QUESTION: Our agency has taken the liberty to define our own Software Development Lifecycle. We are currently operating through the following phases "(1) Plan, (2) Analyze, (3) Design, (4) Build, (5) Test and Evaluation, (6) Release and Deployment, (7) Sustainment."  Unfortunately, we are a little lax with our internal controls. Is there a list of DoD mandated ICs or at least a strongly encouraged list of "best practices"  or non-negotiables to help keep us better regimented?

ANSWER: I won’t belabor this topic, but the Software Acquisition Pathway (https://aaf.dau.edu/aaf/software/) has two simple phases: planning and execution. The phases you describe are in line with waterfall development, and all DoD is supposed to use modern development styles (agile, DevOps, SAFe, DevSecOps). All the steps you created are still important, but can be streamlined through the modern processes.