Skip to main content Skip to footer site map
Updates

Software Acquisition Pathway Integration with Risk Management Framework : Department of Defense , August 23 , 2023

August 23, 2023

Department of Defense

Download PDF

From the document: "The Software Acquisition Pathway (SWP) enables organizations to execute rapid and iterative delivery of software capabilities by using modern software development practices and active user engagement. As the Department’s operations become increasingly dependent on software, it must ensure software is created in a secure, protected, and controlled environment instilling user confidence that it will perform as designed. Organizations can use the SWP to deploy capability into operations (or operationally representative environments in the embedded sub‐path) within 6 months or less, with a bias for as frequent as possible. DoD’s goal is to ultimately field capability into production on‐demand as required, which may be in hours or days – not months or years. To meet these goals, the SWP emphasizes DevSecOps, continuous authorization to operate (cATO), and implementing the RMF at the speed of relevance.

Whereas DoD Instruction (DoDI) 5000.87, “Operation of the Software Acquisition Pathway,” provides the applicable policy and the Adaptive Acquisition Framework website provides detailed procedural information, and acquisition best practices, this RMF Knowledge Service page provides implementation guidance on integrating SWP and RMF processes together thus enabling practitioners to use cybersecurity risk management techniques and tools to enhance SWP activities (reference (c) and (d))."

Publishers

Department of Defense

Format

PDF - Download

Related Resources

s