Sean Brady DoD Senior Lead for SW Acq Acquisition Enablers USD(A&S ) 1 https://aaf.dau.edu/aaf/software/ DoD’s Software Acquisition Pathway Digital Delivery at the Speed of Relevance DAU South Bob Skertic IT/SW/DSO Academy Learning Director Defense Acquisition University
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Sean BradyDoD Senior Lead for SW Acq
Acquisition EnablersUSD(A&S)
1
https://aaf.dau.edu/aaf/software/
DoD’s Software Acquisition PathwayDigital Delivery at the Speed of Relevance
DAU South
Bob SkerticIT/SW/DSO Academy
Learning DirectorDefense Acquisition University
Air Force’s Agility Prime Flying Car
Army’s Artificial Intelligence for Maneuver and Mobility, or AIMM
https://www.army.mil/article/236733/army_researchers_augment_combat_vehicles_with_ai
Army’s Leader Follower Autonomous Vehicle Program
Navy’s Medium Displacement Unmanned Surface Vehicle (MDUSV)
Navy’s X-47B Unmanned Combat Air System
Air Force’s XQ-58A Valkyrie Attritable Combat Drone
https://www.northropgrumman.com/what-we-do/air/x-47b-ucas/
https://www.autonews.com/shift/military-working-make-its-autonomous-technology-smarter
…prioritize speed of delivery, continuous adaptation, and frequent modular upgrades.
Urgency to Modernize
3
The DoD must have the ability to update our systems rapidly.
Speed & Cycle time matter. Faster is more reliable, secure, and possible.Establish a new software acquisition pathway
NDSDSB
DIB
Congress and DoD Drive Software Reforms
4
Recent NDAAs• FY18 Sect 873/874 Agile Pilots• FY20 Sec 800 Software Acquisition• FY20 Sec 862 Software Training• FY20 Sec 230 Digital Careers
Leadership Direction• Gen Hyten: Insert speed, take risk• Ms. Lord: Software runs through
all our programs• Dr. Roper: Change software daily
Directed DoD to create two software acquisition pathways
Applications and Embedded Systems
• Software programs shall not be treated as an MDAP
• Exempt from JCIDS (unless VCJCS, A&S, SAEs agree on new process)
• Streamline SW requirements, budget, acquisition processes
• Demonstrate viability and effectiveness of capabilities for operational use within one year after funds first obligated
FY20 NDAA Section 800
5https://www.congress.gov/bill/116th-congress/senate-bill/1790/text
Key Elements of SW Acquisition Pathway
6
Source: DODI 5000.02 Section 4.2
• Modern SW development practices
• Human-centered design
• Active, committed user engagement
• Enterprise services/platforms
• Rapid and iterative deliveries
• Gov’t-industry software teams
• Automated tools
Focuses on understanding the users’ and systems’ needs and planning the approach to deliver capabilities to meet those needs
Key Artifacts• Capability Needs Statement• User Agreement• Program Strategies
Acquisition Strategy Contracting Strategy + IP Strategy Test Strategy + Cybersecurity Strategy Product Support Strategy
• Cost Estimate
Planning Phase
8https://aaf.dau.edu/aaf/software/planning-phase/
A high-level capture of need with enough information to define the software solution space and consider the threat environment.
• Sponsor and Requirements Manager ID operational software capabilities needed
• Draft CNS to start the Software Pathway
• Refine during Planning Phase and approve prior to entry into Execution Phase
Capabilities Needs Statement (CNS)
9
Clear Understanding of What is Needed
https://aaf.dau.edu/aaf/software/user-engagement/ Draft CNS Template
A&S Acquisition Enablers shop collaborating with Components to encourage adoption of flexible and streamlined requirement processes for the SWP.
Evolving Software “Requirements”
10
Draft CNSOperations
Strategic
Soldier
Periodic updates
Active soldier engagements
Roadmap
BacklogsMVP MVCR Release 2 Release n
Evolving Mission, Adoption, Performance, Threats, Priorities, Tech
Dynamic processes with active feedback loop
Agreement between the operational and acquisition communities to ensure active user involvement and informed decision making.
User Agreement
11
Establish Strong Ties to Users from Start
• Ensure proper resourcing of user involvement to support development
• Commit to active user involvement throughout design and development during planning phase
• Signed by sponsor, PMO prior to entry into Execution Phase
https://aaf.dau.edu/aaf/software/user-engagement/ Draft UA Template
• Product Roadmap
• Program Backlogs
• Active User Engagements
• Develop, Deliver Software
• Track Metrics
• Value Assessments
Execution Phase – Key Activities
12https://aaf.dau.edu/aaf/software/execution/
Continuous improvement to maximize mission impact.
DevSecOps Reference Design Pillars
13DoD Enterprise DevSecOps Reference Design
“DevSecOps is the preferred software practice for DoD to deliver at speed of relevance” – DoD CIO, USD(A&S)
DevSecOps MaturityVery Difficult to Adopt – Requires time - $
14
Monolithic Architecture, Manual Processes
Agile, Microservices, Test Driven Development
Continuous Integration
DevOps
DevSecOps
Continuous ATO(cATO)
End to end cycle time – Design to Delivery
Iterative with Hybrid or SOA Monolithic Architectures
Dev
SecO
ps M
atur
ity
High
Low
Shift Cybersecurity Left
Continuous ATO (cATO) enables bug and security fixes in minutes instead of months to years and provides rapid deployment of critical capabilities to the war fighter at the speed of relevance.
Agile
DevOps
DevSecOps
Continuous MonitoringTelemetry Capture
Service MeshSecure Containers
Adop
tion
Cha
lleng
e
DifficultSignificant investment of time, effort and tools are required to achieve high
DevSecOps maturity
Brady Stark Smith Triangle of DSO Success
Contracting Considerations
15
Instead of a single monolithic contract for
software solution
Portfolio of contracts of using Modular Contracting*
*FAR 39.103
Example Modular Contracting StrategyContract Strategies
Agile S/W Dev Team(s) (Services)
FAR 8.4, FAR 12, FAR 13.5, FAR 16.5
Microservice Solutions(Tools)
FAR 8.4, FAR 12, FAR 13.5, FAR 16.5
DevSecOps-aaS(Manage CI/CD Pipeline)
FAR 8.4, FAR 12, FAR 13.5, FAR 16.5
Platform-aaS(CI/CD Pipeline)
FAR 16.5, BOAs (i.e., Platform One)
Infrastructure-aaS(Cloud solution)
FAR 16.5 (i.e., Cloud One, AWS GovCloud)
Agile Software Dev Contracts(may have separate contracts for each dev team)
Objective: Support small, frequent releases, respond to change, consider programmatic
risks, and program scope/objectives
SWP on AAF Website
16https://aaf.dau.edu/aaf/software/
Integrated policies, guidance, and resources to navigate the SWP with greater speed and success.
Ignite Innovation and Execution
17
Partner with Services and Joint Staff to streamline and tailor requirementsprocesses for software
Partner with Services and CAPE to streamline and
iterate on software cost estimation
Partner with Services and DOT&E, DT&E to
modernize, integrate, and automate software T&E
DoD Services/Agencies Empowered and Directed to Align and Streamline Processes
• Tailored acquisition processes for modern software development
• No formal milestones – Delegated decision authorities
• Exempt from JCIDS (unless VCJCS, A&S, SAEs agree on new process)
• Streamlined reviews and documentation – No MDAPs
• Leverage enterprise services and not “rebuilding the SW factory”
Benefits of Software Acquisition Pathway
18
Software Acquisition Pathway and DevSecOps provide the framework that prioritizes speed, flexibility, and rigor
AAF Website: https://aaf.dau.edu/aaf/software/SW Pathway CoI: https://www.milsuite.mil/book/groups/sw-pathway-community-of-interest
Insight Metrics for Reporting: https://www.milsuite.mil/book/docs/DOC-892770A&S mailbox for notification: [email protected]
Join our CoP Newsletter: https://www.acq.osd.mil/ae/#/acquisition-approaches-managementTeams: teams.microsoft.com/l/team/19%3a4ceb92fba85a4ab9b248955098812c29%40thread.skype/conversations?groupId=fc5b5c84-
8e04-4cd0-bb62-5da79812a39b&tenantId=21acfbb3-32be-4715-9025-1e2f015cbbe9
Sean BradyDoD Senior Lead for SW Acq
USD(A&S)/Acq [email protected]
19
Stay Engaged
OSD’s Software Acquisition Team is here to ENABLE
your success.
Backup Slides
20
Application Path
Rapid development and deployment of software running on commercial hardware (including modified hardware) and cloud computing platforms.
Embedded Software Path
Rapid development and insertion of upgrades and improvements for software embedded in weapon systems and other military-unique hardware systems.
Two Paths within Software Acq Pathway
21
Entering the Planning Phase
ADM signed by DA Draft CNS
Entering the Execution Phase
Capability Needs Statement User Agreement
Acquisition Strategy Cybersecurity Strategy
Test Strategy IP Strategy
Product Support Strategy Information Support Plan
Program Cost Estimate and ICE CARD
During the Execution Phase
System Architecture Product Roadmap
Program Backlogs Strategy Updates
CARD/Cost Estimate Updates Value Assessment
Metrics and Reporting
Information Requirements
22See details at: https://aaf.dau.edu/aaf/software/develop-strategies/
Balance speed with rigor – Focus on SW over extensive docs
Key Players in Software Acquisition Pathway
23
Sponsor
User Community
Decision Authority
Development Teams
ArchitectsEngineers
T&ECybersecurityContractingCost/BFMProduct Support
Product Owner Program Manager
Integrated Teams Across Operations and Acquisition; Government and Vendors; All Functions and Levels
IPT
Adaptive Acquisition Framework
24https://aaf.dau.edu/
A set of acquisition pathways to enable the workforce to tailor strategies to deliver better solutions faster.
AAF Tenets• Simplify Acquisition Policy• Tailor Acquisition Approaches• Empower Program Managers• Conduct Data Driven Analysis• Actively Manage Risk• Emphasize Sustainment
• Spectrum of FAR and Non-FAR strategies• Common applications, pros/cons, comparison, resources• Filters strategies to explore for SW Dev, IT Services, IT HW, etc.
Contracting Cone
25https://aaf.dau.edu/contracting-cone/
Congressional Direction to Modernize
26
Sec 800 Software
Pathway and CI/CD Acq
Process
Sec 862 Software
Training, Mgmt, Certification and
Proficiency
Sec 255 Software S&T
Strategy
Sec 230 Digital Talent Mgmt, Career
Tracks, Competencies
Sec 256 AI Education
Strategy, Competencies
and Skills
Sec 231 Digital
Engineering to Automate T&E
Software Engineering Legislative Ecosystem
Clear Signal: Digitalization of the DoD Workforce is a National Security Issue
DODI 5000.87
• 2nd priority: “do everything I can to insert speed into the processes inside the Pentagon.”
• Biggest thing we have to do in acquisition
allow people to take risk
give them the authority and responsibility
• the process that we have for building SW is horrible.
Gen Hyten - Vice Chairman of the Joint Chiefs of Staff
| 27 |https://www.csis.org/events/conversation-general-john-hyten-vice-chairman-joint-chiefs-staff
“What keeps me up at night is not North Korea, but that the U.S. has lost it’s ability to go fast.”- Gen Hyten as STRATCOM Commander at AFA in 2017
28
Notional Metrics for Programs
Goal Question Notional MetricsValue Is the program providing value to the users
commensurate with the cost and schedule?• ROI• Demonstrated time savings to execute a
mission process• Reduced burden on warfighter• Demonstrated cost savings
Scale Has the program implemented technical enablers necessary to continually deliver modern, responsive solutions, at scale, in a predictable manner?
• Scale of Automation and Transformation• % of product lines w/ build automation; %
of tests-cases automated• Architecture-related?
Product Performance Is the program able to maintain product stability and quality at acceptable levels for the user?Is the program able to meet key performance and quality attributes?
• MTTR, Deployment Failure Rate • Stability and Reliability• Software Maturity (defect backlog)
Product Delivery and Engineering Responsiveness
Is the program able to deliver capability quickly and continually to the warfighter at the speed of relevance?
• Delivery Speed and Cadence (throughput)• Lead time; Deployment frequency • Planned, delivered and deferred
features/capabilities (and priorities)
Business Ops Responsiveness
Is the program’s business operations responsive to change?
Cultural Responsiveness
Does culture eat your strategy for breakfast? Does the program culture and operating model support agility?
Cyber Resilience Is the program baking cybersecurity in and enabling continuous monitoring? Is the program able to rapidly address vulnerabilities, and roll back or fail forward?
• Cybersecurity (time to patch vulnerabilities; time to achieve ATO)
Program-Specific Goals & Risks
Idiosyncratic/contextual Idiosyncratic/contextual
29
Notional Outcomes and Key Results to achieve Better Software Faster
Demonstrate the following outcomes:• value and performance delivered to operational users (warfighting effectiveness)• operationally effective, suitable, and survivable for use• timely release of user prioritized capability needs• operational monitoring of all critical functionality• cyber event monitoring and detection• rapid and effective response to operational outage• rapid and effective response to cyber-attack• early and continuous user involvement and feedback• speed & increasing velocity for releases to operations (or operationally relevant
environment)• continual quality improvements• interoperability• reuse
Major Capability Acquisition
PlanningPhase
S1 S2…
MVP MVCR Rn
Sn Sn SnExecution Phase
< 1 year
Software Acquisition
CDD Capability NeedsStatement
Dynamic Backlogsof User Stories
Acquisition, Contracting, and Test Strategies Acquisition, Contracting, Test Strategies
MVCR Release n Release n+1
ADM to Use SW Pathway
User Agreement
Identify and Secure Funding
S: Sponsor/UsersPM: Program ManagerDA: Decision AuthoritySE: Systems EngineerTE: TestCON: Contracting OfficerFM: Financial Management
S
S, PM
PM, CON, SE, TEPM, CON, SE, TE
PM, SE, TE
DA
S, PM, FM
S, PM, SE, TES
ADM to BeginExecute Phase
DA
1: Upgrading a Weapon System
MaterialSolutionsAnalysis
TechnologyMaturation and Risk Reduction
Engineering and ManufacturingDevelopment
Production and
Deployment
MDD MS A MS B MS C IOC FOC
MVP
Program FundingS, PM, FM
4: Weapon System w/HW&SW DevelopmentMajor Capability Acquisition
PlanningPhase
S1 S2…
MVP MVCR Rn
Sn Sn SnExecution Phase
< 1 year
Software Acquisition
CDD
Capability NeedsStatement
Dynamic Backlogsof User Stories
Acquisition, Contracting, and Test Strategies
MVCR Release n Release n+1
ADM to Use SW Pathway
User Agreement
S: Sponsor/UsersPM: Program ManagerDA: Decision AuthoritySE: Systems EngineerTE: TestCON: Contracting OfficerFM: Financial Management
S
S, PM
PM, CON, SE, TE
DA
S, PM, SE, TE
S
ADM to BeginExecute Phase
DA
MaterialSolutionsAnalysis
TechnologyMaturation and Risk Reduction
Engineering and ManufacturingDevelopment
Production and
Deployment
MDD MS A MS B MS C IOC FOC
MVP
Identify and Secure FundingS, PM, FM
Design, Develop, and Produce HardwarePM, SE, TE
• The initial cost estimate must be completed prior to entry into the execution phase and must be updated annually
• Cost estimates are tailored for uniqueaspects of software development
• CAPE ICE required for software programs over ACAT II threshold
• Cost estimates consider the content of the CNS, strategies, and enterprise services in planning and integrate the roadmap, backlogs, and cost actuals throughout development phase
• Where applicable, cost and software data reporting, to include software resources data reports, must be submitted
Cost Estimate
32
Critical to the success of software development to ensure delivered software address their priority needs
• Understand their needs and operational environment• Solicit their feedback on MVPs, designs, developments
Active User Engagements
33
Plan For Enterprise Services and DevSecOps Pipeline (Software Factory)
34
People + Process + Tools = DSO Ecosystem• Well-balanced Ecosystem & skilled workforce: path to DSO enlightenment• Keystones: Culture and Continuous improvement Test Driven Development & Frequent Small Batch Delivery Evolutionary Architecture must support frequent deliveries/interoperability Refactoring and pay down technical debt
Secure Software & Cyber Security Plan
35
• The Sec in DevSecOps is baked into the planning, architecture and design, and embedded throughout the entire process
• DevSecOps shifts Cybersecurity to the left; true risk managed process• Cybersecurity risk is continuously scanned, evaluated & monitored –
yields accessible, automated artifacts enabling continuous ATO
DevSecOps Success: Value@Scale
36
Stark Brady Smith Trijoined Triangles of DSO Success
Delivery Throughput = [Lead Time] + [Deployment Frequency]
Value[Failed Deployments] +
[Value to User]
Scale[Mean Time To Recover] +
[% deployed to fleet]
DevSecOps BS DETECTOR:Broken
Value/Availability/Delivery
“Enough prototyping already. How do we buy at scale?”- GEN Hyten, VCJCS
Approximating Commercial Industry
37
“… the thread that runs through all of our programs and all that we do is software and I believe that we need to catch up with the
private sector …” USD(A&S), HON Ellen Lord
People
Process & Tech
Policy
Software is eating the world
Culture eats strategy for breakfast
Set the conditions to unleash DSO
Related Documents
