As an enterprise software factory and center for mobile excellence within the Air Force, BESPIN offers many services catering to different points in the software product lifecycle, such as:

• A secure mobile and cloud CI/CD pipeline for access to government cloud and infrastructure
• Data infrastructure for applications
• Design tooling and consulting expertise for application development
• User Experience (UX) monitoring for tracking metrics and gauging customer satisfaction and behavior
• A variety of mobile & web development services to create tailored solutions for your ideas

The cost will vary depending on which services are selected. We have pre-negotiated rates for our services for each IDIQ and work with the government sponsor to establish the best fit.

BESPIN provides services to US government agencies.

Some of the organizations and missions that we have supported include the Air Force, Special Operations Forces (SOF), Air Education and Training Command (AETC), the Space Force, the Army, Marine Corps, the Centers for Disease Control, the Royal Singaporean Air Force, and the British Air Force. We also work closely with innovation units across the DoD and US government including Air Force Research Laboratory (AFRL), AFWERX, and Defense Innovation Unit (DIU).

As a DoD Software Factory, BESPIN’s customers are other government entities. While we can work with commercial and non-profit entities, that work must be sponsored by a government entity to achieve specific enhancements to their government mission.

BESPIN has collaborated with leading industry partners, including: Astrion, Big Nerd Ranch, Blue Cedar, Clarity, Dark Wolf, Ditto, Fearless, Jasper, MITRE, MoStudio, NowSecure, Oddball, OmniFederal, Rebellion, Rownd, Skylight, Storij/So Company, Tesseract, Trek10.

To establish a successful partnership and contractual task order, BESPIN follows a multi-step process:

• Initial engagement: First, we meet with prospective customers to discuss their specific needs and programmatic details.
• Technical scoping: To best address the needs of the project, we bring technical representatives from BEPSIN, industry partners, and prospective partners together to align on the project details.
• Financial and contractual alignment: Next, we coordinate communications between BESPIN and the prospective customer government representative to develop the required documents in preparation for an executable contract task order. These include:
  • IDIQ vendor rough order of magnitude (ROM ) from BESPIN
  • Independent government cost estimate (IGCE) from BESPIN
  • Funding Assurance Letter / Form 9 from the government representative
• Contract award and kickoff: A signed task order is generated after there is funding assurance. This will kick off the contract with the determined IDIQs. A BESPIN program manager (PM) will be assigned to the project and run a kick-off meeting to establish the next steps.

A standard task order can usually be executed within six weeks of our initial engagement, but this can vary depending on funding and contracting office bandwidth during surge periods.

When working with BEPSIN, the main duties listed here fall to the partners’s project manager & product team:

• Program management and program requirement ownership: The cost, schedule, and performance of the program remain under the control of the partner organization. This includes determining release dates, requirements, and data control. This may include completing documentation such as Data Exchange Agreements, Privacy Assessments, the Clinger Cohen Act, and other requirements that may be levied on the customer program.
• Development, design, security and validation: The division of responsibilities in these areas depends on what was negotiated in the solution package during BESPIN onboarding. Specific responsibilities will be included within a contract task order for execution by a BESPIN industry or government partner. If our partner elects to pursue a certificate to field these development activities, they will need to adhere to our pipeline, security chores, and development policies/standards. The development team will be responsible for remediating security findings and POA&M fixes. Our partners typically leverage our Certificate to Field (CTF) process and deliver software under the BESPIN ATO / cATO. However, in rare cases the customer’s mission owner / Authorizing Official (AO) may choose, at their discretion, to require a separate ATO for the software. In this situation, obtaining the ATO remains a customer responsibility, but using BESPIN’s fully accredited pipeline and infrastructure can significantly reduce the ATO burden. Customers will have access to a digital body of evidence throughout the lifecycle, and we have mapped several traditional ATO artifact requirements to the BESPIN framework to further simplify the process. However, in nearly every case customers have been free to deliver and operate the software entirely through the BESPIN CTF.
• Production application operations and sustainment: The government partner will be responsible for establishing hosting requirements, establishing contractual relationships with the hosting entity, coordinating releases, and performing application sunsetting activities if and when needed.
• System and data ownership: The government partner is responsible for the duties applicable to the information system owner, information/data owner, and information steward as described in DoD and AF policies for their particular software solution. We support our government partners in the development, delivery, and sustainment of their software requirements. This is an enabling function, but BESPIN does not assume ownership of customer systems or data.

BESPIN provides Secretary of the Air Force (SAF)-accredited continuous integration and continuous delivery (CI/CD) infrastructure and a DevSecOps process that enables customers to rapidly build, harden, test, and deliver software using the certificate to field (CTF) process.

To achieve a CTF, the development team is onboarded to the BESPIN toolchain and process. Guided and assisted by the factory support teams, the team builds the software, implements the specified security controls, and ensures the software satisfies the CICD quality and security gates.

Once the software has satisfied all requirements a risk review is performed, the CTF is issued, and the software is delivered to production. Next, our government partner can continuously deliver updates to production, provided the CICD gates remain green, the DevSecOps process is adhered to, and the risk continues to be managed.

BESPIN security is designed to support and enable teams through their journey by providing clear, actionable security requirements early in the dev lifecycle, evaluating proper control implementation, and evaluating risk in an agile manner and on an ongoing basis. This typically frees development teams from needing expensive security experts on their team, so they can focus on developing features to meet mission needs.

When you work with BESPIN to deliver software under a CTF, you benefit by leveraging and inheriting these capabilities, enabling you to rapidly design, build, test, harden, and deliver your software.

BESPIN has established partnerships with various hosting environments to deploy software into production.

For mobile applications, we maintain the official Air Force account in the Apple app store and Google Play store, and we have delivery partnerships with multiple DoD and MAJCOM mobile programs including Electronic Flight Bag programs and other Mobile Device Management systems. Cloud software receiving a CTF can be rapidly deployed into production in Cloud One as well as other cloud environments and mission platforms.

Customer partnership decisions are based on a handful of factors and can be reviewed during an initial conversation. Factors BESPIN takes into customer partnership consideration include:

• Does BESPIN have capacity to take on your project at this time?
• Is there a technical and feasibility fit for BESPIN?
• Would BESPIN be able to execute within the desired timeframe?

If your organization has answers to the following questions, it’s the perfect time to reach out to our team:

• Is there funding for your project, if so, what kind and what amount?
• Do you know the month and year that you are anticipating the project will start?
• What are the expected go-live dates?
• Who is the technical point of contact who will join the initial BESPIN call?
• Is your team planning on bringing your development app team, including builders, administrators, and operators?
• What are the challenges, goals, and opportunities that your project faces?
• What are the technical constraints and requirements your project will require?
• Does your team have projected users? If so, who are they, what do they need, and what are your success metrics?