Acting Pentagon CIO Katie Arrington recently unveiled a new "fast-track" software acquisition process aimed at ensuring contractors meet security requirements much faster and more efficiently than ever before.

“I’m blowing up the [risk management framework], blowing up the ATOs. They’re archaic,” - Katie Arrington, Acting Pentagon CIO

Under the new Software Fast Track (SWIFT) process, software vendors will be required to provide a Software Bill of Materials (SBOM) for their products and their production environment. This documentation will need to be certified by an independent third party before it can be uploaded to eMASS, the government web application that will collect third-party data about the cybersecurity of vendors and the technical makeup of their software under SWIFT. 

Once in the system, the Department of Defense (DoD) is proposing to use AI tools in the back end to review the data, rather than passing it on to a human, radically shortening a process that currently takes months — or even years — to complete.

 

Why Now? 

The Pentagon’s recent move to fast-track cybersecurity compliance for software contractors is not just an operational tweak — it’s a tectonic shift in how defense contractors must approach cybersecurity moving forward.

From our perspective, it’s about time.  The DoD’s effort at verifying cybersecurity compliance for vendors has been moving at a snail’s pace, mired in massive logistical complications that were largely a function of its original design (and that should have been readily foreseen at the outset).  That said, the program is critically important, and the proposed reforms are better late than never.   

At its core, these reforms acknowledge a hard reality: cybersecurity threats evolve faster than traditional certification and acquisition processes can accommodate. In a world where zero-day exploits and supply chain attacks are a daily threat, the Department of Defense is signaling that "security at the speed of relevance" is no longer aspirational — it’s mandatory.  We welcome the change, and we hope that the acting DoD CIO is able to break through the bureaucracy that has hobbled this effort to date. 

 

Where Finite State Comes In

At Finite State, we specialize in providing complete visibility into your software and firmware supply chain — precisely the type of transparency and proactive risk management the DoD is now demanding.

Here’s how we help contractors meet these new requirements:

Automated, High-Fidelity SBOMs
Generate, ingest, reconcile, and maintain comprehensive SBOMs throughout the software lifecycle — a cornerstone requirement under the new rules.

Binary and Source Code Analysis
Finite State analyzes both source code and binaries, ensuring you can detect vulnerabilities even when source code is incomplete or unavailable.

Continuous Vulnerability Monitoring
We integrate with your DevSecOps pipelines and monitor your deployed software, providing continuous, actionable insights to maintain compliance and reduce risk.

Compliance Readiness
Finite State helps organizations prepare for assessments aligned with key federal standards like NIST 800-171, the new Cyber Trust Mark, and now, the DoD’s fast-track requirements.

Expert-Led Support
With deep roots in U.S. government cybersecurity, our team offers advisory services to help you navigate evolving regulations, build security into your products, and avoid costly compliance pitfalls.

Bottom line:

Finite State equips defense contractors with the tools and expertise they need to stay ahead of evolving DoD cybersecurity mandates — quickly, comprehensively, and confidently.

If you're a DoD contractor, now is the time to strengthen your cybersecurity foundation. Contact us today to learn how Finite State can help you meet fast-track compliance standards without slowing down your mission.