The CIO’s recently released software modernization implementation plan for fiscal 2025 and 2026 marks another call from Pentagon leadership for the entire department to improve delivery of software-based capabilities. The document lists three key goals for the next two years — focusing on software factories, enterprise cloud and transforming processes — as well as specific tasks for each goal that aims to improve overall software modernization.

The goals and tasks in the document build upon the DOD CIO’s first software modernization implementation plan for fiscal 2023 and 2024. According to the new roadmap, the Pentagon completed 27 out of 41 of the tasks outlined in the previous plan, carried 12 tasks over to FY25 and FY26 and combined two tasks with others in the updated document.

Rob Vietmeyer, chief software officer for the deputy CIO for information enterprise, said that while working through the goals in the first implementation plan, the office realized that some of the associated tasks weren’t mature enough to fully execute on.

“For a small portion, we learned that we didn’t know enough about a couple of those activities, so we dropped them. And then some of them, we were maybe over aggressive or they evolved,” he said Wednesday during a panel discussion at AFCEA’s TechNet Cyber conference. “I’ll say, from an agile perspective, we didn’t have the user score exactly right, so some of these stories have continued into the implementation plan two.”

The first goal outlined in the new plan is to accelerate and scale the Pentagon’s enterprise cloud environment. Along with its multi-cloud, multi-vendor contract known as the Joint Warfighting Cloud Capability (JWCC), the department also has a number of other efforts aimed at providing cloud infrastructure overseas and at the tactical edge. 

Vietmeyer said that even though JWCC has been a relative success — noting that the department has awarded at least $2.7 billion worth of task orders under the program — the contract vehicle was “suboptimal” for large acquisitions. The CIO is currently planning for what it calls JWCC 2.0, a follow-on phase that adds more vendors and different contracting mechanisms to the program.

Beyond JWCC, the implementation plan calls for the establishment of additional contract options for cloud innovation — specifically geared towards small business and “niche providers” — that can be awarded before the end of fiscal 2026.

“In the implementation plan, we’re trying to build that next-generation cloud infrastructure and extend it. Not just looking at JWCC, but we’re also looking at how we extend for small business cloud providers,” Vietmeyer said. 

The document also offers guidance for Pentagon efforts to expand cloud access to the edge, such as through Stratus or the Joint Operational Edge (JOE) environments. In the next two years, the department will develop a reference design for an “underlying cloud mesh” that facilitates data transport, software development and information-sharing across different infrastructures overseas, according to the plan.

The mesh architecture would allow warfighters from one military service to access a cloud node operated by a different service, or one owned by the Defense Information Systems Agency, Vietmeyer explained.

“We’ve seen that one of the challenges is moving to a mesh type of architecture, so we can identify where computing infrastructure exists and allow the warfighters to take advantage [of it],” he said. “How do we start to build the ability for applications and data to scale across that infrastructure in a highly resilient way?”

Along with enterprise cloud, another goal within the updated implementation plan focuses on creating a Pentagon-wide software factory ecosystem that fully leverages a DevSecOps approach. The CIO intends to take successful practices from the various software factories in DOD and replicate them across the department, according to the plan.

“DoD must continue to scale success and bridge the right disciplines together … to ensure end-to-end enablement and realization of the software modernization vision and adoption of software platforms and factories organized by domain,” the document stated.

The CIO will also work to remove existing processes and red tape that prevents software developers from accessing critical tools and capabilities; increase the number of platforms with continuous authorization to operate (cATO) approvals; and create a DevSecOps reference design for artificial intelligence and software-based automation deployment.

Lastly, the implementation plan outlines multiple tasks geared towards evolving the Pentagon’s policies, regulations and standards to better support software development and delivery — including creating secure software standards, improving software deployment in weapons platforms and growing its workforce.

Although work to accelerate the Pentagon’s software modernization has been happening for years, leaders at the department have begun pushing for more focused efforts to remove bureaucratic red tape through new guidance — such as Secretary of Defense Pete Hegseth’s Modern Software Acquisition memo released in March, and the CIO’s new Software Fast Track (SWIFT) program.

“For modern practices to become the routine way of developing and delivering software, policy, regulations, and standards must be reviewed and updated,” the implementation plan stated. “DoD must work with DoD Components to update policy and guidance to reduce the barriers to adopting new practices and to accelerate software delivery and cybersecurity approvals to enable adoption of the latest tools and services.”

The post Pentagon sets out two-year plan to scale enterprise cloud offerings, software factories appeared first on DefenseScoop.

Under the Software Fast Track (SWIFT) program, the Pentagon will use artificial intelligence to replace legacy authority to operate (ATO) and Risk Management Framework (RMF) processes when buying new software. Acting DOD CIO Katie Arrington signed a memo authorizing the new effort, and it will officially launch May 1, she said.

“We need to change our thought process, because having software in an ATO that is a static environment doesn’t help the warfighter,” Arrington said Tuesday during a keynote at the UiPath on Tour Public Sector event, produced by FedScoop. “What changes every single day is the network, the software [and] the environment. Why are we so structured to stay in a static position when our adversaries are always dynamic?”

As the Pentagon becomes more dependent on software-based capabilities, leaders have looked to pivot away from traditional ATO frameworks encumbered by lengthy administrative processes and manual paperwork that can stifle modernization. Some organizations have begun exploring continuous authority to operate (cATO) methods, which use automated monitoring and security controls to approve software without need for reauthorization.

Instead, SWIFT will do a third-party assessment of companies’ cybersecurity postures based on 12 risk characteristics. Vendors will also be required to provide a software bill of materials (SBOM) “from production and sandbox” that is certified by a third party, Arrington said. 

“I have AI on the backside — large language modeling — that will determine if there are any anomalies, if there’s something in your source code that’s bad. If not, you get a provisional ATO,” she said.

Arrington added that SWIFT will allow the department to pivot away from the current RMF, a structured set of guidelines used to identify and manage potential cybersecurity risks on networks. For more than a decade, the framework has guided the Pentagon’s acquisition process for all of its systems — from development to sustainment.

“I’m blowing up the RMF. The RMF is archaic, it’s a bunch of paperwork,” Arrington said. She added that in the next year, she hopes that ATOs are “something I never hear about again.”

SWIFT comes as Secretary of Defense Pete Hegseth is pushing the entire department to speed up procurement and delivery of digital and software-based capabilities. In March, Hegseth issued a memo that calls on Pentagon leaders to use innovative acquisition authorities — from the Software Acquisition Policy to commercial solutions openings — to rapidly buy software.

“We need more innovation. The [secretary of defense] has told us, bring software, bring [commercial-off-the-shelf] into the building faster, at a more rapid rate,” Arrington said. “And our job is to ensure that we are doing the best to ensure that we have lethality, that we’re ready and that we’re efficient.”

When the program launches, Arrington said she plans to bring together all of the department’s CIOs, chief information security officers, the acquisition and sustainment directorate and other stakeholders at the Pentagon. In the near future, the department plans to release a request for information (RFI) to gather industry input.

The post New Pentagon program to speed up software acquisition set to launch May 1 appeared first on DefenseScoop.