The DoD Policy for Software Management should be found in the DODI 5000.02, as this instruction is mandatory for all DoD Programs to follow. However, the current DODI 5000.02 does not do a good job explaining the policy.
The new DODI 5000.02 (yet to be published--no date given) does explain the policy for Software Management in Chapter 11:
11. SOFTWARE. The development and sustainment of software can be a major portion of the total system lifecycle cost and should be considered at every decision point in the acquisition lifecycle. A phased software development approach using testable software builds and/or fieldable software increments as described in the program models enables the developers to deliver capability in a series of manageable intermediate products to gain user acceptance and feedback for the next build or increment, and reduce the overall level of risk. The Systems Engineering Plan should address the following: software unique risks; inclusion of software in technical reviews; software technical performance, process, progress, and quality metrics; software safety and security considerations; and software development resources. Software assurance vulnerabilities and risk based remediation strategies will be documented in the Program Protection Plan.
Further, the new DODI 5000.02 (yet to be published--no date given) also gives examples of two different software management models: Defense Unique Software Intensive Systems and Incrementally Fielded Software Intensive Systems.
The Defense Acquisition Guidebook, DAG, also provides very robust guidance on how Program Managers should manage software: Please see the Defense Acquisition Guidebook, paragraph 220.127.116.11.