Platform One Tackles Next Phase in Software Delivery

The Department of the Air Force’s (DAF) Platform One (P1) continues to refine its approach to delivering mission-critical software at the speed of relevance as it navigates new challenges, including integrating legacy IT systems and preparing for quantum-era security threats.

P1 has been at the forefront of modernizing software delivery for the Defense Department, providing standardized, scalable and secure solutions to accelerate innovation.

Created in 2018, P1 has evolved into a key driver of DevSecOps across the military, breaking down barriers between government and commercial technology.

Lt. Col. Paul Norris, materiel leader for the software delivery engine, told GovCIO Media & Research P1 is a story of “maturation and adoption” in service of developing standardized and scalable solutions across Defense units.

Scaling Software Delivery

P1’s suite of solutions – including P1 Marketplace, Big Bang, Party Bus and Iron Bank – enables users to speed up software delivery at scale, securely, using continuous authority to operate (cATO).

Iron Bank moved its repository that stores open-source code in containers to the secret level in 2023 and aimed to elevate it to the top secret level by the end of fiscal year 2024. P1 declined to confirm whether the repository has reached the top secret level as of Feb. 2025.

“Iron Bank provides a vetted repository of assessed containers, giving program offices enhanced visibility into their software supply chain. Big Bang takes it a step further by integrating a full suite of DevSecOps tools to continuously evaluate software deployments, enforce security controls, and provide real-time monitoring and logging,” Norris said. “Together, they create a streamlined, repeatable process aligned with cATO principles that maintains the security and agility DOD requires.”

Additionally, P1 Marketplace creates a “streamlined acquisition pathway for industry partners, supporting continuous onboarding on a monthly basis,” according to Norris, with the goal of removing barriers between government and commercial innovation.

One of P1’s biggest challenges has been breaking down siloed legacy IT systems and modernizing them for seamless integration with the rest of the enterprise.

“One of the biggest hurdles in software modernization isn’t just updating code; it’s untangling decades of tightly coupled IT systems where data, code and user interfaces are all deeply interwoven,” Norris said. “The real challenge isn’t just upgrading the software. It’s making that data accessible to new applications so it can be used in more powerful and effective ways.”

Norris said that integrating legacy data into modern systems creates opportunities for new applications to access that data without having to build entire systems from scratch.

P1’s approach has benefitted Air Force operations from Puckboard, which revamped the department’s scheduling to automate complex processes under the Air Force’s Kessel Run software factory, to NITMRE at the 618th Air Operations Center, where P1’s collaboration tools synthesized complex operational data for mobility teams to improve real-time decision making.

P1 also offered the F-35 program a faster and more efficient way to deliver software updates at a lower cost.

“Having common platforms and baselines is a game-changer. They cut down on redundant work, speed up training and simplify accreditation, which means teams can spend less time navigating bureaucratic hurdles and more time delivering mission-critical software,” Norris explained. “Warfighters get the capabilities they need faster, and both government and industry can focus on delivering software that gives the U.S. an edge where it counts.”

Beyond the Air Force

Collaboration with DOD, the commercial tech sector and the open-source community is a foundational pillar of P1. Open source is “absolutely critical to success” and the “backbone of modern cloud computing,” according to Norris.

P1’s products and services are driving collaboration across the DOD, the defense industrial base and commercial tech sector toward “faster, more secure software delivery,” Norris said.

The software delivery engine’s influence has since spread beyond the confines of the Air Force. The Department of Veterans Affairs created its own Platform One in March 2021, which provides containerized microservices to developers to push quick updates and minimize security risks.

“VA Platform One leverages a continuous integration and continuous delivery tool set that’ll allows our teams to quickly configure automated tests to ensure that the code is always ready to deploy, defect free, and new code is integrated as frequently as several times a day,” former VA Deputy Assistant Secretary for DevSecOps Todd Simpson told GovCIO Media & Research in March 2022.

The Centers for Medicare & Medicaid Services (CMS) developed its own continuous authorization and verification engine, dubbed the “Batcave,” in 2021, led by former CMS CISO Rob Wood, to take a more unified approach to software development and cybersecurity.

The Future of Software Delivery

Emerging technology like post-quantum cryptography and machine learning has offered new opportunities for P1 as continues to rapidly deliver in service to the warfighter.

Humans are leveraging machine learning to help sift through the influx of raw data and free up time to perform nuanced tasks, Norris said. As machines begin to perform operations at quantum speeds, Norris said P1’s ability to quickly deploy updates will be critical to protecting systems from cyber threats.

“We need to posture ourselves to rapidly deploy updates to our systems as new technologies become available. The good news is that the tools we build and use at P1 are all designed around being able to update our software at will, whether that’s to update a feature to help a warfighter, deliver a critical security patch, or upgrade our systems to be quantum-resistant,” Norris said.

Next on the horizon, P1 aims to develop “innovative, dual-use commercial tools to support scalable, centralized management of DevSecOps infrastructure,” which will help teams lacking in resources run their own clusters to have secure and managed solutions, explained Norris.

“It’s all about making DevSecOps more accessible and flexible while staying aligned with the DoD’s push for faster, more efficient software delivery. And that has been P1’s value to this ecosystem since the start. Our mission hasn’t changed, nor has our commitment to it,” Norris said.