Software Acquisition Guidebook: Navigate the Process

The Department of Defense (DoD) wants to make software acquisition easier. That’s why they created the Software Acquisition Guidebook in February 2022. It’s a helpful manual for acquisition experts, explaining how to follow DoDI 5000.82. This guidebook makes sure the digital tools the DoD gets are safe and work together¹.

This guidebook talks about lots of important things. For example, it covers how to check if you really need something, planning how to get it, and the steps to take. It also helps with keeping these digital tools up to date and how to buy things for the cloud¹. Plus, it includes links to more information on DoDI 5000.82. This is so acquisition pros can find all the things they need for buying and using software smoothly.

The old DoD Instruction 5000.82 was updated with the new DoDI 5000.82, on April 21, 2020². This change lays out how to get digital tools, and who is in charge of making it happen within the adaptive acquisition way².

The Defense Acquisition University (DAU) and the Center for Development of Security Excellence (CDSE) are working together¹. They want to make sure the acquisition and security experts understand each other better. They focus on making sure software buying is secure and safe from risks at every step.

This guidebook is a game-changer for the pros working on software buying. It helps with tough parts like choosing the right vendors, talking about contracts, and managing projects well. By following this guidebook, they can cut costs and make sure the software works well and is safe¹.

• The Software Acquisition Guidebook offers clear guidance for implementing DoDI 5000.82 procedures, ensuring interoperable and secure digital capabilities.
• The guidebook covers essential topics such as requirements validation, acquisition planning, approval, management, sustainment, and cloud acquisition guidance.
• DoDI 5000.82 establishes procedures for digital capabilities acquisition and assigns program responsibilities within the adaptive acquisition framework.
• DAU and CDSE are collaborating to improve the acquisition community’s security best practices knowledge and the security community’s understanding of the acquisition process.
• Acquisition professionals can effectively navigate software acquisition complexities by leveraging the guidebook’s guidance, optimizing costs, and ensuring successful implementation.

The way we get software is changing fast. Now, we care a lot about how secure, quick, and tough it is. Before, we mainly cared about how much it cost, when we’d get it, and if it worked well. But now, with our digital world all connected, we need to make sure it’s safe. This safety is key for making products and services that keep our countries safe and our economies strong.

The Department of Defense (DoD) knows it needs to update how it gets software. With technology always changing, the DoD approved a new strategy in February 2022. This strategy aims to get new software out faster. It wants to support big projects that need the latest in technology, like making everything work more smoothly and using artificial intelligence. This plan says we need to work closely with tech partners and improve how we do things and train people³.

For success in getting software, groups need to focus on a few main things:

• Learn the basics of getting software, like what you need, picking the right place to get it, and setting up the deal
• Keep your tech safe by using the best security methods and tests
• Work together with tech and security experts to make sure everyone understands how to keep things safe

The Defense Acquisition Guidebook (DAG) is full of good advice on how the DoD should get software. Chapter 9 is all about testing. It tells you how to plan and do tests, what to look for, and the best ways to do things⁴. The leaders in charge of these tests are really important. They help make the rules and check to make sure everything’s done right⁴.

With cyber threats always getting smarter, focusing on security is critical. Companies need to think like spies to keep their tech safe and their software chain secure.

“Security is crucial from the very start in getting software. By making security a top priority and working together, we can make software that’s tougher and more trusted.”

The DoD’s new software plan highlights the importance of top-notch, safe software that can bounce back from tough spots, all delivered fast³. This approach is about making sure software is secure, reliable, and quick to make. Its goal is to provide software that’s tough and does the job right fast³.

Focusing on security and being ready to face risks makes getting software smoother. This lets groups bring out the best in tech while keeping their stuff and info safe.

The Department of Defense (DoD) now uses the Adaptive Acquisition Framework. It’s to make buying things easier and make sure they match our defense goals. This way, digital tools we get fit in with what we want to achieve and how we want to grow.This system builds on DoDI 5000.82, giving more steps for using this policy with all the ways we buy things. It also matches standard business practices. But, it changes some of the old rules in the Defense Acquisition Guidebook⁵.

The Adaptive Acquisition Framework is all about customizing how we watch over programs. It aims to cut down on red tape and handle risks smartly. It looks at what makes each project special.Programs can follow different paths, including the Middle Tier of Acquisition. This type of program is guided by DoDI 5000.80. It shows how to quickly test new ideas and put them to use, thanks to a special law called Section 804 in the NDAA⁵.

DoDI 5000.82 lays down the rules for getting digital tools. It focuses on making sure these tools can work together and are safe to use. The guide applies to digital tools with any IT parts, like security systems or computer networks¹.

The DoD is moving towards more connected and complex systems. It’s adjusting to a world where most tools are digital. For example, think of all the software, computer networks, and devices that are out there now¹.

The DoD is also working on new ideas with the help of the Acquisition Innovation Research Center (AIRC). This group teams up with schools, the government, and companies to tackle tough issues. Plus, the Defense Civilian Training Corps (DCTC) is getting people ready for important jobs in tech and finance. They are helping the DoD do its work better. And don’t forget about the Intellectual Property Cadre. They’re focused on updating how the DoD handles intellectual property. Their goal is to cut costs and get the best technology out to those who need it most⁵.

The “Requirements for the Acquisition of Digital Capabilities” guidebook got updated on January 3, 2022. It fits with DoDI 5000.82 and the Adaptive Acquisition Framework. This book is a big help in navigating how to get new software. It talks about important steps like checking requirements, making a plan to get the software, and ensuring everything goes well after starting the process. This is really helpful for everyone working on getting new digital tools for the Department of Defense¹.

First, it’s key to verify what we need and plan how to get it. The book says we must thoroughly check that our needs match the big goals. This ensures everyone gets what they actually need.

When planning, it’s smart to look for risks. For example, not finding a contractor who knows the needed tech can slow things down. Knowing and handling these risks early makes the whole process smoother. It helps to avoid problems later on⁶.

After checking what we need and making a good plan, next comes getting the green light and managing how we actually get the software. Important people, like the Acquisition Decision Makers and those managing the technology part, are key to making sure all goes well. They follow DoDI 5000.82 to reach the best outcomes¹.

Risk managing is also a big deal during the buying process. It includes spotting, studying, planning for, and dealing with risks as well as sharing updates with everyone involved. Finding the right balance between the risks and opportunities is crucial. It helps in making the best choices along the way. After all, we want to reduce risks without missing out on big chances⁶.

Using the guidebook’s advice and working closely with experts, we can make buying software go smoothly. With the right people and plans in place, we can bring in new digital tools that help advance the Department of Defense’s work and goals.

Agile development is changing how we get software. It moves us away from old hardware methods. The Software Acquisition Pathway started on January 3, 2020. It uses agile ways to quickly build and improve software⁷. This pathway means projects don’t need to follow the same rules as big defense projects, even if they get a lot of funding⁷.

With agile, we focus more on what users need early on. We don’t have to know everything from the start. Instead, we start with basic functions. Then, we add more based on what users say⁷. This method makes sure what we build actually gets used within a year of starting⁷.

People matter more than rules with agile. We care about finding the best solutions, not just writing lots of plans. We’re always ready to change our plans if needed. This keeps our software up-to-date and useful⁸.

Agile works best when teams work closely together. Both government and contractor teams use agile methods. They also use modern tools like DevSecOps. This makes sure everyone talks and works well together⁷.

Teams bring different skills together. This includes programmers, designers, and experts in the project’s field. The Air Force and DAU both help by offering advice and training⁸.

In agile, developers often talk directly with the people who will use the software. This helps get feedback and make software better over time. Teams also work closely with outside partners when they need to change or add new features⁸.

By using agile, working closely in teams, and talking with users, we can make software that truly fits the defense community’s needs. As we learn from past projects, we’ll keep getting better at using agile for software development⁸.

The Software Acquisition Guidebook has a section on cloud acquisition. It talks about requirements, planning, approval, and management. This is because buying cloud services is different and needs special attention¹. The Defense Department (DoD) has many separate info systems all over. They are in new and old places, which makes it hard to work and check important data. So, using commercial cloud services has become very important⁹.

Commercial cloud services give you storage and computer space over the Internet. It’s like renting space online. With it, you can adjust how much space you need easily. This makes it cheaper since you only pay for what you use, unlike keeping servers that might not get used much⁹.

It’s vital to check if cloud providers follow DoD security rules. They need to meet the DoD Cloud Computing Security Requirements Guide (SRG) and other policies. Making sure only the right people can use the cloud and knowing who’s responsible for safety is very important.

The DoD didn’t have clear cloud rules before. So, cloud use was all over the place and not well organized. It’s set up many clouds that don’t work together well, which wastes resources and costs more. Now, the DoD needs a plan for its clouds that makes sure they work well together and save costs while increasing safety⁹.

Besides safety, important parts of buying clouds are:

• Data management
• Cost optimization
• Contracting
• Making sure the agreements about services are right for what’s needed

Choosing the right systems to move to the cloud is key. It helps not to use too many resources and not to spend more than needed. The Acquisition Guidebook helps deal with the challenges of using the cloud. It helps the DoD get the best from cloud tech while keeping things safe and making sure different systems can work together well¹.

The Software Acquisition Guidebook helps Program Managers (PMs) and Functional Service Managers (FSMs). It gives them tools and knowledge for buying software well. This way, they can make sure their software buying goes smoothly and gets good results.

The Acquisition Pathways Table is a highlight. It shows the best way to acquire software for each need or situation. PMs and FSMs use this to pick the right way easily, which helps meet the team’s goals. There are two main pathways: one for applications and one for embedded software. Each has its own key points and suggestions¹⁰.

The guidebook underlines the need for post-acquisition checks. These reviews are critical for long-term success. They help ensure the software keeps adding value. It’s essential for programs to regularly introduce new features, with yearly updates at the minimum. More frequent updates are encouraged¹⁰.

Testing groups should join early and stay involved throughout the project. This ensures quality checks and the sharing of results among involved organizations¹⁰.

Aside from the guidebook, extra resources like the DoD Enterprise DevSecOps Fundamentals offer extra guidance. They are good for anyone in program offices or working at an intermediate level¹⁰. There’s also a document on DevSecOps Tools and Activities. It’s especially useful for testers making testing plans¹⁰. These resources, combined with the guidebook, help organizations do well during the software acquisition process.

The Software Acquisition Guidebook is a key tool for today’s software buying challenges. It works with the DoD Adaptive Acquisition Framework and DoDI 5000.82 rules. This helps make sure digital tools work well together, are safe, and meet defense and modernization goals¹. It covers everything from setting up the buy to managing it later, tailoring advice for each buying path in separate tables¹.

Using agile ways and building teams that mix different skills is vital in buying software well. This makes teams work better together, able to change quickly, and gets users involved from the start. For cloud buys, the book highlights keeping things safe, managing data right, saving on costs, and making clear deals in service terms¹. By following what the guidebook suggests, buyers can lead software making smoothly in their groups. And the advice works well for all kinds of buying programs¹¹.

With digital tools growing in use and importance, making them safe is key for defense and the economy. The Software Acquisition Guidebook gives buyers power to deal with changing digital needs. This ensures our nation gets top-notch software that meets security and defense needs without compromise.

1. https://dodcio.defense.gov/Portals/0/Documents/Library/Requirements for the Acquisition of Digital Capabilities Guidebook.pdf
2. https://www.esd.whs.mil/Portals/54/Documents/DD/issuances/dodi/500082p.pdf
3. https://dodcio.defense.gov/Portals/0/Documents/Library/SoftwareModStrat.pdf
4. https://www.dote.osd.mil/Portals/97/docs/TEMPGuide/DefenseAcquisitionGuidebookCh9.pdf
5. https://www.acq.osd.mil/asda/ae/ada/initiatives.html
6. https://insights.sei.cmu.edu/documents/1628/1999_002_001_16673.pdf
7. https://www.esd.whs.mil/Portals/54/Documents/DD/issuances/dodi/500087p.PDF
8. https://apps.dtic.mil/sti/pdfs/AD1110350.pdf
9. https://media.defense.gov/2019/Feb/04/2002085866/-1/-1/1/DOD-CLOUD-STRATEGY.PDF
10. https://www.test-evaluation.osd.mil/Portals/120/Documents/TE Enterprise Guidebook/Ch5 from TE Enterprise Guidebook 8.02.pdf?ver=7g0ErIbnox_eSeN63K-KIQ==
11. https://apps.dtic.mil/sti/tr/pdf/ADA035924.pdf