Defense Business Systems (DBS)

AAF  >  DBS  >  Overview


How to use this site

Each page in this pathway presents a wealth of curated knowledge from acquisition policies, guides, templates, training, reports, websites, case studies, and other resources. It also provides a framework for functional experts and practitioners across DoD to contribute to the collective knowledge base. This site aggregates official DoD policies, guides, references, and more.

DoD and Service policy is indicated by a BLUE vertical line.

Directly quoted material is preceeded with a link to the Reference Source.



Reference Source: DoDI 5000.75, Section 3.1


DoD acquisition of business systems will be aligned to commercial or government best practices and will minimize the need for customization of commercial products to the maximum extent practicable. Thorough industry analysis and market research of both process and information technology (IT) are expected.


Business systems acquisition will facilitate business changes through doctrine, organization, training, materiel, leadership and education, personnel, facilities, and policy to drive performance improvements, efficiencies, effectiveness, cyber resilience, and audit compliance.


Business systems acquisition is the joint responsibility of the functional and the acquisition communities. Both communities are accountable for the successful delivery of business capability, from business process design through business system deployment and capability support. Functional and acquisition leadership emphasis on change management is essential for success, and all leaders must drive toward commercial off-the-shelf (COTS) and government off-the-shelf (GOTS) solutions, to the extent practicable.


The acquisition pathway described in this issuance may be used for other non-developmental, software intensive programs  including national security systems, productivity solutions, and IT infrastructure), when approved in program acquisition strategies. Statutory requirements for other types of IT capabilities developed in accordance with this issuance will still apply. CMO certification requirements in this issuance apply to business systems only.


The authority to proceed (ATP) decision points of the BCAC portrayed in Figure 1 provide the framework for acquisition and business decisions in the life cycle and may be tailored as necessary to contribute to successful delivery of business capabilities.

Figure 1. Business Capability Acquisition Cycle

Decision authorities in Table 3 will tailor the application of regulatory requirements and procedures to best achieve capability outcomes, consistent with established statutory requirements outlined in Table 4. In addition, decision authorities will reduce separate reviews and approvals by other organizations when confirmation through direct collaboration is sufficient.


Table 3. Decision Authorities

Decision Point Decision Point Decision Authority or Authorities
Solution Analysis ATP CMO
Functional Requirements ATP

CMO (requirements validation)

MDA (materiel solution)

Acquisition ATP, Contract
Award, Limited Deployment
ATP(s), Full Deployment ATP
Capability Support ATP Functional sponsor
Capability Support Reviews
(as needed)
Determined in Capability Support Plan



Table 4. Statutory Requirements

Decision Point Statutory Requirements
Solution Analysis ATP None
Functional Requirements ATP None
Acquisition ATP Section 2222 Title 10, U.S.C. information / CMO certification1 Solution approach (fulfills market research, analysis of alternatives and economic analysis) Cybersecurity strategy (for mission essential and mission critical IT)
Contract Award CCA Compliance
Limited Deployment ATP(s) Full CCA compliance at first ATP2 ; confirmation of compliance at additional ATPs
Full Deployment ATP Confirmation of CCA compliance Initial Operational Test and Evaluation Report (for business systems on the DOT&E oversight list)
Capability Support ATP None
Capability Support Reviews (as needed) None

1. CMO certification can occur during prior phases, but must occur before the Acquisition ATP is approved.


2. Full CCA compliance can occur during prior ATP decision points, but must occur no later than the first Limited Deployment ATP. Separate documentation should not be needed to confirm CCA compliance.


CCA compliance will be accomplished as an iterative process, as all information may not be available during early ATP decision points. Full CCA compliance (i.e., compliance with all CCA criteria) is required no later than the first Limited Deployment ATP. More information on CCA compliance is in Paragraph 3.2.d and Table 4.