Digital Transformation & Compile to Combat in 24 Hours (C2C24)

1. Digital Transformation&Compile to Combat in 24 Hours (C2C24) Presented by: Delores Washburn NIWC Pacific Chief Engineer “C2C24 Pilot Execution Lead”

2. Agenda Compile to Combat in 24 Hours (C2C24) Overview Digital Transformation with DevSecOps RMF Assess and Incorporate SW Engineering in a Day (RAISED) Fast lanes (e.g. Other C2C24 Process improvement efforts) Conclusion

3. Industry & Navy Example • First to market • Outpacing our adversary

4. Architecture Evolution From Isolated Systems to Distributed Maritime Operations Stovepipe Systems Data Centric, Shared, Actionable Awareness Across Units & Composite Warfare Structure Shared Infrastructure – Compute and Storage Shared Software Core Services C2C24 Compliance Data Centric – Exposing and Sharing of Data User Centered – business logic and presentation Moving to a data centric organization

5. Defense Innovation Board:Ten Commandments of Software Industry Approach “Adopt a DevOps culture for software systems.” “Automate testing of software to enable critical updates to be deployed in days to weeks, not months or years.” Source: Defense Innovation Board, “Ten Commandments of Software,” April 20, 2018

6. DevSecOps DevSecOpsis the combination of cultural philosophies, practices, and tools that increases an organization’s ability to deliver capability and services at high velocity without sacrificing Quality or Security

7. End State Vision –Enabling Speed to Capability Current State Future Ops Dev Dev Ops Must Modernize the way we do business to achieve our End State Vision

8. C2C24 Implementation Standard V1.0 Provides the Compile-to-Combat in 24 Hours (C2C24) required implementation standard that system software application owners and developers shall use for migrating to modern software and data architectures and development methodologies. https://go.intelink.gov/d8X1R2g

9. RMF in a Day Development and Testing “Toolkit” provided Staging & Integration 24 hour Fast Lane “App Store” Certify your app Integrate your app in Target Environment App ready to be downloaded by user Tools, IOS, Data provided to develop and test your App Collaborative Software Armory Collaborative Staging Environment Application Arsenal App in development New Application App Arsenal & Container Monitoring Sky Desk CAC enabled App Store ACS Common Services - PAAS Software CANES IAAS ACS Common Services (Coming soon) Developers’ Tools DATA LAKE Representative Authoritative Data DJC2 / AFP (Coming soon) Aegis VT (Coming soon) VSE / STACC Cloud (Coming soon) RMF Control Inheritance Deploy SDK ACS NOBLE PaaS ACS ACS ACS IaaS Operational Cloud PaaS PaaS PaaS DJC2/NETC2 IaaS IaaS IaaS Existing C2C24 DEVOPS environment to enable “first day, first dollar” development, integration, certification and deployment of capability CANES Flt NOC STACC/MOC VSE Distribution A: Approved for public release; distribution is unlimited.

10. C2C24 RAISED RMF Assess and Incorporate SW Engineering in a Day (RAISED) Security Model for Apps meeting compliance SW Architecture and Standards Compliance Apps Platform as a Service Automated Security Testing and Automated RMF Infrastructure Security Control Model Static Code Analysis Dynamic Testing Vulnerability scanning Code Quality Compliance Checking, etc.

11. C2C24 Fast Lanes Digital Transformations resulting in Fast Lanes • RMF Fast Lane • Rapid SW Insertion Fast Lane (in progress) • Rapid Development Fast Lane • Test and Integration Fast Lane • Rapid Delivery Fast Lane