“What we’re looking at is defining a set of controls, and if industry can demonstrate that their products and their pipelines meet those controls, that removes from us the burden from going through months and months of risk management framework assessments.”
This new “fast-pass” security approach is still in the conceptual phase, but according to Vietmeyer, it’s a high priority for the administration and he expects more information to come shortly.
“We will announce the objectives for this effort, a high-level framework, and in a few months, engage with industry to establish these controls and processes to have this conversation about how we raise our posture of supply chain security,” Vietmeyer said.
The new software security framework effort is part of DoD’s broader software acquisition modernization effort, including its Software Acquisition Pathway, which is the department’s tailored approach for purchasing software by recognizing its distinct nature as compared to hardware.
Last month, Defense Secretary Pete Hegseth signed a memo directing the services and defense agency acquisition leaders to embrace existing authorities to speed up software procurement for warfighters, including the Software Acquisition Pathway.
In the memo, Hegseth explains that he wants all components taking advantage of the pathway and is “directing the use of Commercial Solutions Openings and Other Transactions as the default solicitation and award approaches for acquiring capabilities under the [program].”
According to a DoD official, the memo is the first of what will likely be a series of steps from Hegseth, who has said on several occasions he wants to change the way the military buys and builds both software and hardware.
DoD’s Under Secretary of Acquisition and Sustainment and the Defense Innovation Unit – drawing on their experience with these tools – will also develop a plan to “fast-track” software acquisition and deployment.