Ahead of the announcement, Army officials told reporters that they’re looking to change the software buying model.

“The direction we’re moving in right now in the Army is this is going to be one of many enterprise licensing agreements that we’re looking at entering into,” Army Chief Information Officer Leonel Garciga told a small group of reporters ahead of the announcement. “I think the big thing to think about is, as kind of we move forward, we’re finding some things, we have a lot of big software packages that are out there. They’ve been bought over several years, several program offices, several commands, [but we’re] not getting a lot of parity across the board on how they’re being delivered, right? Adding a lot of complexity to the environment. And we’ve been thinking through a couple things, right? One is, how do we reduce the complexity, right? So lower overhead to acquire capability, especially software. That’s kind of the first kind of tenet.”

The next piece, he said, is to figure out how to “make it a lot easier to acquire said software, right?” 

“I think the traditional model of, hey, we’re just buying software licenses and services … in combos kind of doesn’t work in this new environment and the way that things are being delivered,” Garciga said. “So how do we add enough fidelity, right, and an approach where folks can really get the software the way they need it?” 

The final piece, one that Garciga said he as the Army CIO cares “very much about,” is reducing cost. “How do we get better buying power across the board?” he said.

The 10-year deal with Palantir is worth up to $10 billion, although Army officials noted that they’re not committed to spending that much money. The move will consolidate 75 contract vehicles as the Army looks to streamline things, they said.

“This really has been our first kind of separate sense to go in and really get a large ELA. This is one of many. But our intent is to continue to move down this path, right, to really focus on reducing that complexity, adding agility to how we buy, right, and then the last piece … which is save taxpayer dollars as much as we can,” Garciga said.

The service is in talks with other vendors for similar types of arrangements.

“We have a couple of others that are teed up that we’re either already in negotiation with or starting the conversation to start negotiations with to do this across the board,” Garciga said.

A key aim of the initiative is to get better deals from a unit cost perspective. In the civilian side of the federal government, the General Services Administration is leading a similar effort to maximize government buying power for software licenses called OneGov.

“What I see across contracts is, hey, if I have more than one contract with the same vendor, have I bought the same thing more than once in a different way or at a different price? And just from a common-sense perspective, does that really make sense?” Danielle Moyer, executive director of Army Contracting Command, told reporters.

“Starting with Palantir and as we look at other ones, we’re looking at, hey, it makes sense to make sure … we’re getting the best discounts. So just like economies of scale buy, right? If I buy one widget, it costs X amount. If I buy 100, I should get a discount. And the more I buy at scale, the more of a discount I should [get]. And also …  just in general, across this whole initiative, we’ll look at, well, how are you selling this elsewhere? Should there be clauses in the contract that say, hey, you know, if you try and sell it somewhere else, we need to come back here and look at what the rate is on this and get a discount,” Moyer said.

She noted that the Army isn’t actually obligating $10 billion to Palantir, but the deal recognizes potential growth for the services and goods that are on that contract with the multibillion-dollar ceiling. While there is a minimum spend requirement on the contracts, the Army has no obligation to buy more than it sees fit across its enterprise. 

The Army is also trying to avoid vendor lock as it shakes up its buying practices.

“The other really important thing to note there is competition for future programs and things like that will still continue to happen. So, for example, if on all these ELAs — name the vendor — if we’re specifically talking about Palantir, if Palantir chooses to compete on, you know, whatever program or weapon system in there, the chosen awardee they happen to be at, then we would obviously leverage this agreement [to get] economies of scale discounts, buys, right, that makes the volume,” Moyer said. “We would leverage our buying power in the Army to get maximum discounts. So those are probably, from a contracting perspective, the things that … we really want to make sure that we hit home, which is robust competition is still a thing.”

The Army also wants to make sure it doesn’t overbuy and acquire licenses it doesn’t need.

Officials used a food analogy, comparing previous software buying practices to all-you-can-eat buffets or combo deals where customers essentially pay for things they might not consume.

“As we look at the way we’ve done kind of historical contracting … we typically will, kind of sometimes overbuy, because we’re trying to kind of calculate what expected growth is and whatnot. So this [enterprise agreement] is meant to help shape that, to say we’re buying just in time into that growth pattern, right? So, instead of saying, OK, I need 100 licenses, I only have to buy 50 now based on the real usage versus buy 100 because that’s where we have to fix a contract that’s meant to be for a longer period of time. So shifting that mentality is to say, OK, now we could just do just in time, kind of delivery of services,” Gabe Chiulli, chief technology officer for Army’s Enterprise Cloud Management Agency, told reporters.

Officials want a more flexible range of options, sort of like an a la carte menu where they can just pick exactly what they want.

Garciga said early efforts to set the stage for the new model began during the previous administration, but he suggested that the focus on improving software acquisition at the Defense Department under the Trump administration has provided additional momentum.

“We have been working on this since November of last year. And I think that there was just an inherent understanding, you know, almost two years ago now that we needed to start moving in this direction with a handful of our vendors,” he said. “There’s been a lot of prep work and foundation being laid to have this conversation. If anything, what I’d say is the change in the environment has allowed us to move a little bit faster than we would have normally, and I think, a willing acceptance by a lot of our commercial partners to rethink the way that they integrate and work with us in the government and what our contractual agreements are going to look like moving forward. So I think … we’ve had a little bit of a catalyst over the last like quarter and a half that’s just be able to get this like really over the hump, to get a really good deal for the Army.”

Moyer said the new way of doing things will also improve transparency into what the Army is buying.

“It’s easy [to keep track] when you buy things that you can see, right? When you buy a tank, right, you can probably see the brand of the wheels on it. It’s pretty, pretty easy. Well, when you build, you know, a weapon system that might have some software in it, and that software vendor — name the vendor — is a subcontractor, we don’t always have visibility on who those are. So I think this initiative in general will provide us visibility into how often are we buying the same software that is essentially a component or a subcontractor through somebody else,” Moyer told reporters.

The Army, as a huge organization that buys a ton of software, should be able to get better deals, Garciga suggested.

“When I look across the landscape, there’s … both software and hardware procurements that we’re doing out there with major IT companies where it would be advantageous to get an enterprise agreement just to get value at scale, right? I mean, think [about] the Army [having] 1.3 million people, right? I mean, we’ve got more endpoints than some countries do,” he said.

The Army is also looking to prevent middlemen from jacking up costs for software.

“What the enterprise agreement allows us to do is to get a much better kind of understanding when we do actually compete new work on what some of those baseline costs are going to be, because we’re kind of making it so folks have to use the enterprise agreement to buy the software, as opposed to what we’ve seen traditionally, which is like, hey, somebody’s going to go out buy this, and then a company is going to go buy it … and bump our cost up considerably for the same piece of software at scale. So I think our intent, like from especially from the CIO’s office, is to focus on where we have a considerable amount of use across Army commands and Army programs, can we engage with those companies to get value at scale, right, and in no way to get in the way of competition,” Garciga said.

ELAs are also seen as a way to help the Army keep pace with fast-moving software developments.

“We don’t want to be in the business of just buying this big block of software and then, you know, three years from now, we’re trying to figure out how to modernize that. No, on the contrary, I think this puts us in a much better position to be able to get that refresh happening organically from the commercial space. And again, it’s about flexibility too, right? It’s having that CLIN [contract line item number] structure that really allows us to as things grow and shrink, have the opportunity to adjust those levers and those rheostats to get us to kind of a baseline,” Garciga said.

He continued: “The next big step, right, and I think we’re going to see this with a lot of our vendors, is this idea of, like, hardware as a service and hardware subscriptions. I think we’re going to see that come in, too. That’s one that we’re working especially for fixed and garrison locations, is where do we have opportunities to rethink where traditionally we’ve done bulk buys and then, you know, five years later, we’re trying to figure out why we can’t lifecycle maintenance it. Now we’re going to kind of as a service, right? And we’ll work with the vendor to make sure that happens. But on the software side, yeah, definitely this is a lot easier.”

Moyer said under the enterprise agreement framework, the Army would be in a position to negotiate better deals over time.

“The other thing that you know we’re working across all the enterprise agreements we’re looking at is, once we get to X number every year … then we’re going to potentially negotiate on all these either A, a true up, or B, a discount for the next year,” she said.

Garciga noted that in the past, the Army has sometimes lost the space to negotiate.

“What we’re seeing right now is, how do you build a vehicle that allows you to … true up, true down, right as the environment changes?” he told reporters. “The larger we get, the bigger the discount. And we may be here for, like, you know, X amount, and then, you know, if we go to the next level up, we’ll get an even bigger discount, right? So I think that that’s going to be the big thing, is continuing that negotiation.”

Another important aspect of the enterprise agreement framework is that it will give the Army flexibility to jump around from a capability-acquisition perspective, he noted.

“If we want to move to the next major … platform that we want to do an enterprise agreement with, and we want to get off the one we’re on, we can gracefully exit that without having kind of put a lot of capital in front that we can’t recover,” Garciga said.

Moyer said the enterprise agreements will have minimum guarantees.

“Once you meet that, you don’t ever have to use that contract again. So if any point it doesn’t make sense … to use that vehicle, there’s somebody different or better, we could always do something different,” she told DefenseScoop. “But … just using my own common sense, why wouldn’t I try and get the best deal for as long as possible and write things in there like maximum discount buys, matching commercial prices, right? So, like, not necessarily for this specific EA, but just a general EA.”

There are many vendors out there that the Army could have enterprise agreements with, officials told DefenseScoop. And, there could be opportunities for the other services or DOD writ large to pursue these types of agreements.

“The service CIOs are all talking and we’re talking with DOD CIO,” Garciga told DefenseScoop. “If you’re already a year into your negotiation, like, we’re gonna put our requirements in and you finish up. If we’re a year into our negotiation and we’re like about to award, like, hey, we’ll get your requirements agreement. So I think we’re really at this point, I think the whole department is really pushing harder to move in this direction. So this [deal with Palantir] is just one of our first off the chute kind of big ones.”

The other services could potentially piggyback off the Army.

“There are discussions that are currently ongoing and … they’ll figure out what makes sense for them,” Moyer told DefenseScoop. “But we will position ourselves to make sure that, you know, if we can use taxpayer dollars in the most efficient way possible to get the biggest discount for any of these enterprise agreements we’re working, that is what we’re going to do.”

The post Army plans big shakeup in software buying practices, starting with new $10B enterprise deal with Palantir appeared first on DefenseScoop.

The memo, signed by Chief Information Officer Jane Rathbun and acting Assistant Secretary of the Navy for Research, Development and Acquisition Brett Seidle, established a new DON-wide policy for “containerization technology usage.”

Containerization is a software deployment process that “bundles an application’s code with all the files and libraries it needs to run on any infrastructure,” according to an AWS description of the concept.

Navy officials see major benefits in adopting that capability for the department.

“Software containerization offers transformative advantages for the DON’s IT infrastructure and software deployment capabilities. This technology enables the Department to deploy applications consistently across highly varied environments while enhancing security, reducing computing resource overhead, and accelerating development cycles. Prioritizing containerization technology aligns with the Department’s software modernization goals and supports mission-critical operations with greater reliability and efficiency,” the memo states.

The new directive, publicly released Wednesday, applies to all new software development efforts across the department’s commands and programs enabled by cloud services and deployment models where enterprise container platforms and DevSecOps pipelines exist or are in development. It comes as the Navy and Marine Corps are pursuing wide-ranging software and IT modernization initiatives, including cloud adoption and migration.

“In the drive to increase operational agility, resiliency, optimization of our investments, and to achieve an organically digital state; we must advance to modem, proven software development and delivery practices. Securely accessing and transporting data across boundaries at the speed of relevance requires operating in a cloud-enabled ecosystem and software must be designed to effectively maneuver within it,” Rathbun and Seidle stated. “Effective immediately, all software development activities transitioning to the cloud and/or upgrades that are hosted in a cloud as outlined above must utilize containerization technology to the greatest extent practical.”

Seidle signed the directive July 17. Rathbun had previously signed it.

Officials can request exemptions to the policy, but they must provide the designated cybersecurity technical authority with a detailed justification.

“Exceptions will be granted where the risk of not leveraging containerization technology is deemed acceptable or the implementation would be prohibitively expensive. Potential exceptions may include production representative digital twins (where production cannot be or is not containerized), alternative cloud scaling capabilities like serverless technologies, or virtualization technologies for hardware in the loop. An itemized bulk exception can be granted,” per the memo.

The policy will be reviewed and updated annually, according to the directive.

The post Navy rolls out new software policy on containerization technology usage appeared first on DefenseScoop.

“JWCC requires highly skilled services to support office operations, and the delivery of modern enterprise cloud services and related technologies. These services must include technical expertise in cloud engineering, cybersecurity, financial management, program execution support, and technical writing through direct support of system owners and technical experts regarding various challenges with migration to the cloud and leveraging commercial cloud technologies,” officials wrote. 

The Department of Defense awarded its highly-anticipated enterprise cloud contract to Google, Oracle, Amazon Web Services and Microsoft in late 2022. 

JWCC marks a key element in the DOD’s push for digital modernization, and the original contract has a ceiling of $9 billion. Officials have been somewhat tight-lipped about JWCC progress since the program’s inception — but as of August 2024, the Pentagon had awarded just under $1 billion in task orders to vendors competing for the enterprise cloud initiative.

This latest defense cloud-enabling information request was published by DISA’s Hosting and Compute Directorate, which is responsible for managing the JWCC contract vehicle.

“This is a SOURCES SOUGHT NOTICE to determine the availability and technical capability of 8(a) certified small businesses to provide the required products and/or services,” officials wrote.

Such companies have gone through and been verified by a federal government-run federal contracting and training program designed for experienced small business owners who are considered socially and economically disadvantaged. 

In Thursday’s notice, DISA officials list and define associated in-demand capabilities across three categories: Cloud Infrastructure and Engineering; Cybersecurity and Risk Management; and Infrastructure and Software Engineering.

The work is envisioned to be performed at DISA facilities inside and outside of the continental U.S. The anticipated period of performance is a 1-month transition period, an 11-month base period, and four 12-month option periods.

Businesses that aim to respond must submit information including a brief capabilities statement to an email included in the notice, by July 31.

Earlier this year, DISA unveiled plans to roll out a follow-on to the current enterprise cloud vehicle — named JWCC Next — likely in 2026. A DISA spokesperson declined to answer questions Thursday regarding the motivation behind this new sources sought notice, or how it fits into the agency’s vision for JWCC Next.

“As standard practice, DISA cannot discuss open solicitations posted on SAM.gov or other sites, as it could violate established procurement regulations and policies. Therefore, we have nothing to add at this time,” the spokesperson told DefenseScoop.

The post DISA pursues new engineering and IT partners to enable the Joint Warfighting Cloud Capability appeared first on DefenseScoop.

Beauchamp began working for the department in 2015, and most recently served as the director of security, special program oversight and information protection within the Office of the Secretary of the Air Force. In that role, he oversaw the Air and Space Forces’ highly-classified special access programs (SAP) and worked on insider threat mitigation.

But Beauchamp’s 29-year career spans across multiple positions at the Department of the Air Force, the National Geospatial-Intelligence Agency (NGA) and the Office of the Director of National Intelligence (ODNI). By and large, he either led or was involved in several critical events within the national security space — so much so that someone once described him as “the Forrest Gump of the national security world.”

“He goes, ‘You were kind of there in all the big happenings of your time of your career. You were right in the middle of all these things that were the big developments. Sometimes you were there in the background of the scene, and sometimes you were there front and center doing the thing,’” Beauchamp told DefenseScoop in an interview on July 3, his last day at the Pentagon, recalling how a colleague described his tenure.

After graduating from Lehigh University in 1992, Beauchamp was hired as a systems engineer for General Electric Aerospace’s programs with the National Reconnaissance Office (NRO). He would eventually move to the National Imagery and Mapping Agency (NIMA) — the precursor to the NGA — after it was founded in 1996 as an operations analyst supporting work to collect imagery and targeting data in the Balkans during the Yugoslav Wars.

In 2000, Beauchamp became NIMA’s senior technical advisor for studies and analysis when he was 29 years old, making him the youngest person to be hired for a senior executive position within the agency since it was founded. Almost immediately, he was tasked with developing a congressionally mandated strategy that would convince the government to purchase imagery from commercial vendors.

At the time, the IC held a monopoly over space-based imagery and data, and the industry market was only just beginning to take hold. Beauchamp described the assignment as “trying to sell milk to people with their own cows.”

“Why would the NRO want to encourage the government to buy commercial imagery? They’re the judge to build and operate imagery satellites,” he said. “So I figured out what it would take in terms of investment to get industry to buy and build satellites sufficient to meet the government’s demands, because the national satellites were not meeting all of the government’s demand for mapping data.”

But after developing a business case for the strategy, Beauchamp said the government was largely opposed to implementing it. He decided to shelve the strategy after one final unsuccessful meeting held on Sept. 10th, 2001, he said.

“On the 11th of September, [Congress] called me up,” he said. “I’m in my office, we’re watching pictures of the [Twin Towers] smoking, and my phone rings and it’s the congressional staff saying, ‘You’ve got your money. Could you spend more?’”

Beauchamp’s $830 million plan was funded by one of Congress’ post-9/11 supplemental packages and created ClearView — the first program that allowed commercial companies to provide satellite imagery to the IC. Once U.S. forces had entered Afghanistan, Beauchamp also moved to purchase all of the overhead imagery of the country, he said.

“What we really wanted to do was make sure that this imagery that was being collected wasn’t being used by the Taliban to target our forces,” he said. “So I basically stitched a camouflage net made out of $100 bills over the country of Afghanistan in order to keep our forces safe.”

Today, commercially derived imagery is one of the fastest growing markets in the world. Companies like Maxar, BlackSky and Planet Labs all have several lucrative contracts with the federal government to provide space-based data for national security, weather and other needs. 

“So this industry, would it exist? Maybe. But would it have blown up the way it did? Probably not, if we hadn’t done this,” Beauchamp said.

The next several years of Beauchamp’s career would be spent at the NGA in various roles focused on strategy and acquisition. In 2012, he began a joint duty assignment as the ODNI’s director of mission integration under then-Director of National Intelligence Gen. James Clapper — a job he noted was one of the highlights of his career. During his second day on the job, U.S. government facilities in Benghazi, Libya, were targeted by militant groups, leading to the death of four American citizens.

Once Beauchamp’s team finished the assessment of the attack, he was immediately thrust into the fallout of the classified document leaks by Edward Snowden in 2013. His oversight led to a massive reform of the IC’s compartmented access programs and yet another overhaul of the government’s policy on commercial imagery.

“All of a sudden, now I’m convening people on the analytics side [and the] collection side, trying to figure out how to make up for the losses and capability that Snowden revealed,” he said. “And part of that is doing a reform of the IC’s compartmented programs, because they had way too many of them in overlap.”

Toward the end of his three-year assignment, Beauchamp started working with former Deputy Secretary of Defense Bob Work on a “side project” focused on standing up a new organization to pivot the Defense Department away from counterterrorism operations in the Middle East and towards great power competition, he said.

Beauchamp’s time in the intelligence community came to an end in 2015, when he was picked to be the Department of the Air Force’s deputy undersecretary for space and director of the principal DOD space advisor. There, he had two critical tasks, he noted.

“One, I’m working with all the international relationships with other countries who want to cooperate with us in space,” Beauchamp said. “At the same, I’m trying to convince the Americans to shift from space as a sanctuary from which you provide services, to space as a domain for warfighting.”

At the time, the Pentagon was reluctant to expand operations in space out of fear of being the first to weaponize the domain. But Beauchamp argued that the idea wasn’t about weaponization, and instead protection of critical space-based capabilities.

“It’s almost like before then, we were deliberately not protecting them so as you didn’t look like you wanted to start something,” he said. “And I was like, ‘This is not an option anymore.’ The Chinese had already demonstrated they could shoot down their own satellites, what’s to stop them from doing the same thing to us?”

Part of Beauchamp’s work was to develop a plan for how the Pentagon could make its space systems more resilient — many of which have become central to the Space Force’s operations, he noted. And when the first Trump administration decided to stand up the Space Force, Beauchamp was at the forefront of the effort to convince officials to approve the new military service.

Beauchamp would then transition to the Department of the Air Force’s office of the CIO, first as its director of enterprise IT in 2018 and later as the deputy CIO in 2020. His main focus was preparing the DAF for transitioning to telework operations as the COVID-19 pandemic spread across the globe, as well as consolidating the department’s enterprise licenses and creating a plan for modernizing base-level infrastructure, he noted.

“The overall trend line was eliminating the county option of uniqueness that was taking place at every base, and replacing it with a core set of enterprise services that were provided centrally,” Beauchamp said. “Big things like moving to zero trust — you can’t do those things if every base and every two-letter has their own architecture independent of everybody else’s.”

Today, the DAF has a strong path forward on modernizing its IT infrastructure, but Beauchamp said the true challenge will be convincing the department’s major programs to rely on enterprise services instead of building their own networks.

“It’s going to allow them to consolidate and collapse multiple redundant networks and really reduce the amount of money we’re spending on sustaining all this infrastructure,” he said. “When you modernize those networks, you also improve your cybersecurity, because the more deviation you have, the more gaps are created between the different baselines and different versions of software.”

Moving forward, Beauchamp said he will be taking time off but is open to other opportunities in the future.

“I’m excited for whatever the next challenge might be,” he said. “I’m interested in talking to folks who do exciting things, and to see who needs somebody like me to solve big problems.”

The post Winston Beauchamp retires from federal service after 29 years at Air Force, IC appeared first on DefenseScoop.

The DOD CIO published a request for information Wednesday on Sam.gov calling for industry’s input on emerging technologies, solutions and business practices that can support the department’s attempt to revamp the Risk Management Framework (RMF). The initiative largely seeks to replace the legacy framework with a multi-phased construct that will be demanding for cyber and acquisition professionals. Officials are hoping to speed up capability delivery to warfighters.

“Although RMF enhances security through continuous monitoring and risk-based decision-making, it’s often seen as slow and cumbersome,” the RFI stated. “To meet the urgent demands of modern cyber threats and accelerate innovation, the DoD is working to streamline the RMF process — aiming for greater efficiency without compromising on security.”

While the framework has guided the Defense Department’s acquisition process for its military networks, weapon systems and other critical IT infrastructure for decades, the RMF has come under scrutiny in recent months by senior leadership. Since returning to the department in March to perform the duties of Pentagon CIO, Katie Arrington has repeatedly stated in public forums that she is “blowing up the RMF” and other bureaucratic processes known to stifle innovation.

“The RMF is archaic, it’s a bunch of paperwork,” Arrington said in April at the UiPath on Tour Public Sector event. Along with the RMF Revamp, she recently initiated a related effort called the Software Fast Track (SWFT) program that aims to streamline acquisition of on-premises software capabilities.

The RMF was designed to let the department integrate controls throughout a system’s lifecycle, including cybersecurity, operational resilience and supply chain risk management. Ensuring a system is RMF compliant is a seven-step process that results in receiving an authorization to operate (ATO) on Pentagon networks.

However, the entire framework can take weeks to over a year to complete. Even then, a military system with an ATO is required to have it renewed every three years.

According to the request for information, the CIO is considering a new “Risk Management Construct” that outlines specific actions to take across five phases of a system’s development cycle — design; build, or initial operational capability; test, or full operational capability; onboarding; and operations. The first four phases also include recommendations on where to use automation, such as by integrating a continuous-integration/continuous-delivery pipeline in the build phase or automatic vulnerability remediation during onboarding.

The document also asks industry to answer a series of questions regarding technologies and best practices the Pentagon could employ to enhance the RMF process, limit redundant compliance efforts and improve reciprocity across the department.

“Key areas of interest include [artificial intelligence-driven] cybersecurity tools, security control inheritance, artifact reuse, continuous monitoring solutions, proactive cyber defense mechanisms, security testing frameworks, and risk assessment models that support rapid integration of automation, monitoring, and active threat mitigation within cybersecurity programs,” the RFI stated.

Responses — due by July 24 — will inform the CIO’s strategy moving forward.

The post DOD CIO solicits industry to inform revamp of ‘cumbersome’ cybersecurity risk framework appeared first on DefenseScoop.

The DOD currently maintains more than 2 million Microsoft 365 E5 licenses across two separate programs — the Defense Enterprise Office Solution (DEOS) and the Enterprise Software Initiative (DOD ESI). Through the established contracts, Pentagon components can purchase software licenses for commercial Microsoft products, including Office 365 applications and other collaboration tools.

But ongoing efforts spearheaded by the Department of Government Efficiency (DOGE) have prompted the Defense Department to review how many of those licenses it actually needs, Katie Arrington, who is performing the duties of Pentagon CIO, told DefenseScoop.

“Our Microsoft 365 contract [is a] very big contract here in the Department of Defense. Does every individual in the Department of Defense need an [E5] license? Absolutely not,” Arrington said June 6 in an exclusive interview.

With the department’s Deputy CIO for the Information Enterprise Bill Dunlap, Arrington has been working alongside her DOGE representative to review individual position descriptions and multi-level securities to determine what level of Microsoft 365 E5 license that person needs, she said. Other criteria being considered include user and mission requirements for office productivity software, as well as collaboration capabilities, a DOD CIO spokesperson told DefenseScoop.

CSRA, which is owned by General Dynamics IT, has served as the lead integrator for the DEOS contract since 2020, when the company received a 10-year blanket purchase agreement from the General Services Administration and Defense Department. The program allows Pentagon components to purchase individual licenses for cloud-based Microsoft 365 email and collaboration tools on a monthly basis.

Although the GDIT-led team, which also includes Dell Marketing and Minburn Technology Group, initially received the award in 2019, the department was forced to re-compete the contract following two bid protests by competitor Perspecta. The procurement battle resulted in the GSA and Pentagon giving the contract to GDIT at an estimated value of $4.4 billion — much lower than its originally projected $7.6 billion value.

The department can also purchase licenses for software products — including from Microsoft and other vendors, such as Oracle — using an Enterprise Software Agreement (ESA) contract vehicle, which is managed by the DOD ESI. Instead of buying individual licenses through DEOS, an ESA is used to purchase software via resellers in bulk and on an annual basis.

Arrington did not say how many Microsoft licenses are on the chopping block, but emphasized that the effort is geared toward “optimizing the licenses that we have.”

A reduction in E5 licenses would be yet another cut to the Pentagon’s IT enterprise prompted by the department’s work with DOGE. Along with reductions to its civilian workforce, the Defense Department has ordered several of its IT consulting contracts be cancelled and replaced by internally sourced services — an action also being taken by some of the military departments, as well as the DOD CIO.

“On an average day we would probably put out a contract for consulting on how to optimize or automate the RMF. We didn’t do that. We went internally. We did it ourselves, and we’re going to use our partners in the industry to help, because they would be the beneficiaries,” Arrington said, referring to her ongoing push to overhaul the Pentagon’s Risk Management Framework (RMF).

The office is also reviewing its contracts with systems integrators to ensure there are no duplicative efforts underway, as well as pushing for more use of commercial-off-the-shelf capabilities, she added.

Despite challenges that may come from DOGE-inspired cuts, Arrington said that she believes the work will help the Pentagon be on a “level playing field” moving forward.

“[The Defense Department] is as energized as I’ve ever seen it. But that doesn’t mean there’s no concern,” she said. “Change is hard, but it’s definitely needed.”

The post EXCLUSIVE: Pentagon CIO reviewing Microsoft 365 licenses as part of DOGE-related cuts appeared first on DefenseScoop.

“We’re using technology to help reduce the time, because that’s been the real problem with software,” Katie Arrington, the senior official performing the duties of Pentagon chief information officer, said Friday in an exclusive interview with DefenseScoop. “When we bring it into the building, we have to find a lab, we have to find a person, we have to get it resourced. And what we should be doing is accepting as much as possible and looking at it rapidly, because software is only as good as it is relevant.”

Since returning to the Pentagon in March to perform the duties of DOD CIO, Arrington has waged war on the legacy processes used by the department to buy software capabilities — namely the lengthy Risk Management Framework (RMF) and beleaguered authority to operate (ATO) approvals. 

“I’m blowing up the RMF. The RMF is archaic,” Arrington told a crowd of defense industry representatives at the UiPath on Tour Public Sector event in April. She later added that by next year, she hopes that ATOs are “something I never hear about again.”

Both the RMF and the ATO process have guided the Pentagon’s acquisition process for all of its systems for more than a decade. The RMF is a structured set of guidelines used to identify and manage cybersecurity risks on the Defense Department’s networks. After a system goes through the RMF process, it must receive an ATO that gives the final approval to operate on the network.

Many of the military departments have done some disparate work to automate the RMF process and embrace continuous ATOs, which use automated monitoring and security controls to approve software without need for reauthorization. But recently, Arrington initiated a Pentagon-wide effort to overhaul the RMF.

She told DefenseScoop that the “old school” processes are obsolete and no longer representative of the modern technologies the Pentagon needs.

“Why I say an old school ATO doesn’t really hold any validity anymore is because an ATO is granted at a very specific time in the network, the architecture of the network, the iteration of the software. Everything is like a snapshot in time, it’s a static moment,” she said. “But software is dynamic, it changes — every patch, every iteration, every version. So why wouldn’t we move to a continuous ATO and look at the RMF process as the building blocks?”

The RMF revamp will focus on how the process can be integrated with automation and continuous monitoring capabilities for an entire program’s lifecycle, a Pentagon spokesperson told DefenseScoop. They added that the framework will remain “a structured process which integrates security, resilience, zero-trust and related cybersecurity considerations to design, build and monitor DoD technology.”

To help the department move away from cumbersome checklist-based authorizations, Arrington also created the Software Fast Track (SWFT) program that she said is designed to allow the Pentagon to integrate software capabilities much faster than currently possible. SWFT is separate to CIO’s effort to reform the RMF, but the program looks to optimize the RMF’s software assessment process and streamline capability delivery.”

SWFT will have companies receive a third-party assessment based on 12 risk factors outlined by the Pentagon, ranging from a company’s cybersecurity posture to its financial health. Vendors will also be required to submit their own software bill of materials (SBOM), as well as an SBOM from a third-party assessor to see if there are any differences in the evaluations, Arrington explained. 

“When that information comes into the department, we’re going to have AI and large language modeling on the backside so that we can detect anomalies,” she said. “If there’s a variant between one SBOM and another SBOM, we’re going to validate all of the data.”

And while replacing institutional processes like the RMF and ATO is an arduous task, the Office of the DOD CIO is moving as quickly as it can. After Arrington announced SWFT in an April memo, the program officially began on June 1. Concurrently, the office is conducting a 90-day sprint to develop a framework and implementation plan that defines specific requirements, security verification processes, information-sharing mechanisms and risk determinations “to expedite the cybersecurity authorizations for secure, rapid software adoption,” according to the Pentagon.

Meanwhile, the office is reviewing responses it received for a trio of SWFT requests for information published in May that asked for industry’s input on specific tools, external assessments, and automation and AI-enabled capabilities, respectively. The CIO received over 500 responses across all three RFIs, demonstrating that industry is onboard with SWFT and eager to get the ball rolling, Arrington noted.

“I’ve committed to reading through all of them to really understand what [are] the best practices in industry,” she said. “What does real continuous monitoring look like? Do we need commercial red teams? What are risk factors if you’re doing continuous monitoring or you have a disruption in software? What are the proper and right risk mitigation processes? All of this is wrapped into acquisition, how we’re really approaching this modernization effort.”

Arrington noted that SWFT’s implementation is being done strategically and in partnership with other key stakeholders across the Defense Department, including the service CIOs, chief information security officers, the acquisition and sustainment directorate and Pentagon directorates that support command, control, communications, computers and cyber.

Before the end of June, the DOD CIO plans to release another RFI to industry that outlines five tenets for how the Pentagon plans to execute SWFT, Arrington said. Some ideas her team is considering include a tiered approach for the roles and responsibilities of cybersecurity service providers and different aspects of continuous monitoring.

“Industry’s part of this is going to be over the summer, and then hopefully I can get those responses [and] we can come together and start with a fundamental, new approach in early August or early fall,” she said.

Moving fast on SWFT will be integral for other reasons, as well. Arrington will exit her CIO role once President Donald Trump’s nominee for the position is approved by Congress. In May, the administration tapped Kirsten Davies — an IT and cybersecurity professional from the private sector — to serve as DOD CIO, but her confirmation hearing has not yet been scheduled.

And although the program’s attempt to reform the Pentagon’s software acquisition process has been met with positive reception — while also being in line with broader efforts by Secretary of Defense Pete Hegseth aimed at increasing use of innovative procurement authorities — Arrington acknowledged that SWFT’s success will depend on how well the department can adapt to the cultural shift it requires.

“We’re so risk adverse that to be relevant, we have to assume a little bit of risk in moving forward. And I think that’s going to be the biggest challenge set for the department, is culturally learning how to operate within that little bit of risk factor. I’ll take a 90 percent solution and work on remediating the 10 percent while we’re developing it,” she said.

Updated on June 12, 2025, at 4:15 PM: This story has been updated to add comment from a Pentagon spokesperson and to clarify that SWFT is separate from the CIO’s effort to reform the RMF.

The post Inside the Pentagon CIO’s push to overhaul antiquated software acquisition practices appeared first on DefenseScoop.

Speaking Monday at the AI+Expo hosted by the Special Competitive Studies Project, Navy Secretary John Phelan told attendees that his organization has welcomed the DOGE team at the Pentagon.

“We’ve embraced the DOGE agency to come in basically to help us figure out processes and things that we’re doing that don’t make sense, figuring out contracting things that we’re doing that don’t make sense, figuring out IT systems that are built on legacy platforms that end up not talking to one another, figuring out systems that we just do because someone in the room has decided let’s not change it. So, you know, they’ve been very effective with us,” Phelan said.

In one fell swoop in April, the SECNAV ordered the termination of hundreds of millions of dollars in IT contracts — include those for the Naval Maintenance, Repair and Overhaul (NMRO) program — and unrelated grants as part of a broader push at the Defense Department to slash spending that the Trump administration deems wasteful.

He estimated that the Navy has saved almost a $1 billion from chopping expenditures singled out by DOGE, so far, which have included moves like canceling “redundant” IT contracts.

Savings could be reinvested in other priorities, such as improving the living conditions of troops, he suggested.

“You can fix a lot of barracks” with that money, Phelan said.

Defense Secretary Pete Hegseth moved last week to further rein in the Pentagon’s IT spending, issuing a memo aimed at limiting the Defense Department’s hiring of consultants.

Prior to execution of a new IT consulting or management services contract or task order with an integrator or consultant, DOD components must obtain approval from Deputy Secretary of Defense Stephen Feinberg or his designee. Approvals or denials will be based on submission of a cost-benefit analysis, evidence of evaluation of alternatives, and justification that the efforts to be covered by the contract cannot be in-sourced anywhere within the department or acquired from a direct service provider, according to Hegseth’s edict.

Hegseth issued another directive last week giving DOGE personnel even more oversight of DOD contracting efforts going forward, allowing them the opportunity to provide input on almost all unclassified contracts.

At Monday’s conference, Phelan noted that Hegseth has talked about the need to cancel consulting contracts.

“We had a number of … consulting contracts that did not really make a tremendous amount of sense,” the SECNAV said.

If consultants want to work with the Navy, they need to show that they can save the department money, he added.

“My message to consultants is … it’s not going to be just we pay you, come in and do this. Show me meaningful savings,” Phelan said. “It’s got to be tied to results. And I think that’s one of the things we don’t do a good enough job on is tying things to outcomes and results. In our contracts we don’t do a very good job of it, and across shipbuilding, IT, consulting, everything. So DOGE has been very good to work with. I look forward to the next round and working with them to see what they come up with next and trying to remove a number of things that don’t make sense.”

Phelan’s remarks on Monday about recent and future cuts came as the Navy and Marine Corps are poised to consolidate legacy and standalone IT networks into an enterprise information ecosystem as part of a large-scale modernization campaign that seeks to reduce the cyberattack surface, improve user experience and optimize technology investments.

The post Navy gearing up for more DOGE-related cuts appeared first on DefenseScoop.

The edict came in a memo sent Tuesday to Pentagon leadership, combatant commanders, and DOD agency and field activity directors regarding implementation of the Trump administration’s Department of Government Efficiency (DOGE) cost-saving initiatives.

“While we rely on our vital industrial base to deliver cutting-edge technology and support, we must in-source more expertise and harness the unparalleled talent of our existing experts to drive financial efficiency and operational strength,” Hegseth wrote.

Going forward, DOD components “may not execute new IT consulting or management services contracts or task orders with integrators or consultants -defined as entities providing system IT integration, implementation, or advisory services (e.g., designing, deploying, or managing IT systems, or offering strategic or technical IT expertise) – without first justifying that no element of the contracted effort can be: (1) accomplished by existing DoD agencies or personnel; or (2) acquired from the direct service provider, whereby the prime contractor is not an integrator or consultant,” he wrote.

Prior to execution of a new IT consulting or management services contract or task order with an integrator or consultant, DOD components must obtain approval from Deputy Secretary of Defense Stephen Feinberg or his designee. Approvals or denials will be based on submission of a cost-benefit analysis, evidence of evaluation of alternatives, and justification that the efforts to be covered by the contract cannot be in-sourced anywhere within the department or acquired from a direct service provider.

“Merely reclassifying integrator or consultant contracts to avoid the requirement to evade review is prohibited,” Hegseth wrote, noting that the undersecretary of defense for acquisition and sustainment will monitor compliance with his directive.

Contracts “in direct support to defense weapon system programs and directly associated program sustainment activities” are excluded from the requirement, as are contracts and task orders with a total value under $10 million.

The A&S directorate will also review existing IT consulting or management services contracts and task orders “for viability and alternatives under the above guidance,” according to the memo.

The memo also imposes similar restrictions on “advisory and assistance services” contracts, including those that entail providing expert advice, recommendations, studies, analyses, or support for management, strategic planning, policy development, organizational assessments, technical expertise, or operational decision-making.

Additionally, Hegseth directed DOD components to maximize utilization of the department’s employees for “broad functions” — including IT, among others — when such functions are being performed by a mix of DOD employees and contractors.

The new edict is the latest move by Hegseth to rein in the Pentagon’s IT spending.

Last month, he signed a directive ordering the termination of several IT services contracts and directed the Pentagon’s chief information officer to draw up plans for in-sourcing, among other measures.

The post Hegseth orders restrictions on DOD contracting for IT consulting and management services appeared first on DefenseScoop.

Orozco has been the deputy CIO since September 2024 following an organizational reshuffle under the department’s broader plan to reorganize for future large-scale conflicts. As acting CIO, she will oversee the Air and Space Forces’ IT, cybersecurity, data and artificial intelligence modernization efforts. Orozco is taking over for Venice Goodwine, who is retiring as DAF CIO. 

Prior to becoming deputy CIO, Orozco was the director of security, special program oversight and information protection within the Office of the Secretary of the Air Force, where she was responsible for highly classified efforts known as special access programs (SAP).

She previously served as an active and reserve duty Air Force officer for two decades, entering civil service in 2008 with the Office of the Secretary of Defense’s intelligence directorate and then transferring to the Department of the Air Force in 2013.

According to her official bio, Orozco was key to standing up the Air Force Counter Insider Threat program — designed to mitigate potential risks from Air Force personnel who may try to harm national security — and has led other Pentagon efforts in security reform.

Orozco will take charge as acting CIO following Goodwine’s departure Friday. In March, Goodwine announced on LinkedIn that she planned to leave federal service and explore other opportunities outside of government.

“After years of tackling complex challenges, I’m looking forward to this period of rest and reflection. But make no mistake—this is just a break, not an ending. I remain excited about future opportunities and new ways to contribute,” Goodwine wrote.

The post Jennifer Orozco named acting Air Force CIO appeared first on DefenseScoop.