HOME  |  CONTENTS  |  DISCUSSIONS  DISCUSSION ARCHIVES  |  BLOG  |  QUICK-KITs|  STATES

How To Use the NDAA Pages

Back to NDAA Contents

TITLE VIII--ACQUISITION POLICY, ACQUISITION MANAGEMENT, AND RELATED MATTERS

Subtitle A—Acquisition Policy and Management.

P. L. 116-92

House Conference Report   116-333

Sec. 800:  Authority for continuous integration and delivery of software applications and upgrades to embedded systems.

(a) SOFTWARE ACQUISITION AND DEVELOPMENT PATHWAYS.— The Secretary of Defense shall establish pathways as described under subsection (b) to provide for the efficient and effective acquisition, development, integration, and timely delivery of secure software. Such a pathway shall include the following:

(1) USE OF PROVEN TECHNOLOGIES AND SOLUTIONS.—A
pathway established under this section shall provide for the
use of proven technologies and solutions to continuously engineer and deliver capabilities in software.

(2) USE OF AUTHORITY.—In using the authority under this
section, the Secretary shall consider how such use will—

(A) initiate the engineering of new software capabilities
quickly;

(B) demonstrate the viability and effectiveness of such
capabilities for operational use not later than one year
after the date on which funds are first obligated to acquire
or develop software; and

(C) allow for the continuous updating and delivery
of new capabilities not less frequently than annually to
iteratively meet a requirement.

(3) TREATMENT NOT AS MAJOR DEFENSE ACQUISITION PROGRAM.—Software acquired or developed using the authority under this section shall not be treated as a major defense acquisition program for purposes of section 2430 of title 10, United States Code, or Department of Defense Directive 5000.01 without the specific direction of the Under Secretary
of Defense for Acquisition and Sustainment or a Senior Acquisition Executive.

(4) RISK-BASED APPROACH.—The Secretary of Defense shall
use a risk-based approach for the consideration of innovative
technologies and new capabilities for software to be acquired
or developed under this authority to meet needs communicated
by the Joint Chiefs of Staff and the combatant commanders.

(b) PATHWAYS.—The Secretary of Defense may establish as
many pathways as the Secretary determines appropriate and shall establish the following pathways:

(1) APPLICATIONS.—The applications software acquisition
pathway shall provide for the use of rapid development and
implementation of applications and other software or software
improvements operated by the Department of Defense, which
may include applications running on commercial commodity
hardware (including modified hardware) and commercially
available cloud computing platforms.

(2) EMBEDDED SYSTEMS.—The embedded systems software
acquisition pathway shall provide for the rapid development
and insertion of upgrades and improvements for software
embedded in weapon systems and other military-unique hardware systems.

(c) EXPEDITED PROCESS.—

(1) IN GENERAL.—A pathway established under subsection

(a) shall provide for—

(A) a streamlined and coordinated requirements, budget, and acquisition process to support rapid fielding of software applications and of software upgrades to embedded systems for operational use in a period of not more than one year from the time that the process is initiated;

(B) the collection of data on software fielded; and

(C) continuous engagement with the users of software to support engineering activities, and to support delivery of software for operational use in periods of not more than one year.

(2) EXPEDITED SOFTWARE REQUIREMENTS PROCESS.—

(A) INAPPLICABILITY OF JOINT CAPABILITIES INTEGRATION AND DEVELOPMENT SYSTEM (JCIDS) MANUAL.—Software acquisition or development conducted under the authority of this section shall not be subject to the Joint Capabilities Integration and Development System Manual, except pursuant to a modified process specifically provided for the acquisition or development of software by the Vice Chairman of the Joint Chiefs of Staff, in consultation with Under Secretary of Defense for Acquisition and Sustainment and each service acquisition executive (as defined in section 101(a)(10) of title 10, United States Code).

(B) INAPPLICABILITY OF DEFENSE ACQUISITION SYSTEM DIRECTIVE.—Software acquisition or development conducted under the authority of this section shall not be subject to Department of Defense Directive 5000.01, except when specifically provided for the acquisition or development of
software by the Under Secretary of Defense for Acquisition and Sustainment, in consultation with the Vice Chairman of the Joint Chiefs of Staff and each service acquisition executive.

(d) ELEMENTS.—In implementing a pathway established under
the authority of this section, the Secretary shall tailor requirements
relating to—

(1) iterative development of requirements for software to be acquired or developed under the authority of this section through engagement with the user community and through the use of operational user feedback, in order to continuously define and update priorities for such requirements;

(2) early identification of the warfighter or user need, including the rationale for how software capabilities will support increased lethality and efficiency, and identification of a relevant user community;

(3) initial contract requirements and format, including the use of summary-level lists of problems and shortcomings in existing software and desired features or capabilities of new or upgraded software;

(4) continuous refinement and prioritization of contract requirements through use of evolutionary processes, informed by continuous engagement with operational users throughout the development and implementation period;

(5) continuous consideration of issues related to lifecycle costs, technical data rights, and systems interoperability;

(6) planning for support of software capabilities in cases where the software developer may stop supporting the software;

(7) rapid contracting procedures, including expedited timeframes for making awards, selecting contract types, defining teaming arrangements, and defining options;

(8) program execution processes, including supporting development and test infrastructure, automation and tools, digital engineering, data collection and sharing with Department of Defense oversight organizations and with Congress, the role of developmental and operational testing activities, key decision making and oversight events, and supporting processes and activities (such as independent costing activity, operational demonstration, and performance metrics);

(9) assurances that cybersecurity metrics of the software to be acquired or developed, such as metrics relating to the density of vulnerabilities within the code of such software, the time from vulnerability identification to patch availability, the existence of common weaknesses within such code, and other cybersecurity metrics based on widely-recognized standards and industry best practices, are generated and made available to the Department of Defense and the congressional defense committees;

(10) administrative procedures, including procedures related to who may initiate and approve an acquisition under this authority, the roles and responsibilities of the implementing project or product teams and supporting activities, team selection and staffing process, governance and oversight roles and responsibilities, and appropriate independent technology assessments, testing, and cost estimation (including relevant thresholds or designation criteria);

(11) mechanisms and waivers designed to ensure flexibility in the implementation of a pathway under this section, including the use of other transaction authority, broad agency announcements, and other procedures; and

(12) mechanisms the Secretary will use for appropriate reporting to Congress on the use of this authority, including notice of initiation of the use of a pathway and data regarding individual programs or acquisition activities, how acquisition activities are reflected in budget justification materials or requests to reprogram appropriated funds, and compliance with other reporting requirements.

(e) GUIDANCE REQUIRED.—

(1) IN GENERAL.—Not later than 90 days after the date of the enactment of this Act, the Secretary of Defense shall issue initial guidance to implement the requirements of this section.

(2) LIMITATION.—If the Secretary of Defense has not issued
final guidance to implement the requirements of this section
before October 1, 2021, the Secretary may not use the authority
under this section—

(A) to establish a new pathway to acquire or develop software; or

(B) to continue activities to acquire or develop software
using a pathway established under initial guidance
described in paragraph (1).

(f) REPORT.—

(1) IN GENERAL.—Not later than October 15, 2020, the Under Secretary of Defense for Acquisition and Sustainment, in consultation with the secretaries of the military departments and other appropriate officials, shall report on the use of the authority under this section using the initial guidance issued under subsection (d).

(2) ELEMENTS.—The report required under paragraph (1)
shall include the following elements:

(A) The final guidance required by subsection (d)(2),
including a description of the treatment of use of the
authority that was initiated before such final guidance
was issued.

(B) A summary of how the authority under this section
has been used, including a list of the cost estimate, schedule
for development, testing and delivery, and key management
risks for each initiative conducted pursuant to such
authority.

(C) Accomplishments from and challenges to using the
authority under this section, including organizational, cultural, talent, infrastructure, testing, and training considerations.

(D) Recommendations for legislative changes to the
authority under this section.

(E) Recommendations for regulatory changes to the
authority under this section to promote effective development and deployment of software acquired or developed
under this section.

Authority for continuous integration and delivery of software applications and upgrades to embedded systems (sec. 800)

The Senate bill contained a provision (sec. 852) that would require the Secretary of Defense to establish initial guidance, not later than 180 days after the enactment of this Act, authorizing the use of special pathways for the rapid acquisition of software applications and upgrades that are intended to be fielded within 1 year. These new pathways would prioritize continuous integration and delivery of working software in a secure manner and prioritize continuous oversight from automated analytics.

The House amendment contained a similar provision (sec. 801).  The House recedes with amendments that would modify the timeline for developing the guidance; allow for the use of one or more pathways; clarify that first fielding of capability for operational use shall occur within one year of the date funds are first obligated for software development; and direct a report on use of the authority and recommendations for any changes to statute by October 15, 2020.

The conferees commend the Under Secretary of Defense for Acquisition and Sustainment’s commitment to adopting the recommendations of the Defense Innovation Board. The conferees emphasize that the ability to deliver meaningful capability for operational use within one year is foundational to the establishment of this authority and associated procedures.

The conferees remind the Department that delivery of increments of useful software capability no less frequently than every six months is not only a best practice for software-intensive systems but it has also been a standing government-wide requirement for years. Overcoming the Department’s institutional and cultural resistance to delivering in a year or less requires ruthless prioritization of features, which hinges on more effective cooperation among stakeholders. The conferees also believe that cost estimation and assessment and program evaluation methods are critical to well-informed program oversight, and note that, for software initiatives, such approaches remain nascent. The conferees therefore direct the
Director, Cost Assessment and Program Evaluation, in coordination with the Defense Digital Service and the directors of developmental test and operational test and evaluation, to incorporate lessons learned from the implementation of sections 873 and 874 of the National Defense Authorization Act for Fiscal Year 2018, and sections 215 and 869 of the National Defense Authorization Act for Fiscal Year 2019 in the development of guidance and oversight procedures for managing, estimating, and assessing software programs. First, the conferees remind the Department of flexibility already written into its directive and instruction that the milestone decision authority and program managers “shall tailor program strategies and oversight, including documentation of program information, acquisition phases, the timing and scope of decision reviews, and decision levels, to fit the particular conditions of that program, consistent with applicable laws and regulations and the time sensitivity of the capability need.” Accordingly, the conferees also remind the Department that the use of source lines of code, or “SLOC”, to estimate or to measure productivity, is inadequate, inappropriate, and can be detrimental in incentivizing bad code design. As such, the conferees encourage the Department to implement the recommendations on software metrics in the Defense Innovation Board Software Acquisition and Practices Study. Finally, the conferees request a briefing no later than March 30, 2020 from the Joint Staff on how the JCIDS process can be updated to accommodate more flexibility given the iterative and ever-changing nature of present-day acquisition of software.

ABOUT  l CONTACT