Lofty Goals for the Next Version of the Military Cloud

The Joint Warfighting Cloud Capability (JWCC), which is in its fourth year of contract execution providing the military department with commercial cloud offerings, continues to evolve, reported Jefferson Marshall, director, Hosting and Compute (HaC) Directorate (J-9), Defense Information Systems Agency (DISA).

Marshall spoke along with other DISA cloud executives at AFCEA’s TechNet Cyber 2026 conference in Baltimore. The HaC Directorate oversees the existing JWCC and the future cloud efforts, under the guidance of the department's chief information officer, Kirsten Davies.

Last year, DISA had been pursuing the so-called JWCC Next effort as a subsequent effort to the department’s $9 billion JWCC. The idea has shifted a bit and is now called the JWCC Unified Cloud Marketplace (UCM).

The UCM will have different parts (and at least two sets of solicitations): a new marketplace of solutions from third parties and an enhanced core component, called JWCC Core, with hyperscaler offerings from the big U.S. cloud companies such as Amazon Web Services, Microsoft Azure, Oracle Cloud and IBM Cloud. 

“JWCC Next is morphing, it is updating, it is changing,” Marshall said. “It is turning into a two-prong thing. JWCC Next is actually going to be renamed to the JWCC Unified Cloud Marketplace as an overall solution, and within it will be two subsets. The first one we are already working on, which was known as JWCC Next. That is now going to be known as JWCC Core, which will be for the hyperscaler piece, and that is getting ready to go out on the street. The other piece we are currently working really hard on is what Honorable Davies has put together [the third-party marketplace].”

DISA intends to release the two solicitations “around the same time so that they are both awarded around the same time, so that we can provide that holistic UCM capability to the warfighter,” the director indicated.

“We are doing a strategic pivot,” said Alee Long, DISA’s program manager for the JWCC. “We are transforming from the traditional infrastructure to be a more customer-centric, dynamic hybrid-cloud solutions provider.”

The UCM will include three tiers of providers, including innovative suppliers. Tier one will include the UCM Core, the hyperscalers, and tiers two and three will be called UCM Premier.

“The JWCC UCM is a unified solution for all provisionally authorized cloud service offerings, and it is going to have various tiers,” Long clarified. “Our tier one is going to be very similar to what we offer today on JWCC and what we are getting after for JWCC Next [UCM Core], that direct hyperscaler relationship. And what we will be able to achieve with the Unified Cloud Marketplace is that tier two and tier three, going after not just the innovation always, but the agility now.”

DISA has not yet released the two planned requests for proposals, Long noted. The agency has posted a draft performance work statement for the UCM Core to get best practices and feedback from the hyperscaler industry.

Another part of the HaC’s pivot is to reflect in the contracts how the department is adapting its overall acquisition processes.

With converting portfolio executive officers to portfolio acquisition executives and enabling more authorities at lower leadership levels, even the setup of cloud capability acquisition has to be aligned, Marshall noted.

“For acquisition, that is a framework, but what it relies on are the people and their leadership within it, within the program and around the program to make things happen faster, more agile, more iterative, more flexible,” he shared. “To do that, we've got to clear out the hierarchy of, 'If I make a choice down here, do I need to get my executive way up here to sign off on it, or can I have the authority and the trust that I can make that decision within that level in order to move out on the capability that is needed?”

Awarded in December 2022, the JWCC contract provided an unprecedented environment for the military to directly acquire commercial cloud capabilities and service at three classification levels (unclassified, secret, top secret) and move data and information from strategic and operational headquarters to the tactical edge. It gave end users a single point of entry to ensure competition from the cloud service providers and grew understanding of cloud requirements across the enterprise.

Long emphasized that, overall, the JWCC has been a great success.

“My takeaways are speed and savings,” she highlighted. “We have executed over 200 task orders, and our life-cycle value is just over $7 million. It's a really great adoption [rate] that we have.”

The cloud task order process—with an end user or organization (mission partner) coming to DISA with cloud needs, understanding the possible cloud services and costs, and then executing—now averages 45 business days to award.

Even more groundbreaking has been the push for the cloud providers to have the capacity to offer cloud services at different classification levels, something that did not exist in the commercial world but was important for the military. The hyperscalers worked to provide environments for higher security impact levels (IL) over time, amongst other improvements, Long said.

“We do have all the way up to TS [top secret] on the contract,” she shared. “The majority of our workload is IL 6 and IL 5. And there are a lot of benefits that we are able to offer, the tactical edge devices being one, the commercial points of presence and the commercial parity. Having that direct relationship with the cloud service providers has really helped us achieve all of the advancements and all of the missions that we have in theater.”

The HaC also developed a robust advisory and assist service for end users to navigate the complex web of possible cloud solutions.  

“The cloud service providers have partnered with us, and they offer a lot of training, risk assessments, optimization and ways to give strategic advice for their offerings,” Long explained. “They understand that there can be the gap between the knowledge set for what the government is operating in and what industry has to offer.”

This also enabled the military mission partners to better compare the cloud companies’ offerings, she stated. 

Then, DISA’s cloud accelerators programs “really advanced” the adoption of cloud for the mission partners. The accelerators include cloud acquisition pathways that streamline the front-end acquisition processes and identify the necessary documents and formatting, including requirements packages and performance work statements, to get users faster to their cloud task order awards.

“It is saving time, it is taking the information and putting it into those documents that we have vetted with our contracting activity,” Long said. “We are able to automatically create those acquisition documents. That is something that we have been able to offer for the whole entire length of the contract, and I think that is really an advancement and a benefit.”

In addition, the HaC continues to push the cybersecurity of the cloud. This effort includes the Department of Defense Cyber Defense Command (DCDC) and the expertise of the operators and protectors from what was formerly known as the Joint Force Headquarters Department of Defense Information Network.

“The team has been involved in some tabletop exercises, something that we partnered with DCDC on, and that really just boosts our cloud resilience,” Long said. “We are always looking at ways to plan ahead and build our systems, test those systems and ensure that we are prepared.”

As the HaC situates for what is next, Long emphasized that they will continue to hear what is important for their end users in terms of cloud.

“I think it is important to highlight, since we have been awarded for a while, some of the enhancements that we've been able to make,” she stated. “We know there's no such thing as a perfect contract, so we really listened to our mission partners. We figured out what has been a blocker to cloud adoption and how can we adjust the contract. What is something that we built in that is a blocker, and how can we change that? It has really been a partnership with our contracting activity and the cloud service providers. This is the first-of-its-kind contract where we are bridging the gap between industry and government.”

TechNet Cyber is organized by AFCEA International. SIGNAL Media is the official media of AFCEA International.