The Office of the Army Chief Information Officer has advanced software modernization by releasing five new policy memos to guide Initiative 8 under Army Directive 2024-02, Enabling Modern Software Development and Acquisition Practices.
In a LinkedIn post, the Army CIO Office said the policy documents seek to accelerate cybersecurity through DevSecOps, which intends to integrate security into software development to rapidly deliver new tools to warfighters.
The memos are Army Software Modernization Directive—Initiative 8—Implementation Plan; Army DevSecOps Configuration Management Framework; Army DevSecOps Platform Certification; Army DevSecOps Pipeline Certification; and Army Transition to Continuous Authority to Operate, or cATO.
Leonel Garciga, CIO of the U.S. Army and a 2024 Wash100 awardee, signed all five memos.
Software Modernization Directive Implementation Plan
The first memo will serve as guidance for the implementation of Initiative 8 of Army Directive 2024-02 and ensure that security is integrated into the software development lifecycle by using DevSecOps methodologies.
Initiative 8 seeks to modernize cybersecurity by accelerating and improving the traditional approach to the risk management framework.
According to this policy, all Army software development supporting capabilities that require an authority to operate, or ATO, will use certified DevSecOps platforms, or DSOPs.
As appropriate, software development that uses continuous delivery and deployment will use certified DevSecOps pipelines.
The memo states that all software development that has not received an ATO will need a certified DSOP and a certified DevSecOps pipeline before a cATO will be issued or within 365 days.