The Civil Engineer (CE) community within the U.S. Air Force uses three distinct systems in combination to manage information supporting the Civil Engineer Squadron (CES) and Joint/Department of State (DoS) Explosive Ordnance Disposal (EOD) missions. These applications—known as the Automated Civil Engineer System (ACES) Family of Systems (FoS)—provide CE, Joint EOD forces and Security Forces (SF) units worldwide with information required to effectively manage resource allocations through work planning, scheduling, tracking, and execution required to support wartime and peacetime readiness, deployment, facility requirements/utilization, and major construction.
With the award of the ACES FoS Information Technology Data Management and Programming Support Task Order in June, 2019, the Air Force engaged FTC and its partner Appddiction Studio to perform software development and tech refresh activities necessary to meet the ACES FoS requirements, while utilizing a DevSecOps mindset to transcend the status quo.
Six months later, with a new Agile framework driving cross- functional team delivery of software engineering, tech refresh, and surge scaling, the ACES FoS stakeholder community is flying high.
The ACES FoS combines complex streams of personnel, scheduling, material, resource, and geospatial data used in the tracking, availability, management and safety of resources and personnel for a wide range of day-to-day operations, high -risk endeavors, and crisis management on a global scale. Due to changing technology and software development needs and increased demand for complex information in mission-critical decision-making, the CE community experienced an increase in user requests and a growing requirements backlog that delayed the software release cycle through quarters – and even years. The Air Force required new software development processes, strategies and tools to burn down its existing backlog and respond more efficiently to changing business needs.
Fully staffed on day one, the FTC Team was ready for take-off with an Agile-based project management framework as the foundation for transformative change. The FTC Team conducted a kickoff in San Antonio, Texas that brought together stakeholders for a comprehensive review and analysis of current practices, principles, and processes. This collaborative exercise informed the development of a maturity model to guide the migration and implementation plan and was followed by a two-day Program Increment (PI) Planning session in the SAFe Agile framework. The FTC Team also provided a two-day SAFe Agile training course, providing shoulder-to-shoulder Agile coaching from experienced SAFe-certified instructors for over 200 staff and managers from across ACES FoS.
Using SAFe Agile principles as the foundation for project management, value stream mapping, and project scheduling for each work task, PI Planning events involving the entire stakeholder community provided full transparency into project status/progress, assignments, and deadlines while also surfacing risks and issues. Led by an embedded, experienced Agile coach, key personnel across the Architecture, Development, Security and Management teams used Kanban boards to identify user needs, establish schedules, recognize key dependencies, elevate risk items and remediation activities, and make modifications as necessary. With security mapped across the software development cycle, ACES FoS was able to achieve significantly enhanced velocity and business value without compromising security and compliance.
Lastly, to facilitate the migration of development and testing environments to the cloud for a fully agile construct, the FTC Team devised a solution to securing the cloud-hosted development environment using both Common Access Card (CAC) authentication and Multi Factor Authentication (MFA) – a considerable technical achievement that would foster virtual collaboration within the ACES FoS community.
By applying standard organizational processes and best practices, such as SAFe integrated with Project Management Body of Knowledge (PMBOK)-based program management processes, the FTC Team took a waterfall-based process that was delivering production releases annually and transformed it to deliver to production on a steady three-month Release cycle for major releases and weeks for urgent or special releases, with improved quality and full security compliance. Bringing stakeholders from across the user community, Development, Security and management teams together to participate in an iterative elaboration, review, and signoff process for all planned stories in an Epic, the PI Planning events foster rich collaboration within the ACES FoS community. After the first PI Planning event, a full development iteration was completed with all User Stories accepted, and just three months into the contract, a full software release cycle was performed. Two more 3-month release cycles have since ensued, delivering software into production on-schedule and faster than ever.
While the Agile methodology has accelerated the speed with which the ACES FoS community operates, it has also transformed their ability to continue essential progress during a crisis. In March 2020, while Americans across the country were mandated to shelter in place in response to the COVID-19 pandemic, the transition to conducting PI Planning remotely was seamless thanks to the framework and training already in place. The FTC Team developed a custom online tool tailored specifically for ACES FoS community with just a two-week lead time, and in short order, stakeholders were well equipped to conduct PI Planning virtually.
METHODOLOGY IN ACTION
With the COVID-19 pandemic, the benefits of this Agile framework have proven invaluable to the ACES FoS community. When the US Fire Administration’s (USFA) National Fire Data Center (NFDC) requested new software to collect, aggregate and quantify fire department responses to incidents in which COVID-19 was a factor at the national level, the urgent request was satisfied immediately and out of cycle. Using the DevSecOps pipeline, ACES FoS developers delivered a custom-tailored solution to ensure uniform data collection from over 24,000 reporting fire departments in rapid response to an urgent need – a powerful illustration of the efficiency and efficacy of this transformative methodology.
Incorporating multiple iterations of automated integration tests that include Responsible Managing Officer (RMO) compliant security Identification and Authentication (IA) control compliance and vulnerability testing, the DevSecOps pipeline has accelerated the flow through development and staging environments and reduced the level of effort and risk associated with deployment verification and adherence to Certification & Accreditation (C&A) standards for production environment deliveries. The pipeline process has allowed the team to maintain full configuration control on release streams while facilitating synchronization of code between test environments and the defect repairs being done in development environments. This approach enables continuous integrated Independent Verification and Validation (IV&V) to occur, eliminating the delays typically associated with periodic release/result/fix cycles in IV&V testing. By adding a stakeholder functional review environment in the pipeline, the agile process of obtaining user feedback early and often added efficiency by providing a mechanism for continuous review, eliminating risk of delays resulting from demo cycle scheduling challenges. With this improved delivery cadence, the team was able to implement Tier 2 and Tier 3 sustainment support processes in product and iteration backlogs to support service desk tracking and reporting.