Navy rolls out new software policy on containerization technology usage

Department of the Navy leaders have issued a new directive aimed at boosting the organization’s software deployment capabilities.

The memo, signed by Chief Information Officer Jane Rathbun and acting Assistant Secretary of the Navy for Research, Development and Acquisition Brett Seidle, established a new DON-wide policy for “containerization technology usage.”

Containerization is a software deployment process that “bundles an application’s code with all the files and libraries it needs to run on any infrastructure,” according to an AWS description of the concept.

Navy officials see major benefits in adopting that capability for the department.

“Software containerization offers transformative advantages for the DON’s IT infrastructure and software deployment capabilities. This technology enables the Department to deploy applications consistently across highly varied environments while enhancing security, reducing computing resource overhead, and accelerating development cycles. Prioritizing containerization technology aligns with the Department’s software modernization goals and supports mission-critical operations with greater reliability and efficiency,” the memo states.

The new directive, publicly released Wednesday, applies to all new software development efforts across the department’s commands and programs enabled by cloud services and deployment models where enterprise container platforms and DevSecOps pipelines exist or are in development. It comes as the Navy and Marine Corps are pursuing wide-ranging software and IT modernization initiatives, including cloud adoption and migration.

“In the drive to increase operational agility, resiliency, optimization of our investments, and to achieve an organically digital state; we must advance to modem, proven software development and delivery practices. Securely accessing and transporting data across boundaries at the speed of relevance requires operating in a cloud-enabled ecosystem and software must be designed to effectively maneuver within it,” Rathbun and Seidle stated. “Effective immediately, all software development activities transitioning to the cloud and/or upgrades that are hosted in a cloud as outlined above must utilize containerization technology to the greatest extent practical.”

Seidle signed the directive July 17. Rathbun had previously signed it.

Officials can request exemptions to the policy, but they must provide the designated cybersecurity technical authority with a detailed justification.

“Exceptions will be granted where the risk of not leveraging containerization technology is deemed acceptable or the implementation would be prohibitively expensive. Potential exceptions may include production representative digital twins (where production cannot be or is not containerized), alternative cloud scaling capabilities like serverless technologies, or virtualization technologies for hardware in the loop. An itemized bulk exception can be granted,” per the memo.

The policy will be reviewed and updated annually, according to the directive.