TAKE NOTE (Insights and Emerging Technology)
In a significant move to modernize the Department of Defense’s (DoD) software acquisition and cybersecurity processes, Katie Arrington, currently performing the duties of the DoD Chief Information Officer, has initiated a 90-day sprint to develop a new framework under the Software Fast Track (SWFT) initiative.This effort aims to replace the traditional Risk Management Framework (RMF) with a more agile and continuous approach to software security and authorization.
The SWFT initiative seeks to streamline the process by which the DoD assesses and authorizes software for use, moving away from the time-consuming and often outdated RMF. Instead, the new approach emphasizes continuous monitoring and the use of automation and artificial intelligence to evaluate software security in real-time.
Vendors will be required to provide detailed Software Bills of Materials (SBOMs) and risk assessments, which will be analyzed through platforms like the Enterprise Mission Assurance Support Service (eMASS)
Arrington’s plan includes soliciting industry input through three Requests for Information (RFIs) focusing on tools, external assessments, and the application of AI in risk assessment. The goal is to develop a system that not only accelerates the authorization process but also ensures that software used by the DoD is secure by design and adheres to zero trust principles.
This initiative reflects a broader shift within the DoD towards more dynamic and responsive cybersecurity practices. By moving away from static frameworks and embracing continuous evaluation, the department aims to better protect its systems against evolving threats and to integrate new technologies more rapidly and securely.
For a more detailed overview of the SWFT initiative and its implications for the future of DoD software acquisition, you can read the full article below
Interested in learning more about RPA? Download our FREE White Paper on “Embracing the Future of Work”
UNDER DEVELOPMENT (Insights for Developers)
Agentic Automation vs. Robotic Process Automation
Intro
This month we’re diving into a critical question for any business leader, CIO, or operations executive thinking about automation — What’s the difference between agentic automation and robotic process automation (RPA), and why does it matter for your business?
We’ll unpack what these two approaches really are, where they overlap, where they diverge, and how to think strategically about automation investments as we move into the next decade.
Let’s start with the basics
What Is RPA? 
Robotic Process Automation (RPA) has been part of the enterprise automation toolkit for over a decade, and many organizations have successfully deployed it. At its core, RPA is about using “bots” to replicate human actions—clicking, typing, reading screens, and moving data—without modifying the underlying systems.
There are two major types of RPA bots you’ll hear about:
Attended bots
These run alongside a human worker and assist them in real time. Think of a customer service rep who hits a hotkey and a bot pulls up relevant customer records, fills in a form, or fetches pricing info from another system. The bot is triggered by the human and works in tandem.
Unattended bots
These operate on their own, executing predefined tasks on a schedule or in response to specific events. Think of a bot that logs into a system every night at 2 a.m., downloads reports, formats them, and emails them to stakeholders. No human interaction required.
Both types of RPA bots follow scripts—which means they work well when:
- The process is highly structured
- The inputs are predictable
- The systems don’t change much
But whether attended or unattended, RPA has a common limitation: it doesn’t reason, plan, or adapt. If something deviates from the script, it needs a human or a developer to step in. For awhile we started hearing about how to get the “HUMAN in the LOOP”…
What Is Agentic Automation
Now let’s talk about : Agentic Automation.
At its core, agentic automation refers to software agents—or “AI agents”—that can:
- Understand goals
- Plan multiple steps to achieve them
- Make decisions along the way
- Adapt if something changes
- Chain together multiple tools, APIs, and systems
In short, agentic automation isn’t about following a strict script. It’s about achieving an outcome. The agent figures out how to get there, even if the path isn’t fixed or known in advance.
Think of an AI agent like a junior analyst or project manager you hire. You give them a task (“Get me the latest compliance report and notify finance”), and they figure out where the data is, how to access it, what tools to use, what steps to follow, and how to communicate the result.
But how does Agentic Automation differ from Unattended RPA…..
– Dig Deeper –
UiPath Expert Explains Agentic Automation
Q&A (Post your questions and get the answers you need)
Q. What Is the Risk Management Framework (RMF)? Why is the DoD looking to replace it?
A. The Risk Management Framework (RMF) is the official cybersecurity and risk assessment process used by the Department of Defense (DoD) and other federal agencies to secure IT systems. Developed by NIST, RMF provides a standardized, six-step approach to categorize systems, select and implement security controls, assess their effectiveness, authorize systems to operate, and continuously monitor for new risks.
For years, RMF has served as the backbone of the DoD’s system authorization process. It ensures that every system—especially those managing sensitive or classified information—undergoes rigorous cybersecurity evaluation before being used. This is critical for national security, but RMF’s structure hasn’t always kept pace with the speed of modern software development.
That’s where the challenge comes in. While RMF promotes consistency and accountability, it’s often seen as slow, rigid, and overly focused on documentation. In agile environments and DevSecOps pipelines, where updates happen in days or weeks—not months—RMF can be a bottleneck, delaying innovation and introducing risk by slowing the deployment of new technologies.
Recognizing this, DoD leaders like Katie Arrington are spearheading reform through the Software Fast Track (SWFT) initiative. The goal? Replace RMF’s static checklists with real-time, automated security assessments powered by AI and continuous monitoring—resulting in faster, safer software delivery.
For now, RMF is still the standard. But with initiatives like SWFT gaining traction, it’s clear the DoD is aiming for a more dynamic and responsive security model that aligns with how software is built and deployed today.
Cheers!