DODI 5000.89 states “For non-major defense acquisition programs (MDAPs) and for programs not on T&E oversight, these guiding principles should be used as a best practice for an integrated and effective T&E strategy.” As such, your chain of command should decide and document what the appropriate level of formality is for a specific program that is not a MDAP. Information in DODI 5000.89 related to effectiveness, suitability, integration, cybersecurity and other considerations should be addressed in appropriate detail in your T&E documentation (formal TEMP or otherwise). DODI 5000.89 can be accessed here: https://www.esd.whs.mil/Portals/54/Documents/DD/issuances/dodi/500089p.PDF?ver=Plc85E0-NVNide91K3XQLA%3d%3d
The Milestone Documentation Identification (MDID) tool may be a useful resource for identifying what is required by statute, required by regulation and/or waiverable as pertains to your specific situation. The MDID can be accessed here: https://www.dau.edu/tools/t/Milestone-Document-Identification-Tool-(MDID)-
In addition, since a significant portion of what you are delivering is software, you should review the Software Pathway under the adaptive acquisition framework (https://aaf.dau.edu ), available here: https://aaf.dau.edu/aaf/software/ On that page is a “See what’s changed recently” link available here: https://aaf.dau.edu/aaf/software/swp-change-log/ . I mention this because there is in DRAFT a DEVSECOPS T&E Guidebook which I believe will be very useful to you (once published) so you might check back frequently to see if it has hit the street. I was told that we could expect publication in April 2021.
In addition, do not forget to run to ground who the Authorizing Official (AO) is for your efforts so that you do not neglect the Cybersecurity considerations.