The Defense Department is moving ahead with its work to streamline how it certifies software for use by DOD agencies and components.
In April, DOD’s acting chief information officer Katie Arrington gave a preview of the Software Fast-Track process being called SWIFT.
A new request for information posted Friday seeks industry feedback on risk criteria, current capabilities and businesses practices.
Responses are due May 20.
SWIFT is part of Arrington’s effort to “blow up” the risk management assessment framework with the goal of speeding up software adoption, while still maintaining security standards.
The RFI focuses on cybersecurity and supply chain risk management requirements. DOD wants industry to comment on their current practices, industry standards they used to secure software development, and what obstacles they face in implementing guidance 800-218 from the National Institute of Standards and Technology.
DOD also is seeking information on how software companies produce and share software risk assessment artifacts.
Arrington’s vision includes using third-party risk assessments and artificial intelligence tools to review software security data instead of current human-centered processes.
DOD has developed a voluntary process, where a company can use a third-party to produce a software bill of materials and third-party assessment of their software. The department believes that type of process will let DOD evaluate and adopt software faster.
The goal of the SWIFT program is to streamline the risk assessment and authorization process to get new software-centric tools into the hands of operators more quickly.
