‍

Last week, members of the Silicon Valley National Security community gathered under a crisp San Francisco sky at the Golden Gate Yacht Club - every service’s pennant proudly flying above the bay. The occasion? A timely and thought-provoking event focused on accelerating secure software delivery across the Department of Defense (DoD) and Defense Industrial Base (DIB).

The driving theme of the day was unmistakable: circumstances are changing. We need to work together! Speed and Flexibility are no longer luxuries - they’re prerequisites. As global threats evolve and missions shift dynamically, the way we buy, authorize, and secure software must evolve just as quickly. Here’s a summary of the high points that we discussed followed by a request for feedback.

1. Software Procurement Is Getting a Much Needed Overhaul

SWIFT Signals a Welcome Shift

The administration’s new SWIFT (Software Innovation and Flexibility Transformation) initiative has sparked genuine optimism. It represents a decisive move away from the bureaucratic drag of traditional defense procurement. Instead, SWIFT is designed to empower acquisition officers to move faster, buy smarter, and align with commercial best practices. 

Open Source & COTS First

Gone are the days of defaulting to bespoke government software. There’s now top-down momentum behind “buy before build” - leveraging proven open-source tools and commercial off-the-shelf (COTS) platforms wherever possible. Custom solutions are reserved for truly unique mission needs.

Automation: Now Table Stakes

The DIB is embracing automation not as a perk, but as a baseline requirement. Manual security processes are increasingly seen as burdensome security risks themselves. Procurement language is adapting, with automation integration becoming mandatory - especially for security, compliance, and monitoring requirements.

2. The ATO Process Is Entering a New Era

From Point-in-Time to Continuous Authorization

The era of multi year assessment cycles is fading. In its place, we’re seeing the rise of continuous authorization, backed by real-time security telemetry and automated validation. The goal: get the technology into the field, reduce ATO burdens, increase deployment velocity, and support rapid deployment.

Goodbye Manual Docs, Hello Automated Evidence

Legacy System Security Plans (SSPs) are labor-intensive and often obsolete by the time they’re complete. Tomorrow’s ATOs will rely on platforms that automatically collect, validate, and present evidence - a shift that dramatically improves both compliance efficiency and audit readiness.

Risk-Informed, Mission-Focused Decisions

ATO decisions are becoming more context-aware, focusing on real risk rather than procedural checklists. There is always a balance to be found between risk and speed. This risk-based approach supports faster reciprocity between agencies and allows mission owners to make informed tradeoffs between speed and assurance.

3. Security Standards Are Evolving to Meet Real Threats

From Rules-Based to Principles-Based

Security policies are finally catching up with reality. Instead of rigid checklists, we’re moving toward principles-based frameworks that allow for contextual flexibility. The mantra is shifting from “follow each of these static steps” to “prove you’re genuinely secure.”

Continuous Adaptation Is Key

Given the speed at which nation-state threats evolve, frameworks must now support rapid updates to controls, validation mechanisms, and mitigation guidance - without waiting years for formal revisions.

Context Matters

Modern standards need to account for operational context - what’s appropriate in a frontline tactical system may not apply in a back-office application. Adaptable security standards will reflect this nuance. Risks need to be taken, and balanced with outcomes.

RapidFort: Born in the DoD And Seeking Collaboration

At RapidFort, we have been blessed and are grateful to have received financing from the Department, AFWERX and SpaceWERX. Through a number of engagements with the DoD, including Air Force Nuclear Weapons Center, Mitre, USSF and USAF we have listened and learned considerably. We are convinced we have the fundamental platform elements that align with these critical mission objectives - we are hoping to be active contributors to this transformation. 

Our RapidATO suite supports the basic elements of CONMON, Active Cyber Defense, and Software Supply Chain Risk Management (SSCR), enabling organizations to achieve continuous compliance while reducing risk and accelerating delivery velocity. Our platform was designed from the ground up to support the speed, flexibility, and automation that today’s mission software environments demand. 

However, this is a complex challenge and we don’t have all the answers. We feel the fundamental elements are in place but we can always improve. We learn and improve from every engagement so are now seeking to engage with DoD/DiB users who can help us better define requirements and deliver missing functionality. We are sincerely and genuinely seeking collaboration. 

Interested in providing feedback and want to see it in action? Please start your free trial today. We stand ready to collaborate, listen, and improve.

The mission is clear: procure quickly, authorize continuously, and secure with context Rapidly. With the right tools and collaborative mindset, the DoD and DIB can meet the administration’s ambitious software goals - without sacrificing security.