At the direction of the Secretary of the Army, the Enterprise Cloud Management Agency (ECMA) is a field operating agency that provides oversight for all Army cloud processes and activities. Operating under the Headquarters Department of the Army, Chief Information Office, ECMA ensures a full unity of effort, in identification of seven strategic imperatives:
1) Expand cloud
2) Implement Zero Trust architecture
3) Enable secure, rapid software development
4) Accelerate data-driven decisions
5) Enhance cloud operations
6) Enabling the cloud workforce
7) Provide cloud cost transparency and accountability
ECMA VISION STATEMENT
Deliver digital overmatch through data-driven outcomes at the speed of operational relevance.
ECMA MISSION STATEMENT
The ECMA increases Army readiness and lethality by continuously enhancing digital literacy; driving data, software and process transformation and delivering a secure, globally-dominant cloud ecosystem, foundational to the Army-modernization strategy and digital overmatch.
READY TO START YOUR ARMY CLOUD JOURNEY?
To begin your cloud journey go to the ECMA My Army Cloud to initiate a request to begin the Cloud Modernization Approval Process (CMAP) or to submit a question. For additional information, visit the milSuite page (CAC required). For site accessibility issues, please contact the Cloud Enablement Division at email@example.com.
DIRECTOR (A), ENTERPRISE CLOUD MANAGEMENT AGENCYMr. Gregg Judge
The Cloud Enablement Division designs, develops, resources, executes and enhances the Cloud Modernization Approval Process (CMAP) including system owner and stakeholder engagements, software assessments and design enhancements, and software engineering efforts, to deliver secure, cloud-optimized solutions and operationalized data to support the Army Cloud Plan, Army Digital Transformation Strategy and Army Modernization Strategy.
To begin your cloud journey:
Go to the ECMA My Army Cloud to initiate a request to begin the CMAP or to submit a question. For additional information, visit the milSuite page (CAC required). For site accessibility issues, please contact the Cloud Enablement Division at firstname.lastname@example.org.
CLOUD SERVICES DIVISION
The Cloud Services Division designs, builds, secures, operates and continuously enhances the cARMY common shared services provided as a service to the U.S. Army and the DoD. These common services are established to support Impact Levels 2, 4, 5 and 6 today within Amazon Web Services and Microsoft Azure. Additionally, the Cloud Services Division establishes and maintains the set of access and border security services for the cARMY environment, including the Virtual Data Security Stack and the availability of cARMY user access to the environments through the Cloud Access Points.
Common Shared Services for cARMY enable applications to function in the hosting environment and are centrally managed by the ECMA. Providing centralized Common Shared Services reduces costs and reduces barriers to cloud adoption by preparing the environment for all applications. The ECMA presently delivers 31 Common Shared Services in cARMY and will update and modify these as Army needs dictate.
To view technical details of all 31 Common Services of cARMY visit the ECMA milSuite page (CAC Required).
DATA AND SOFTWARE SERVICES DIVISION
The Data and Software Services Division provides common data services and common software tooling and hosting services, supporting the Development, Security and IT Operations communities towards DevSecOps in the Army. This includes data discovery and operationalizing of the end-to-end data acquisition and analysis process. This also includes the fielding of the Army’s Code Resource and Transformation Environment (CReATE) a DevSecOps ecosystem providing customer support, productivity tooling, continuous integration/continuous delivery pipelines, and container platform and source code hosting environments. The division will provide DevSecOps services, architecture, and product management leadership for designing, testing, and fielding software across each mission area.
CLOUD CYBERSECURITY DIVISION
The Cloud Cybersecurity Division (C2D) enables digital overmatch by accelerating the Army’s transition to cloud technologies, with a focus on cybersecurity policy, in support of the Army Modernization Strategy. C2D provides decision makers with risk-informed policy and recommendations by modernizing the cybersecurity authorization process and decreasing time to field cloud-based solutions through the execution of a lean risk management process. Key tasks include modernizing ATO processes to capitalize on cloud-enabled DevSecOps practices, aligning cybersecurity policy to strategic guidance, Congressional requirements, and establishing compliance reporting for all Army cloud environments.
CLOUD MANAGEMENT DIVISION
The Cloud Management Division handles the financial operations, external communications, business processes, acquisition efforts for the Enterprise Cloud Management Agency. These efforts are focused on ensuring the required vendor services are available via contracts awarded based on focused acquisition efforts, ensuring business processes are defined across stakeholders—with automated workflows in defined systems—to allow ECMA to effectively meet customers’ needs in each phase of the customer’s journey. ECMA ensures concise, informative, and educational communications are provided to all Army audiences, and has an overall technical architecture allowing all aspects of the cARMY environment to function effectively.
How To Initiate The Cloud Modernization Approval Process
ECMA serves as the authority for Army-wide cloud adoption and maintains the expertise to enable the Army’s cloud adoption efforts, reduce barriers to cloud adoption and engage at every echelon to educate and inform customers on their journey to cloud. ECMA developed the Army Cloud Modernization Approval Process (CMAP) to facilitate a standardized, transparent and repeatable process to modernize and transition Army systems, applications and data to the cloud.
To begin your cloud journey go to the ECMA My Army Cloud to initiate a request to begin the CMAP process or to submit a question. For additional information, visit the milSuite page (CAC required). For site accessibility issues, please contact a member of the Army Cloud Team at email@example.com.
To join the Army Cloud Community please join our A365 Team.
ECMA established multi and hybrid cloud ecosystem known as cARMY to simplify, standardize and optimize the Army-wide adoption of cloud technology and reduce barriers to cloud migration. cARMY provides common cloud shared services, global connectivity and required Cybersecurity Service Provider (CSSP) services for all Army applications, systems and data hosted in the cloud.
cARMY is currently approved for use from IL2 to IL6.
To view additional information on cARMY, visit the milSuite page (CAC required). For site accessibility issues, please contact a member of the Army Cloud Team at firstname.lastname@example.org.
To join the Army Cloud Community please join our A365 Team.
The Army's Code Resource and Transformation Environment (CReATE) vision is to provide a common DevSecOps platform for the Army community to design, test, build and rapidly deliver secure-software capabilities across all networks and mission areas to accelerated-digital overmatch.
Our mission is to eliminate redundant IT capabilities, streamline delivery of functionality and realize cloud-native architecture that is resilient, scalable, on-demand and available at the edge.
Deploy Rapidly – Continuously Secure – Accelerate Overmatch
CReATE strives to enable application teams to quickly deploy secure, resilient and scalable applications into the hands of their users. Paths to production within CReATE use the Army DevSecOps Playbook (CAC Card Required) and a continuous Risk Management Framework (cRMF) model within an IL-4/5 accredited environment platform in cARMY.
What CReATE Offers
Built around a DevSecOps culture, we offer authorized DevSecOps tools and continuous integration/continuous delivery (CI/CD) pipelines which enable software development teams to design, utilize and implement pre-built paths to production that enable cloud-native software development and continuous software modernization, within a secure, stable and reliable platform.
CReATE provides a DevSecOps ecosystem with a range of tools, services and capabilities to enable planning, CI/CD orchestration, development, build, test, security and release of products.
Available Enterprise Engineering Tools are a suite of IL-5 accredited tools and capabilities with a range of DSO and software development lifecycle capabilities.
Tools deployed boost efficiency and serve as a total Army resource for modern software development. Users can focus on providing the best possible software instead of worrying about getting and maintaining the tools they need.
Source code push team (SCRerer) provides guidance on building pipelines that can deploy an application to production through a series of security checks, which have been put in place through consultation with application security validation engineers.
The SRCerer premiere products offers a source code push model that provides repeatable, accredited build processes with inherited controls. SRCerer allows application teams to drastically reduce the time it takes for the application to go from ideation to running in production in a secure and approved way. SRCerer customers, those using the SCRerer pipeline, not just guidance, inherit ~75% of security technical implementation guidance (STIG) controls from our product using App Dev STIG.
The application security validation engineer (AVSE) team has developed a security pipeline that can be added to build pipelines to ensure minimum security requirements are met. Currently the pipelines ASVE have pre-built focus on those application on the CReATE-SWF path to production. For those following an alternat P2P modifications would need to be made. Our ASVE team members are developer security advocates that bridge the gap between technical implementation and compliance to reduce debt for teams and accelerate deployments.
Along any path to production there will be continuous integration/continuous deployment occurring. And at times an organization may not quite be ready for a full path to productions. While not writing pipelines for application teams continuous integration (CI) assistance is available from SCRerer and customer success which may extend the use of CReATE's engineering productivity tools by enabling teams to perform builds, unit tests, static code analysis and other CI-only actions, allowing teams to foster DevSecOps behaviors and culture on their team.
A cloud-native computing foundation Kubernetes conformant architected environment is at the base of the CReATE platform. The infrastructure exploits CSP-managed services and technologies to create cybersecurity hardened-raw ingredients, with added value further down the software supply chain for continuous observability, monitoring and alerts for the platform.
Characteristics include high availability across three availability zones, automated provisioning, Kubernetes version parity with CSP, disaster recovery and OCI compliant container images.
The availability of common-stack services and capabilities to be offered will support a “self-service” concept for infrastructure provisioning. This will allow CReATE’s tenant software development teams and factories to focus on the SDLC without needing to maintain the underlying infrastructure.
Accessibility and access control, as CReATE is accessible via commercial and DoD network with a CAC single sign on.
User and team access controls via a government off-the-shelf self-service application.
Collaboration, project and document management with requirements tracing and issue tracking capabilities.
Software team collaboration
Source code, release, software dependency management
Software artifact storage
Automated build, test, deployment (pipelines)
Code and application dependency scanning
Container and container image scanning and storage
See more at the CReATE DevSecOps Playbook.
Security considerations are part of all processes, from platform configuration to applications deployments and several points along the way. Security and integration of not only security tools, but also Cybersecurity personnel from the beginning of applications lifecycle are included in the overall CReATE platform solutions and are key to the continuous monitoring, risk management and authorization for which CReATE strives.
CReATE’s multi-tenancy architecture requires security, especially as related to access and deployment of all services, to be an integral part of delivery.
Currently pre-bult pipelines designed by the CReATE application security validation team (ASV) have a focus on those applications on the CReATE partner AFC-SWF path to production. For those following an alternate P2P, modifications would need to be made. Our ASV team members are developer security advocates that bridge the gap between technical implementation and compliance to reduce debt for teams and accelerate deployments.
To ensure our tenants are set up for success, CReATE is committed to delivering excellence in the facilitation of onboarding. By simplifying the success gaps for our user community and by providing tenants’ sustainment needs by integrating a full-support lifecycle across the Army CReATE product organization, we ensure that all tenants are aware of and properly set up in every tool and infrastructure that they need.
Because of CReATE’s diverse mission areas, none of our tenants are structured the exact same way. Our dedicated customer success team ensures that each tenant receives the care and attention they need to thrive in the fast-paced world of DevSecOps.
We also provide continuous support to our tenants through regular vendo- led lunch & learns, quarterly user community meet-ops, quarterly executive reviews, and our “Ask CReATE Anything” channel on MS Teams, which currently has more than 3,200 users. Any issue a user has can be submitted in a service ticket for prompt attention and communication.
Get started with CReATE
Getting Started with CReATE involves submitting a request for intake with ECMA, following the “Ready to Start your Cloud Journey?” during which you are asked to indicate “CReATE services requested”.
For General Questions you may visit our “Ask Army CReATE” MS Teams channel, where Q & A as well as other discussions occur. In addition, various information can be found within the Files and other top menu links.
Contact Us via Email: USARMY Pentagon HQDA CIO Mailbox CReATE <email@example.com> alias firstname.lastname@example.org
Army Digital Transformation Strategy
Unified Network Plan
Mandatory Implementation of Army Data Services Requirements
Army Regulation 25-1, Army Information Technology (In Revision)
Army Regulation 25-2, Army Cybersecurity
Army Cloud Plan 2022
Army Data Plan
2019 Army Modernization Strategy
Army Cybersecurity Awareness Campaign
Shaping the Army Network: Mobile Technology
Risk Management Framework
Privacy Impact Assessments
CIO/G-6 Collaboration Site (CAC Required)
Army Data Body of Knowledge (ADBOK) Team (IL5 Teams Account Required)
Army Data Plan, Governance and Execution Order (CAC Required)
Army Network Modernization Division Portal (CAC Required)
Info Assurance 1-Stop Shop (CAC Required)
CyberSec Awareness Toolbox (CAC Required)
Communications Security Modernization Implementation Planning Guidance (CAC Required)
U.S. Army Futures Command
U.S. Army Cyber Center of Excellence
U.S. Army Mission Command Center of Excellence
U.S. Cyber Command
To go to the cloud, email email@example.com
To go to CReATE, email firstname.lastname@example.org