After the Oct. 2021 release of the new JCIDS instructions (CJCSI 5123.01I), here’s a little more information on the Software Initial Capabilities Document (SW-ICD) requirements for new Software Acquisition Pathway programs from the JCIDS Manual:
Software capability requirements are required to be submitted to the Joint Staff for determination of Joint Equities [including intelligence community] prior to seeking an acquisition decision. If joint equities are present, the SW-ICD will be staffed and validated by the Joint Staff utilizing an expedited process (Figure A-14)… The SW-ICD will be submitted to the Joint Staff Gatekeeper, who will coordinate with the FCB [Functional Capabilities Board] and determine if Joint Validation is necessary. (2 days)… A determination will be made at that time if/what certifications are necessary (intel, net-ready, cyber, etc.). A determination will also be made if/what Architecture Products are required to ensure interoperability.
40 day review process doesn’t sound so bad for software programs. After all, a Joint Urgent Operational Need timeline is 15 days and Joint Emergent Operational Need is 31 days. One question is whether the timelines are every met. Two days to determine whether there are joint or intelligence equities in a software program seems pretty fast. But the real question is, how long is the end-to-end process? How long does it take the service to prepare documentation for the JCIDS? If a joint equity is involved, then will the service need to detail more information? How many handbacks will there be for revisions until approved?
One can imagine how the services will try to frame their SW-ICD to avoid joint interests, while the JCIDS bureaucracy would be seeking out anything remotely related to jointness. It will be hard to push back against JCIDS because any software system that must communicate or exchange data with any other system will be a clear target for “joint.”
The GAO reviewed the JCIDS process in 2022 and found that based on the previous guidance, the notional time for an ICD was 97 days and for a CDD was 103 days. The 2021 update to the JCIDS sought to compress those timelines, but it isn’t clear whether that will have a real effect on the ground. The GAO found a lack of information on this front:
JCIDS guidance does not establish a meaningful measure—also known as an internal control baseline—to assess the current progress and monitor the timeliness of the requirements process. While the Joint Staff’s JCIDS guidance provides a notional length of time that documents should take to go through the JCIDS review process, we found no analytical basis for this time frame. The guidance states that the review and validation of properly prepared requirements documents should take no more than 103 calendar days (see fig. 5). Our analysis and document sponsors from across DOD confirmed that none of the programs in our review completed the process within this time.
From a sample of 11 programs, the JCIDS process took about 800 days to validate a CDD. In all cases, the Joint Staff timelines were greater than the preparation by the service. An earlier 2011 study in the Army found an average of 15-22 months to approve a requirement.
Usually folks say that an ICD is much more simple a document than a full-up Capabilities Development Document. So hundreds of days will not be the timeline for a SW-ICD. While that is very true, I’ll just note that the JCIDS Manual dedicates 11 full pages to requirements the services must detail in a SW-ICD. None of it looks straight-forward. (BTW, there are also Annual/Biennial reviews of all approved software programs by the FCB).
There is no SW-CDD devised just yet. That doesn’t mean Software programs are out of the woods once they get past the SW-ICD, as this statement suggests:
SW-ICDs are appropriate for software development only. For acquisition purposes, SW-ICDs may be used to document embedded software requirements for a capability solution developed under other validated JCIDS documents. In this case, the software requirements were validated as part of the overall capability solution, and do not require further staffing.
What happens to standalone software systems that are not embedded in other systems with an approved CDD?
Leave a Reply