The Air Force is looking to buy three critical components for its IT operations, according to a trio of top technology officials from the military service.
During an online Q&A Thursday, all three officials said the Air Force considers more cloud computing services and DevSecOps licenses and talent crucial for its mission success.
“We’re looking to enable DevSecOps for the entire Air Force and eventually the entire Department of Defense [DoD],” Lt. Col. Richard Lopez said. “First, you need people. Next, you need licenses for the projects that you’re using. Last is access to the infrastructure you need, like the cloud.”
Lopez was speaking during an Ask Me Anything (AMA) discussion for the Air Force’s LevelUP Code Works program. LevelUP Code Works — which is based in San Antonio, Texas — is the Air Force’s centralized team for providing DevSecOps-as-a-Service.
DevSecOps combines software development, IT operations and security into one seamless process for organizations. The process aims to ensure the continuous delivery of high-quality software services while shortening the development lifecycle and ensuring its security.
Lopez said the Air Force is seeking to assign three blanket purchase agreements (BPAs) to private-sector companies. BPAs are purchases that include multiple deliveries of products or services over a window of time, and they’re usually negotiated to take advantage of predetermined pricing for the entire order.
Subsequently, Lopez added that the Air Force has issued a request for quote (RFQ) announcement for all three BPAs. RFQs are a standard business procedure whose purpose is to invite suppliers into a competitive process to bid on specific products or services.
“We would like to reach out to industry and put out an agreement for the requisite talent, licenses and cloud services,” Lopez said of the BPAs.
Lopez said that the first BPA would help the Air Force secure the talent it needs for DevSecOps projects, including coders, developers and other technical personnel. The second BPA would assist the Air Force with procuring the licenses it needs for DevSecOps efforts.
“Software licenses can include software business tools that can enable operability,” he said. “It’s our way to reach existing licenses that are already out there and commercially available. It’s to procure licenses that are already doing DevSecOps.”
Lopez added that the third BPA would help the Air Force use cloud while it conducts DevSecOps operations. “This is just the vehicle we’re looking to access clouds through for those entities in government that are doing DevSecOps,” he said.
Lt. Christopher “Cody” Paul said that the service isn’t expecting potential DevSecOps personnel to have completed a certain level of education. “We’re not limiting ourselves to degrees,” said Paul, the Air Force’s Acquisitions & Contracting Team Lead. “We want to be sure we’re reaching all the development talent out there.”
Nicolas Chaillan, the Air Force’s Chief Software Officer (CSO), noted that the service would also be open-minded about selecting potential cloud vendors. “We don’t prefer any cloud provider so long as they are already FedRAMP-approved,” he said, referencing the Federal Risk and Authorization Management Program.
FedRAMP standardizes the federal government’s security assessment, authorization and continuous monitoring for cloud services. Cloud options that are FedRAMP-certified meet the security requirements and processes that federal agencies need to use their services.
Lopez said that expanding the Air Force’s DevSecOps initiatives with more talent, licenses and cloud services would help it better imitate the private sector.
“This will enable us to move at a more commercial pace,” he said. “This will help us to achieve more mission success.”