Pentagon CIO Katie Arrington is calling on industry to help the Department of Defense use AI to streamline software procurement. 

The new CIO has ordered a 90-day sprint to tackle the Department of Defense (DoD)’s “outdated and slow” software procurement processes, 

Arrington is explicitly looking to understand the ways in which AI might be able to automate away some of the current cumbersome “authority to operate” (ATO) and “Risk Management Framework” (RMF) processes.

Late April reports had suggested that this initiative was looming but “it’s official” as the new CIO put it on Monday (May 5) – launching a so-called Software Fast Track (SWFT) framework and implementation plan.

As part of that, DoD has developed a voluntary procedure in which a company can “provide a 3rd party produced Software Bill of Materials (SBOM) along with an independent 3rd party assessment of their software for the Department to evaluate and adopt Software faster…”

Enter… AI?

In a trio of new Requests for Information (RFIs) launched alongside SWFT, DoD is asking industry to respond by May 20 on three key AI questions:

  1. “What are the possible ways that automation or AI could assist to streamline DoD-led SWFT risk assessments under the DoD defined Risk Management Framework (RMF)?
  2. “What are potential challenges in the implementation of automation or AI for high trust situations related to cybersecurity authorization official responsibilities?
  3. “What are the data needs for these SWFT automation and AI capabilities, including supplier SBOM, DoD, or third-party sources?

See also: Federal CIOs need better skills: $100bn in annual IT spend at risk

The other RFIs span software tools and software bill of materials (SBOM) (“how a company implements secure software development” among other areas) and assessment methodologies (how this is audited).

All appear firmly aimed at creating more automated processes for decision making around software procurement, e.g. one RFI asks “Would [your] software risk assessment artifacts be sharable with the DoD to enable consistent and secure DoD-led risk assessments? If not, what are your recommendations for the artifacts DoD should require to equip authorization officials with adequate risk information?”

Arrington's memo said the new framework and its implementation plan, to be published by 23 July, should define clear and specific cybersecurity and SCRM requirements, "rigorous" security verification processes, secure info sharing mechanisms, and federally-led risk determinations.

See also: The Big Interview with Space Systems Command's CIO

While Arrington signed the SWFT memo, Defence Secretary Pete Hegseth began the call to action with his own memo in March describing procurement reform as a “top priority.”

Hegseth also mandated use of the DoD’s existing software acquisition pathway, described as aligning with “modern software development” and designed to deliver “minimum viable products in under a year” after funds are allocated.

However, it seems the DoD wants to go one step further, with the CIO’s requests for information on SWFT providing insight into a potential new pathway leveraging automated information sharing and requiring Software Bills of Materials (SBOM) with a “software component (artifact) level of detail.”

A federal trend

The DoD's attempt for rapid reform is the latest example of the Trump administration’s focus on procurement and comes after Hegseth claimed to have cancelled $5.2 billion in DoD contracts last month.

Those contracts included billions in consulting deals as well as a $1.4 billion enterprise cloud IT services agreement with Accenture and a $500 million IT helpdesk services contract for the DoD’s research agency DARPA.

Elsewhere, federal CIO Greg Barbaccia said all federal agencies should look into their software deals and stop “wasteful spending” after Trump centralised all government tech procurement under the General Services Administration.

While previous reforms have put providers on edge, with the administration often targeting big tech companies in its cuts, the DoD's sprint order has faced a warmer welcome as contractors praise the urgent approach and focus on supply chain security.

The link has been copied!