‘digitally focused’ IC

After serving in the Army as an air defense officer in the 24th Infantry Division, Sherman said he was interested in working in the intelligence community and initially applied to be an all-source analyst at the Central Intelligence Agency.

But when he received his interview package, he was sent to Building 213 in Washington, D.C.’s Navy Yard where the DOD was standing up the new National Imagery and Mapping Agency — now known as the National Geospatial-Intelligence Agency (NGA). Sherman was hired as an imagery analyst in 1997, investigating and distributing geospatial intelligence on the Iraqi Republican Guard.

“Working that Republican Guard account for several years will, and continues to be, one of my fondest memories in the IC — working with some amazing teammates in Building 213 supporting U.S. Central Command and other entities with what I thought was insightful analysis during the no-fly-zone days, and then moving to the start of Operation Iraqi Freedom and onward,” Sherman said.

He would spend the next 23 years in the intelligence community, including as the CIA duty officer in the White House Situation Room, an all-source analyst on the National Intelligence Council and a role at the NGA Office of the Americas.

Notably, Sherman was part of the small team that was present in the White House Situation Room on the morning of the September 11 attacks on the World Trade Center.

“It was a sobering experience, but also we were honored to be there to support crisis operations on that day,” he said.

In 2014, the CIA was looking to become more “digitally focused,” and Sherman became one of two deputy directors of the CIA’s Open Source Enterprise (OSE) managing the tradecraft of open source intelligence. He led the Middle East and Asia portfolios, as well as the portfolio for emerging technologies where he first began experimenting with commercial cloud capabilities, he noted.

While at OSE, Sherman helped stand up a low-side cloud capability called the Open Source Data Layer and Services (OSPLS). The effort leveraged Amazon Web Services and other capabilities provided by the IC’s Commercial Cloud Services (C2S) program to provide a cloud-based environment for less sensitive and non-critical information.

He detailed how he also took part in the Eyesight Mission Users Group. Although the group’s focus is classified, Sherman said the experience taught him critical lessons on data standards and exactly how cloud technology works.

“What I was able to do was, as one of the initiative leaders, use open-source gathered information to feed into NSA’s gov cloud — which was their part of the classified capability — to then run the compute against this open-source information and find new things that we would not have been able to discover otherwise,” he said.

Sherman was later tapped to serve as the intelligence community’s CIO in 2017, and during his time he initiated several innovative changes that allowed the IC’s IT enterprise to evolve. 

One of those was shifting focus on a program known as the Common IC Desktop Enterprise, which initially looked to create a unified architecture that would allow analysts and officers to move between agencies without the hassle of transferring their data. Despite all of the money and time the IC had already invested into the effort, Sherman said he recognized it wasn’t working.

“It was never going to scale out to being this IC-level capability that it was envisioned to be, and so we pivoted to a federated architecture where we would have standards and then be able to accomplish some of the same interfaces — but not with this unified overall architecture that we were first going along,” he said. 

Another accomplishment as IC CIO was the creation of the Commercial Cloud Enterprise (C2E) program. The intelligence community had been using a single-vendor approach under C2S since 2014, and Sherman initiated the follow-on C2E effort to bring a multi-vendor, multi-cloud capability to the IC in 2020, with Amazon Web Services, Microsoft, Google, Oracle and IBM serving as vendors.

“I’ll also admit this freely — C2E was the model for what became JWCC at DOD,” he said.

Leaning into hard decisions

Sherman was brought into the Defense Department as the principal deputy CIO in 2020, later replacing then-CIO Dana Deasy when he left his position in 2021. Although the department was grappling with many problems with its IT enterprise then, there are still a number of other issues the new CIO who replaces him will face in the future, he said.

“I don’t know what the next hard decision is going to be, but be ready to lean into that,” he said. 

Still, Sherman touted the accomplishments he made during his time at the Pentagon, especially related to the department’s pivot to JWCC and the awards made to Google, Oracle, Amazon Web Services and Microsoft for the program at the end of 2022.

He noted that over $700 million worth of task orders across all three security classifications have been awarded through JWCC to date, with organizations like the F-35 Joint Program Office, defense agencies and combatant commands all on board with the program.

JWCC’s growth has also initiated the Pentagon’s new Joint Operational Edge (JOE) initiative to provide cloud capabilities at the tactical edge — a concept he calls the “lily pad.” One JOE cloud has already been installed at Joint Base Pearl Harbor-Hickam in Hawaii, another is coming online next in Japan, and the Pentagon is currently looking at sites for a third one in Europe, he said.

“One of the big things that we talk about a lot with cloud tradecraft is procuring cloud is not the end of the story. You have to learn how to use it, you have to learn how to apply it to your mission,” Sherman noted.

As it prepares for the next phase of the program, dubbed JWCC 2.0, Sherman has directed the CIO’s team to conduct an after-action review of the entire effort. 

“While I’m a huge fan of it, I know it’s not perfect. Because like with C2E, we’re kind of figuring out how to walk and chew gum in a multi-vendor environment,” he said. “What can we do better for JWCC 2.0? Are there things we can put into place to make [software-as-a-service] offerings easier to manage?”

Along with cloud modernization, Sherman has led efforts to improve user experience at the department by creating a UX portfolio management office at the CIO, fix the lengthy authority to operate (ATO) process in response to complaints from industry, and move the Pentagon into adopting a zero-trust cybersecurity framework by 2027.

In a statement to DefenseScoop, Deputy Secretary of Defense Kathleen Hicks praised Sherman for positioning the department for success while he served as CIO.

“John tackled some of the most complex challenges in the Department during his tenure, advancing the Department’s information advantage and improving our decision superiority, from the combatant commander down to the platoon leader,” Hicks said. “His leadership on ground-breaking initiatives such as the Joint Warfighting Cloud Capability, Zero Trust Architecture, and the Emerging Mid-Band Spectrum Sharing assessment materially strengthened US national security.”

A key challenge for the department moving forward will be to ensure it is modernizing at the pace it needs to, all while leveraging industry capabilities when it can, he said.

“As we talk big thoughts about edge cloud and transport and zero trust, never forget that it comes down to a service member’s ability or civilian’s ability to do their job — not only at the Pentagon, but out at Osan Air Base in Korea, or onboard a ship in the Red Sea, or at a special forces detachment in Africa,” Sherman emphasized.

Another will be tackling the Pentagon’s growing tech debt, he added. Warfighters are still using a lot of outdated technology from previous conflicts in the Middle East, and Sherman noted that understanding that priority and leveraging the entire enterprise to address it quickly is crucial for the department.

“We’ve got to pay the piper on this because in the digital battlefield that we’ve seen in places like Ukraine and what we could have to face in the western Pacific, these digital IT capabilities are war-winning technologies,” Sherman said. “It’s not just blinky lights and data centers, this is the difference for decision capability for our commanders.”

When asked what advice he would give to the next DOD CIO, Sherman emphasized the importance of working as a team with all of the departments and components at the Pentagon, as well as collaborating with industry as much as possible.

Leslie Beavers, DOD’s principal deputy CIO, will serve as acting CIO as Sherman departs until the department makes a decision on a full-time replacement.

He also pointed to the importance of strong leadership when making hard decisions and setting a clear north star for some of the departments where change might be a heavy lift.

“This has been the greatest opportunity I’ve had professionally, but also I’d be lying if I didn’t say it’s the most challenging,” Sherman said. “So that would be my advice to the next CIO: Buckle your chin strap and get ready, because this is going to be a heck of a ride.”

The post From Building 213 to the Pentagon: John Sherman reflects on his legacy in government appeared first on DefenseScoop.

Known as Project Enigma, the digital environment aims to allow Space Systems Command (SSC) to collaborate with different stakeholders in a multi-enclave, cloud-based shared network. The service awarded GDIT an $18 million other transaction authority agreement in 2023 to develop the prototype digital infrastructure, and the company recently received an extension contract to add more capabilities to the platform, according to Travis Dawson, GDIT’s senior director for Project Enigma.

“This resulting digital services ecosystem will further drive resilient, secure information-sharing to anyone, anywhere, at any time,” Dawson said in an interview with DefenseScoop.

GDIT hosted around 200 government stakeholders for a demonstration of Project Enigma earlier this month at Los Angeles Air Force Base, where the company showcased some of the digital environment’s capabilities, including digital engineering tools, a software factory with DevSecOps pipelines, an IT service management desk and more.

“Working in a government setting and having the ability to sit at one device and do classified and unclassified work on the same device is monumental,” Dawson said. “Rather than having to leave your device and go to a secure facility, login with some classified credentials, etc., you can do that from one device.”

During the event, the company also demonstrated an initial operating capability of Project Enigma’s Commercial Solutions for Classified (CSFC) offering. Approved by the National Security Agency, CSFC allows users to work on classified networks either in-office on a desktop version known as a “trusted thin client” or remotely on a laptop, Dawson said.

“We’re rolling out both of those … right now, putting the trusted clients on the desk within Space Systems Command in L.A.,” he said. “Those provide the ability to securely communicate in … multiple independent levels of security simultaneously from a single device, and it ultimately could be from a remote device.”

The company is currently focused on enabling work in secret-level classified environments. There is some appetite within the U.S. government to add top secret and special access programs (SAP), but the company has yet to begin work on those, Dawson said.

Moving forward on its extended contract, GDIT is currently working on expanding access to Project Enigma beyond those within SSC and incorporating connections with industry partners, he noted.

GDIT also plans to add more mission partners and more commercial cloud service providers to the platform, creating a classified multi-cloud environment for collaboration, he said. While Dawson couldn’t name which cloud service providers would be integrated, he noted that they are companies approved by the Defense Department’s Joint Warfighting Cloud Capability contract vehicle. Microsoft, Oracle, Amazon Web Services and Google compete for task orders under the JWCC program.

The addition of commercial cloud is part of a larger GDIT effort known as digital accelerators, Dawson said. The company offers a portfolio of tailored solutions from the commercial sector — from artificial intelligence to cybersecurity — that can be brought into different platforms.

“These are integrated commercial technologies. They have been cyber hardened, and they’re customizable,” Dawson explained. “The customers can go ahead and customize them to their needs and their requirements, and they don’t have to be locked into any type of technology.”

The post Space Force getting cloud-based, classified environment for industry collaborations appeared first on DefenseScoop.