This pathway is to facilitate rapid and iterative delivery of software capability to the user.
How to use this site
Each page in this pathway presents a wealth of curated knowledge from acquisition policies, guides, templates, training, reports, websites, case studies, and other resources. It also provides a framework for functional experts and practitioners across DoD to contribute to the collective knowledge base. This site aggregates official DoD policies, guides, references, and more.
DoD and Service policy is indicated by a BLUE vertical line.
Directly quoted material is preceeded with a link to the Reference Source.
Reference Source: DODI 5000.02 Section 4.2
This pathway is designed for software-intensive systems. The pathway objective is to facilitate rapid and iterative delivery of software capability to the user. This pathway integrates modern software development practice such as Agile Software Development, DevSecOps, and Lean Practices. Capitalizing on active user engagement and leveraging enterprise services, working software is rapidly and iteratively delivered to meet the highest priority user needs. Tightly coupled mission-focused government-industry software teams leverage automated tools for development, integration, testing and certification to iteratively deploy software capabilities to the operational environment.
Lifecycle View of Software Acquisition
Overarching Policies for the Software Acquisition Pathway
Reference Source: DODI 5000.87 Section 1.2
The overarching management principles that govern the defense acquisition system (DAS) are described in DoD Directive 5000.01 and DoD Instruction (DoDI) 5000.02. The objective of the DAS is to implement the national defense strategy, through the development of a more lethal force based on U.S. technological innovation and a culture of performance that yields a decisive and sustained U.S. military advantage. To achieve that objective, DoD will employ an adaptive acquisition framework (AAF) comprised of multiple acquisition pathways. The AAF supports the DAS with the objective of delivering effective, resilient, supportable, and affordable solutions to the end user while enabling execution at the speed of relevance.
The software acquisition pathway is for the timely acquisition of custom software capabilities developed for the DoD. Software programs that meet the definition of a covered Defense Business System (DBS) should use the DBS pathway in accordance with DoDI 5000.75 but may elect to incorporate this pathway for custom developed software.
Programs executing the software acquisition pathway are not subject to the Joint Capabilities Integration and Development System (JCIDS), and will be handled as specifically provided for by the Vice Chairman of the Joint Chiefs of Staff, in consultation with Under Secretary of Defense for Acquisition and Sustainment (USD(A&S)) and each service acquisition executive.
Programs executing the software acquisition pathway will not be treated as major defense acquisition programs even if exceeding thresholds in Section 2430 of Title 10, United States Code. See Section 800 of Public Law 116-92.
Programs using the software acquisition pathway will demonstrate the viability and effectiveness of capabilities for operational use not later than 1 year after the date on which funds are first obligated to develop the new software capability. New capabilities will be delivered to operations at least annually to iteratively meet requirements, but more frequent updates and deliveries are encouraged where practical. For programs using the embedded software path, this annual update applies after initial operational acceptance of the system in which the software is embedded and should be aligned with the associated system’s schedule. Before the operational acceptance of the system in which the software is embedded, software deliveries will be delivered to an operationally representative environment at least annually.
Programs will require government and contractor software teams to use modern iterative software development methodologies (e.g., agile or lean), modern tools and techniques (e.g., development, security, and operations (DevSecOps)), and human-centered design processes to iteratively deliver software to meet the users’ priority needs. These modern approaches will also instrument software such that critical monitoring functions related to the health, security, and operational effectiveness of the software can be automated to the maximum extent practicable.
Software development will be done in active collaboration with end users, representing key user groups, to ensure software deliveries address their priority needs, maximize mission impact, and undergo regular assessment of software performance and risk.
Leveraging existing enterprise services, if available, is preferred over creating unique software services for individual programs. These may be procured from the DoD, the DoD components, other government agencies, or commercial providers, and leverage category management solutions and enterprise software agreements.
Cybersecurity and program protection will be addressed from program inception throughout the program’s lifecycle in accordance with applicable cybersecurity policies and issuances. A risk-based management approach will be an integral part of the program’s strategies, processes, designs, infrastructure, development, test, integration, delivery, and operations. Software assurance, cyber security, test and evaluation are integral parts of this approach to continually assess and measure cybersecurity preparedness and responsiveness, identify and address risks and execute mitigation actions.
Intellectual property (IP) will be addressed from program inception throughout the program’s lifecycle in accordance with DoDI 5010.44 and other applicable DoDIs. IP considerations will be integrated with, and support, all other program strategies to ensure return on government investment and enhance competitive options for development, integration, test, deployment, modernization, modular open systems approaches, and product support of software-intensive systems.
Software development testing, government developmental testing, system safety assessment, security certification, and operational test and evaluation will be integrated, streamlined, and automated to the maximum extent practicable to accelerate delivery timelines based on early and iterative risk assessments. Maximum sharing, reciprocity, availability, and reuse of results and artifacts between the various testing and certification organizations is encouraged.
Programs using the software acquisition pathway will report a set of data to the Office of the USD(A&S) on a semi-annual basis as defined in the AAF Software Acquisition Pathway Guidance located at https://aaf.dau.edu/aaf/software/. Data reported under this pathway will be used to monitor the effectiveness of the pathway and will not be used for program oversight.
Reference Source: DODI 5000.87 Section 3.1
A rapid, iterative approach to software development reduces costs, technological obsolescence, and acquisition risk. To allocate resources to the most relevant capability needs, DoD or DoD component leadership will make software acquisition and development investment decisions within a framework that addresses tradeoffs between capabilities, affordability, risk tolerance, and other considerations. The software acquisition pathway has two phases: planning and execution. Figure 1 outlines key activities and artifacts of the two phases that enable rapid and iterative software development and delivery.
There are two paths within the software acquisition pathway: applications and embedded software. Except where specifically noted, the guidance in this issuance applies to both paths equally.
- The applications path provides for rapid development and deployment of software running on commercial hardware, including modified hardware, and cloud computing platforms.
- The embedded software path provides for the rapid development, deployment, and insertion of upgrades and improvements to software embedded in weapon systems and other military-unique hardware systems. The system in which the software is embedded could be acquired via other acquisition pathways (e.g., major capability acquisition).
The DA will document the decision and rationale for a program to use the software acquisition pathway in an acquisition decision memorandum.
Existing acquisition programs may elect to update their acquisition strategy to transition to the software acquisition pathway or use it in addition to their current acquisition pathway. The PM and applicable stakeholders will identify, and the DA will approve, a transition approach to tailor processes, reviews, and documentation to effectively deliver software capabilities.
Value assessments will be performed at least annually after the software is fielded to determine if the mission improvements or efficiencies realized from the delivered software are timely and worth the current and future investments from the end user perspective. More frequent value assessments are encouraged if practical.
Software Acquisition Pathway In the News
- How the Pentagon transformed its approach to information-age warfare, Jan 2021
- 2020 in review: Pentagon leads federal DevSecOps efforts, FedScoop, Dec 2020
- Faster is possible: DoD Publishes New Software Acquisition Policy, Oct 2020
- Pentagon to Streamline Software Development, National Defense Magazine, Oct 2020
- Pentagon software acquisition enters new era with updated purchasing policy, FedScoop, Oct 2020
- Pentagon signs out new software acquisition policy, Inside Defense, Oct 2020
- Ellen Lord, USD(A&S) Press Briefing on Software Acquisition, Aug 2020
- New ‘Color of Money” for DoD Software Gaining Traction, Lord Says, FedScoop, Aug 2020
- National Security Commission on AI Report, Feb 2021
- Software Pathway briefed at Let’s Talk Agile DAU Event, Jan 2021
- Software Pathway briefed at DevSecOps Days DC 2020, Oct 2020
- Adaptive Acquisition Framework and Software Pathway Video, Jan 2020
- Defense Innovation Board (DIB) Software Acquisition Practices (SWAP) Study, May 2019
- Defense Science Board (DSB) Design and Acquisition of Software for Defense Systems, Feb 2018
DAU Training and Continuous Learning Modules (CLMs)
- WSA 001 DEVSECOPS for the DoD: Fundamentals
- WSA 002 DEVSECOPS for the DoD: Security Focus
- WSA 004 Cloud Services Workshop
- WSA 005 Lean-Agile Transformation Workshop
- ACQ 1700 Agile for DoD Acquisition Team Members
- CLL 027 Introduction to DoD Software Life Cycle Management
- CLE 033 Introduction to the Risk Management Framework
- CLE 074 Cybersecurity Throughout DoD Acquisition
- CLE 075 Introduction to DoD Cloud Computing
- CLE 076 Introduction to Agile Software Acquisition