Command, Control & Intelligence Systems
Multi-agency, multi-stakeholder programs where procurement, compliance, and mission alignment determine success.
Inside this journey
-
Pre-Discovery
Align the room on outcomes, decision process, and constraints before deeper discovery.
-
Stakeholder Alignment
Confirm decision roles, funding profile, timeline, and program-level success criteria.
Alignment Questions
Quick introductions — who should we be talking to first?
- Which people and roles on your team should we know by name and title for this program? (select all that apply)
- If you selected 'Other' above, list the names, titles, and best contact approach for those people.
- What is the program name, current milestone or phase, and the top-line objective you are being held accountable for?
- How is this effort funded today and through the next 18–36 months?
- What contract vehicle or acquisition pathway is in use or planned (e.g., IDIQ, OTA, GSA, FMS)?
If this program missed its next milestone, what would keep you up at night?
- Which specific mission effects would degrade first if the program fell behind (select up to three)?
- Tell us about a recent incident or exercise where existing capabilities failed to meet operational needs—what happened and why did it matter?
- How often do these capability shortfalls occur today?
- How do these failures typically show up to senior leadership or oversight bodies (data, stories, metrics)?
Where does your architecture actually break under real mission pressure?
- Which systems are core to the mission picture today (select all that apply)?
- Describe the most persistent interoperability gap between those systems—what data or capability can't you share reliably?
- What are the common failure modes you see during integration or live events (e.g., latency, data loss, auth failures, encryption incompatibilities)?
- Which of these gaps do you believe are caused by policy or accreditation limits rather than pure technical constraints?
- Can you point to a plugin, gateway, or adapter that has been tried and did not deliver—what was the main reason it failed?
Who really signs off when things go wrong—and who will sign for success?
- Who holds the formal acceptance authority for this capability (select one)?
- Beyond formal signatories, which informal influencers can block or accelerate acceptance (committees, sponsor offices, partner nations)?
- How fixed or flexible is your funding profile across the next two fiscal years?
- What timeline pressure points are non-negotiable (e.g., fielding windows, exercises, congressional reporting)? Please list dates and consequences if missed.
- When trade-offs are required, who decides which requirements are relaxed (e.g., the PMO, user reps, contracting officer)?
What would mission success actually feel like to the operators on day one?
- List 3–5 measurable signs you would accept as evidence of operational success (e.g., % target coverage, latency thresholds, time-to-decision reductions).
- Which of these outcomes is the single highest-priority metric for leadership (select one)?
- How do you currently validate those metrics—real exercises, synthetic tests, red-team, or operational feedback loops?
- What constraints (policy, funding, personnel clearance) would force you to lower your success bar?
- If we had to deliver an initial capability that proved value quickly, what small but decisive change would demonstrate that value within 90 days?
What’s actually standing between you and a clean accreditation path?
- What is the current RMF/J-AB or equivalent status for this program (select one)?
- List any outstanding POA&Ms, high-risk controls, or formal cybersecurity blockers that must be closed before fielding.
- Who owns the RMF artifacts and accreditation submissions today (select one)?
- Have you attempted cross-domain or enclave transfers before? If so, what policy or technical hurdle proved decisive?
- What level of system and personnel clearance will be required for integration and test events at your sites?
If we were honest, what single thing would make the project deliverable on schedule?
- What are the top three dependencies that must be resolved before a first successful fielding (select up to three)?
- Describe any known integration windows, factory test slots, or site access constraints that would shape sequencing.
- Who will be the onsite owners and point-of-contact during installation and acceptance testing?
- What fallback or mitigation plan is acceptable if a dependency slips (e.g., phased roll, degraded mode, temporary gateway)?
- How would you prefer we report progress and risk—weekly dashboards, technical deep-dives, executive summaries, or a combination?
What do you need from us to decide to move forward in the next 30 days?
- Which immediate deliverable would be most persuasive right now (select one)?
- Which documents or artifacts should we prepare and share first (select all that apply)?
- What would constitute a 'no-go' from your side—conditions that would stop this effort before it starts?
- How quickly can you assemble the stakeholders we listed earlier for a focused 90-minute alignment session?
- Who should receive a brief executive one-pager summarizing risks, trade-offs, and the recommended next step after our discovery?
-
Current State Mapping
Document existing architectures, interoperability gaps, accreditation posture, and operational failure modes.
Current State
Start with the Big Picture: How Your System Runs Today
- Who are the primary users, teams, and physical locations relying on this system right now?
- Describe the deployment model that hosts your core capabilities today.
- Which major subsystems or capability blocks are in-scope for integration (e.g., sensor ingest, fusion engine, C2 workstation)?
- Which operating environments and classification domains must this architecture span?
- How would you summarize the mission workflows that depend on this system (short narrative or bullet list)?
Show Me How It Actually Runs
- If you had to bet a mission on this system tomorrow, what single technical reality would make you most uneasy?
- Which specific external integrations routinely cause the most friction (pick all that apply)?
- How do you currently validate end-to-end interoperability before field use?
- How often do integration failures surface during exercises or operations?
- Tell me about the last time an integration failed — what happened and what was the immediate operational impact?
Where Things Break Under Pressure
- Think back to the last crisis or exercise — what architectural blind spot was exposed most painfully?
- When that failure occurred, who owned the fix and how fast could they respond?
- How long does full recovery typically take after a major outage (hours/days/weeks)?
- What field workarounds do operators use when systems fail, and how sustainable or risky are they?
- Have past workarounds introduced security or accreditation exposure? If so, where and why?
What’s Really Missing Between Systems
- Which kinds of data or messages consistently fail to translate cleanly between partner systems?
- Which standards or protocols do partners expect that you do not fully support today?
- How much of your integration is custom point‑to‑point versus adapter-based reusable interfaces?
- Where do manual handoffs still exist (operator copy/paste, USB transfer, email), and why haven't they been automated?
- What would you estimate is the percent of total integration effort consumed by translation and normalization work?
Is Accreditation a Roadblock or a Checklist?
- If accreditation could be redesigned for speed, what single change would accelerate fielding the most?
- Where are you in the RMF lifecycle today?
- Which accreditation artifacts are complete and available right now?
- What percent of POA&M items are funded and scheduled versus unknown or unfunded?
- Which parts of the accreditation process are most manual or brittle for your team?
Who Has to Sign Off When Things Go Sideways
- When a residual risk needs acceptance, who in your governance structure is the ultimate decider?
- List the decision roles, organizations, and typical clearance levels that must be engaged for accreditation and operational acceptance.
- Are these decision makers and subject‑matter experts co‑located for rapid decisions or spread across organizations and time zones?
- Describe the most common friction point between program, security, and operations teams when negotiating acceptance criteria.
- How often do clearance or personnel availability issues delay accreditation or testing windows?
Data: The Straitjacket or the Superpower
- Which data flows are currently most constrained by classification, access policy, or format incompatibility?
- What metadata, tagging, or schema standards do you use to make data shareable?
- How are cross‑domain transfers implemented today?
- What latency or throughput SLAs are mission‑critical for the data types you just selected?
- Share a concrete instance where poor data quality (missing fields, duplication, stale info) caused an incorrect or delayed decision.
How Will You Know You’ve Fixed It
- If fixes were deployed tomorrow, which operational measures must improve for you to call the effort a success?
- What are the current baseline values for those metrics (numbers, percentages, or narratives)?
- Which test events or certification milestones must be achieved to validate those improvements?
- Who must witness and formally sign off on test success (organizations or named roles)?
- How frequently do you want progress reports and in what format (dashboard, slide pack, working demo)?
Constraints, Contracts, and Calendars
- What contractual or funding constraint, if ignored, will cause the program to fail its next major milestone?
- Which milestone dates are immovable for you (e.g., CDR, MS B/C, IOC)? Please name and date them if available.
- Are there contract clauses that limit changes to architecture, suppliers, or integration approaches?
- What change‑control rhythm would allow progress without jeopardizing compliance (formal board, sprint approvals, emergency lanes)?
- How much schedule slack is realistically available for integration, testing, and accreditation activities?
Ready to Act — What’s the First Risk We Should Remove?
- If we could eliminate one risk in the next 90 days, which would move the program forward most reliably?
- Who are the three people or roles that must be engaged immediately to remove that risk?
- What immediate, low‑cost evidence (demo, artifact, or test result) would convince decision makers that the risk reduction is real?
- How do you prefer remediation options be presented to leadership: a technical prototype, a risk‑reduction roadmap, or costed phases tied to milestones?
- Would you be willing to commit to a 30‑day discovery sprint to produce a concrete first deliverable (yes/no and any caveats)?
-
-
Outcome Discovery
Define target operational effects, measurable success signals, and constraints tied to funding and milestone schedules.
Discovery Questions
Tell Us the Mission That Matters
- Which program or mission are we focusing on for this conversation?
- Who are the primary users and decision-makers who will operate, evaluate, or approve this capability?
- In one sentence, how would the sponsor describe mission success for this effort?
- Which funding lines and appropriation types are expected to be used for development, integration, and fielding?
- What fixed milestone events (e.g., CDR, OT/DT, IOC/FRP decision) are on the calendar that we must align to?
Are We Mistaking Activity for Effect?
- What if ‘delivered capability’ isn’t the same thing as ‘operational advantage’—which of your current metrics might be giving you a false sense of progress?
- Which operational effects do commanders explicitly say they need (for example: shortened decision time, improved target certainty, or sustained situational awareness)?
- Of those effects, which currently have a clear, agreed metric and where (unit logs, test reports, analytics dashboards)? Please give examples.
- Who in your organization is responsible for measuring and reporting those operational effects today?
- How frequently must those signals update to be tactically useful (real-time, hourly, daily, etc.)?
Where the Schedule Really Bites
- Which milestone—if missed—would effectively derail the fielding plan or congressional deliverable?
- Which external dependencies present the highest schedule risk (accreditation, lab/test range access, funding release, interoperability with legacy systems)?
- Have similar programs experienced slips? If yes, what were the top one or two root causes you encountered?
- What percentage of your schedule is non-negotiable because of congressional, operational, or inter-service commitments?
- If funding were reduced by 10–20% this FY, which capability areas would you consider deprioritizing or deferring?
What Would Operational Success Feel Like at the Tip of the Spear?
- Imagine the system is in sustained use and commanders are bragging about it—what single operator behavior would change first and prove it works?
- Describe a concrete mission vignette where the platform changes the outcome—what happens differently, step by step?
- Which quantitative thresholds would prove that effect for you (select all that apply)?
- Are there operational, ROE, or coalition constraints that will limit how those effects can be realized?
- Who will be the authoritative reviewer that signs off this outcome as ‘mission effective’ during acceptance testing?
The Hidden Acceptance Criteria No One Asks For
- What tacit, political, or cultural acceptance criteria have derailed similar programs here before?
- Which cybersecurity and accreditation artifacts are non-negotiable for your ATO path?
- What environmental and operational constraints must the system survive in deployment (bandwidth, EMCON, climate, mobility)?
- What levels of personnel clearance, facility, or role presence are required for installation, testing, and handoff?
- Which acceptance tests, demonstrations, or artifacts from past programs won commander confidence fastest?
If This Was Done Wrong, What Would We Regret?
- What is the single worst operational consequence if this program underdelivers or is fielded late?
- Which specific failure modes do you think are most likely during first 12 months of fielding?
- How would a failure be recognized at the unit level—formal incident report, AAR, performance drop, or informal user complaints?
- What is your acceptable level of residual risk in order to meet an immovable milestone (choose the best fit)?
- Which contingency options should we prepare now if a critical dependency slips (e.g., alternate funding, limited initial capability, staged fielding)?
Agreeing Next Moves — What We Should Lock Today
- Which commitments, if made today between your team and ours, would most reduce program risk?
- Which decisions need to be made immediately versus those that can wait until after operational experiments or pilot events?
- Who (roles or names) must be in the room for the next milestone decision to be authoritative?
- When can we realistically convert the operational outcomes we discussed into formal acceptance criteria (pick the best timeline)?
- List the top three open questions or information gaps that we must resolve before committing to contract milestones.
-
Solution Experience
Run scenario-based sessions that map the offering to the customer’s mission workflows, accreditation path, and measurable effects.
Experience Meetings
- Current State Confirmation Workshop
- Consequence & Success Metrics Alignment
- Scenario-Based Mission Walkthroughs
- Accreditation Path & Security Mapping
- Validation Exercise & Acceptance Criteria Check
- Define mitigations that lower ATO risk while preserving the validated future state.
- Integrator to draft a simple ROI/impact memo showing how meeting thresholds reduce program cost/risk.
- Customer to confirm availability of telemetry/logging or provide alternate data feeds for metric verification.
- Scenario Selection & Objectives
- Validate that the solution workflow produces the defined future-state outcomes for each scenario.
- Tie each scenario step to at least one measurable success signal and record verification approach.
- Identify and document integration touchpoints and residual risks requiring technical spikes.
- Produce detailed scenario maps annotated with solution steps, metric tie-ins, and responsible owners.
- Create a prioritized list of technical spikes or integration tasks to close gaps found in walkthroughs.
- Schedule targeted SME sessions to resolve any disputed operational assumptions.
- Current RMF/ATO Status Review
- Produce a mapped accreditation checklist showing existing vs missing artifacts tied to scenario steps.
- Agree on owners and realistic delivery dates for each missing artifact and test event.
- Introductions & Objectives
- Draft an accreditation (RMF) gap report with owners, POA&M entries, and recommended mitigations.
- Schedule required security test events and identify lab/factory environments needed for evidence collection.
- Integrator to prepare artifact templates (SSP, SAR) pre-populated with scenario-specific controls for customer review.
- Recap Future State & Acceptance Criteria
- Demonstrate at least one success signal achieving its threshold with evidence.
- Obtain explicit customer validation (or recorded exceptions) against the acceptance criteria.
- Agree the next decision: pilot/test event schedule, remediation plan, or acceptance to move toward contract/milestone.
- Produce a short validation report with raw measurements, pass/fail against thresholds, and recommended remediation (if any).
- Update acceptance criteria and any contractual language or milestone definitions based on customer redlines.
- Schedule the full pilot or field test with owners, environments, and success metrics confirmed.
- Produce one clear, evidence-backed current-state sentence that all participants agree is accurate.
- Catalog top 3–5 operational failure modes with supporting evidence and owners.
- Confirm stakeholder list and who will validate later scenario outcomes.
- Agree on pre-work artifacts and timeline required to run scenario-based sessions.
- Draft and circulate the one-sentence current state and supporting evidence pack.
- Customer to deliver missing artifacts (interface specs, logs, accreditation docs) within agreed timeline.
- Assign SMEs for each documented failure mode and confirm availability for scenario sessions.
- Restate Current State & Gaps
- Document 3–5 prioritized success signals with quantifiable thresholds tied to program milestones.
- Produce consequence statements with at least one numeric estimate (days, $K, probability) for each top failure mode.
- Agree on measurement methods and owners for each metric.
- Create a metrics specification (definitions, thresholds, data sources, owners) and circulate for sign-off.
- One-Sentence Current State
- Map Scenario Behaviors to RMF Artifacts
- Scenario Walkthrough #1 (Live/Tabletop)
- Quantify Consequences
- Run Validation Exercise
- Measure Outcomes vs Metrics
- Forced Validation Checkpoint #1
- Define Ownership & Deliverables
- Define Success Signals & Thresholds
- Evidence Walkthrough
- Map Metrics to Milestones/Funding
- Scenario Walkthrough #2 (Live/Tabletop)
- Mitigations & Risk Reduction Steps
- Operational Failure Modes
- Customer Validation & Redlines
- Forced Validation Checkpoint #2
- Decide Next Steps & Pilot/Fielding Plan
- Stakeholder & Role Confirmation
- Validation & Measurement Methods
- Accreditation Timeline & Milestone Alignment
- Pre-work & Next Deliverables
- Capture Integration Touchpoints & Risk Items
- Recap & Agreement on What Was Proven
-
Solution Scope
Specify modules, responsibilities, integration boundaries, security controls, and acceptance criteria tied to DoD standards.
Scope Configuration
- Ruggedized Operator Workstation Deployment
- Secure Communications Gateway Installation
- Real-Time Data Correlation Engine Deployment
- Role-Based Access Control Implementation (DISA STIGs)
- Sensor Interface Adapter Integration
- Cross-Domain Solution Integration
- Factory Integration and System Assembly
- Site Rack, Power, and Network Cabling Installation
- On-site Operational Test Execution
- STIG Hardening and Security Control Implementation
- COMSEC and Key Management Device Installation
- Interoperability Middleware Deployment (STANAG/NATO)
- Operator Training and System Handoff
Scope Questions
Ruggedized Operator Workstation Deployment
- Do you require ruggedized operator workstations to be deployed as part of this effort?
- How many operator workstations are required per site (estimate)?
- What environmental and shock/vibration standards must the workstations meet?
- List required workstation peripherals and specialized I/O (e.g., multi-touch displays, joysticks, printers, crypto tokens).
- Will these workstations connect to classified enclaves or require separation between enclaves?
- What are the acceptance criteria for workstation deployment (e.g., boot time, application load, environmental tests)?
Secure Communications Gateway Installation
- Do you require a secure communications gateway to be installed and configured?
- Which network domains must the gateway support?
- What expected throughput and concurrent session capacity is required?
- Which crypto or compliance standards must the gateway meet (select all that apply)?
- Who will supply the WAN/transport circuits and termination (customer, prime, other)?
- Define the acceptance criteria for the gateway (e.g., latency, packet loss thresholds, crypto validation steps).
Real-Time Data Correlation Engine Deployment
- Is a real-time data correlation/fusion engine required as part of the solution?
- What data sources and formats must the engine consume (list sensors, message formats, streams)?
- What latency and throughput SLAs must the engine meet for correlation and distribution?
- Does the engine need to host or integrate third-party analytics, ML models, or external inference services?
- Will the engine run in classified enclaves, unclassified environments, or a hybrid architecture?
- Specify measurable acceptance criteria for data correlation (e.g., detection accuracy, false positive rate, end-to-end latency).
Role-Based Access Control Implementation (DISA STIGs)
- Do you require RBAC to be implemented in accordance with DISA STIG guidance?
- How many distinct user roles and role hierarchies are required (estimate)?
- Is PIV/CAC integration and multi-factor authentication required for role access?
- What audit/logging retention period and reporting requirements apply to RBAC events?
- Are there special separation-of-duty or dual-control requirements for privileged roles?
- Define the acceptance criteria for RBAC implementation (e.g., access matrix sign-off, successful STIG scan, audit trail verification).
Sensor Interface Adapter Integration
- Which sensor types must be integrated via adapters (select all that apply)?
- How many sensor feeds and what average data rates or sample rates are expected?
- Which interface protocols or standards are required for adapters (e.g., STANAG, DDS, serial/analog, custom SDK)?
- Will sensor data be classified, and at what classification levels?
- Are vendor SDKs, drivers, or documentation already available for the sensors?
- Specify acceptance criteria for sensor integration (e.g., data fidelity, timestamp sync PTP/UTC accuracy, end-to-end latency).
Cross-Domain Solution Integration
- Is a Cross-Domain Solution (CDS) required to move or share data across security domains?
- Which security domains must be bridged by the CDS (select all applicable)?
- What policy or accreditation constraints govern cross-domain transfers (e.g., allowed file types, sanitization rules)?
- Estimate daily transfer volumes and typical file sizes to size the CDS.
- Who will own licensing, maintenance, and operational responsibility for the CDS?
- Define CDS acceptance criteria (e.g., sanitization verification, policy enforcement tests, accreditor sign-off).
Factory Integration and System Assembly
- Will systems be assembled and integrated at the seller's factory prior to shipment?
- How many complete systems or units are planned for factory assembly?
- Are automated test harnesses, build automation, and acceptance scripts required for factory testing?
- Is serialization, chain-of-custody tracking, and asset tagging required during assembly?
- Are there export control, customs, or transportation constraints we should plan for?
- Define factory acceptance criteria and required deliverables (FAT report, test logs, build documentation).
Site Rack, Power, and Network Cabling Installation
- How many deployment sites and how many racks per site are in scope?
- What power configuration and redundancy are required at each site?
- What rack unit (RU) space, cooling, and floor-loading constraints exist at sites?
- Does the site require accredited physical security (e.g., SCIF, GSA container) for installed equipment?
- Who will provide local cabling and electrical work (Customer, Seller, third-party)?
- Define acceptance criteria for site installation (power/load tests, cable certification, environmental validation).
On-site Operational Test Execution
- Which test types are required on-site (select all that apply)?
- Who will witness and approve on-site tests (customer representatives, third-party test labs, accreditor)?
- What is the expected schedule window and duration for on-site testing?
- What data will be used for testing (sanitized, synthetic, or live data)?
- Are formal test plans, procedures, and acceptance checklists required to be delivered?
- Specify pass/fail criteria and required artifacts for test acceptance (test logs, issues disposition, sign-offs).
STIG Hardening and Security Control Implementation
- Which STIG baselines must be applied as part of hardening?
- Will automated vulnerability scanning and remediation (SCA tools) be used?
- Who will perform scanning and remediation activities (Seller, Customer, or joint)?
- What timeline is required to achieve baseline compliance prior to accreditation?
- Do you require full documentation for STIG compliance (SCA reports, mitigation plans, POA&Ms)?
- Specify acceptance criteria for STIG hardening (SCA pass thresholds, vulnerability severity limits, auditor sign-off).
-
Mutual Commit
Finalize contract modules, delivery milestones, SLAs, and who owns accreditation and acceptance obligations.
Agreement Modules
- Statement of Work (SOW)
- Master Services Agreement (MSA)
- Pricing & Funding Profile
- Delivery Milestones & Acceptance Schedule
- Service Level Agreement (SLA)
- Cybersecurity & Accreditation Responsibility Matrix
- Test & Evaluation Plan (T&E) / Acceptance Test Procedures (ATPs)
- Technical Annex / Interface Control Document (ICD)
- Data Rights, Intellectual Property & Export Control
- Change Order & Configuration Management Process
- Warranty, Maintenance & Sustainment Agreement
- Security & Personnel Clearance Commitments
- Subcontracting, Supply Chain & Flow‑Down Clauses
- Termination, Liability & Indemnification
- Acceptance & Handover Certification
-
Deployment
Operationalize rollout with readiness checks, accreditation gates, and outcome validation.
-
Pre-Deployment Readiness
Confirm cleared personnel, test environments, data access, RMF status, and risk mitigations before fielding.
Readiness Questions
Tell Us About Your Program—Start Simple
- What is the program name, primary mission, and who is the single POC we should coordinate with?
- Which milestone or acquisition decision event is driving this effort right now?
- What type of funding profile supports this program?
- Who is the program’s acceptance authority for operational fielding (rank/role and office)?
- Have you previously fielded an integrated C4ISR capability of comparable scope? Tell us briefly about that experience.
- What are the top three metrics you’ll use to judge whether the fielding succeeded (e.g., ATO date, latency, detection rate)?
Why This Program Keeps You Up at Night
- If you had to name one outcome that, if missed, would be judged a program failure—what is it and why would it matter?
- Which operational gaps do you feel are most likely to cause that failure?
- How often do those gaps surface during exercises or operations today?
- When these gaps appear, what is the typical downstream impact on mission outcomes or leadership decisions?
- Think of a recent incident where capability shortfalls mattered—what happened and how did it feel to your leadership and operators?
Where the Real Bottlenecks Hide
- Which single phase of your current acquisition or integration process silently consumes the most time and budget?
- Which dependencies outside your immediate control most often create schedule slip (e.g., 3rd-party vendors, cross-domain solutions, test ranges)?
- How well-defined are your integration boundaries and interface control documents (ICDs)?
- What recurring assumption in your program planning do you suspect is optimistic or wishful thinking?
- What small, concrete changes have you tried to remove bottlenecks—and what were the results?
If Accreditation Could Be Different
- What single part of the RMF / ATO process would you change if you could—paperwork, testing, authority behavior, or resource allocation?
- What is your current RMF step/status and what artifacts already exist (e.g., SSP, SCA, SAR, POA&M)?
- List any open POA&M items or high-severity findings that could block an ATO—what are they and how long to remediate?
- Who owns cybersecurity accreditation day-to-day—program office, PMO security lead, an integrator, or a separate ISSO team?
- How would delays in ATO impact your milestone dates or funding drawdowns?
A Day in Your Mission—When It Works
- Imagine commanders trust this capability fully—what specific decisions happen faster or better as a result?
- Which measurable signals would prove the capability is delivering those mission effects (e.g., reduced sensor-to-shooter latency, higher track correlation accuracy)?
- Who are the operator personas that must adopt this system, and how would you describe their tolerance for workflow change?
- Describe a mission scenario where the system’s presence would change the outcome—what does success look like in that event?
- What acceptance criteria would you set for a successful Operational Test or Site Acceptance Test?
People, Clearances, and Who Can Say Yes
- Who on your team must be present, cleared, and empowered to sign off on integration and accreditation decisions?
- Count or estimate cleared personnel available for hands-on integration, testing, and accreditation support across your sites.
- Are cleared contractor personnel allowed on-site to perform integration or do security constraints limit contractor activity?
- How confident are you that the right people will remain available across the next 6–12 months?
- What training or knowledge gaps exist today that would slow operator acceptance or maintenance after fielding?
Data, Environments, and What You'll Need to Test in the Real World
- How different are your test datasets and environments from what the system will face in theater—are we testing theater-representative inputs or lab-friendly samples?
- What constraints exist around using production or classified data for integration and OT (e.g., classification level, anonymization, CUI restrictions)?
- Which test environments are available and who controls them (e.g., range, lab, enclave, coalition testbed)?
- How frequently can you schedule integrated test events that include cross-domain or coalition partners?
- What would need to change in order to run a fully representative end-to-end test within 90 days?
Let’s Make Risk Tolerable—What Would You Trade?
- If you had to accept a single additional program risk to preserve your milestone and funding, what would you accept and why?
- How would you rank your program’s tolerance for each of these risks?
- What mitigation actions are already budgeted or planned for the top two risks you identified?
- Who is authorized to sign a risk acceptance memorandum or change request in your chain of command?
- If a mitigation needs external support (e.g., vendor changes, cross-service coordination), what’s your preferred path to escalate and resolve it?
Who Owns What When This Ships?
- Where does responsibility end for the integrator and begin for the government when it comes to accreditation, sustainment, and acceptance?
- Which sustainment model are you planning for—government logistics, contractor logistics support (CLS), or hybrid?
- What SLAs or performance guarantees would be non-negotiable for you post-fielding?
- Are there supply-chain or OEM obsolescence concerns we should flag now?
- Who is the single point accountable for operational acceptance after handover, and how will they measure readiness?
Ready for One Small, High-Value Step?
- What is the smallest, highest-impact activity we could take in the next two weeks to reduce your biggest unknown?
- Who must attend that activity and who has final authority to approve scheduling it?
- Realistically, when can that activity happen (choose the earliest feasible window)?
- How would you like us to follow up—brief summary, detailed action plan, or a proposal for scope and price?
- What three questions would you want answered before committing to that next step?
-
Deployment Enablement
Schedule factory integration, site installations, test events, and coordinate cross-domain teams with clear sequencing and owners.
-
Validation Checklist
Verify interoperability tests, cybersecurity accreditation artifacts, and operational acceptance against defined success signals.
Validation Questions
Start with the Mission: In One Line
- In one clear sentence, what top-line mission outcome must this capability deliver?
- Which operational domain(s) will this capability primarily affect?
- Who inside your organization will feel the payoff first (title/role)?
- On a scale, how urgent is delivering this capability within the next 12 months?
- When you picture this program succeeding, what feeling comes to mind—relief, confidence, pressure eased, or something else?
Are We Solving the Right Problem (Even If It Isn’t What You Asked For)?
- What assumption about the problem would you be most surprised to have proven wrong?
- Which of these statements best describes why the problem exists today?
- Tell us about a recent incident or exercise where capability gaps materially affected operations—what happened and why?
- How long has this capability gap persisted, and what efforts have been tried to close it?
- If we focused on the wrong problem for the next 12 months, what risk would that create for your program or mission?
The Outcomes That Matter — Not Just Features
- What single measurable change would prove to you that the capability is mission-useful (e.g., minutes shaved from sensor-to-shooter, percent increase in track accuracy)?
- Which of these operational effects are a must-have vs. nice-to-have for initial fielding?
- What trade-offs are acceptable between capability breadth (many features) and speed to field (deliverables by milestone)?
- Describe one scenario (real or plausible) where the offering must perform perfectly—what does success look like in that event?
- Which end-state would be most damaging if unmet—mission defeat, mission delay, or bureaucratic rejection (e.g., failed accreditation)?
How Will You Measure 'Mission Ready'?
- If you had to pick three objective success signals that an independent test board would accept, what would they be?
- Who signs off on each of those signals today (role/office)?
- How tight are the acceptance thresholds—are margins strict (zero-fail tolerances) or performance-banded?
- What historical evidence or past performance would help prove you can hit these signals (exercises, deployments, ATOs)?
- Are there politically or programmatically driven metrics that matter to stakeholders but won’t appear in technical tests? If so, what are they?
Funding, Timeline & Decision Pressure: The Invisible Deadlines
- What congressional or program milestone is the single non-negotiable deadline driving this effort?
- How likely is funding to be reprogrammed or delayed if milestones slip?
- Describe the funding profile (one-time, multi-year, incremental) and any constraints tied to fiscal year or line-item requirements.
- What would acceptance look like in a constrained-funding scenario—can capability be delivered in modular releases?
- Who ultimately controls funding decisions and which external stakeholders (e.g., higher HQ, DoD office, allied partner) influence the timeline?
Hidden Constraints and Red Lines — Tell Us What We Must Never Break
- What regulatory, accreditation, or policy constraints would immediately disqualify a proposed approach?
- Are there data sovereignty, classification, or partner-sharing limits that change how we design integration?
- Who enforces those red lines inside your organization, and how do they prefer to be engaged during design decisions?
- Have any prior vendors been rejected for policy or compliance reasons? If so, what was the cause?
- Which constraints are negotiable with adequate compensating controls, and which are absolute?
If This Succeeds, Who Owns the Win (and the Risk)?
- Who owns operational acceptance and long-term sustainment once the system is fielded?
- Which organization will maintain accreditation artifacts and be the point for ATO renewals?
- Where do you expect capability handover friction to occur (people, process, tech), and how has it shown up before?
- What level of training, documentation, and knowledge transfer must accompany fielding to prevent 'drop-off' after deployment?
- If an operational gap resurfaces after initial fielding, who has authority to pause or adjust fielded capability?
What Would Make You Say Yes (Realistically)?
- What evidence (tests, demos, references, cleared personnel) would make you comfortable awarding a contract or moving to prototype?
- How important are vendor security posture and cleared staff compared to pure technical performance?
- What unresolved questions would cause you to delay commitment even if technical tests pass?
- What timeline for decision-making feels realistic after a technical demonstration—days, weeks, or months?
- If we brought a proposed path that meets your top three success signals, what would be the minimal contractual element you’d want in place to move forward?
Closing the Loop: Immediate Next Steps and Shared Risks
- What immediate actions would you like us to take after this discovery (e.g., draft success criteria, run a scenario workshop, schedule an interoperability demo)?
- Who should be on the core working group to move those actions forward (names/roles), and how often can they meet?
- What would make you feel confident we are treating program risk as shared rather than shifted onto your team?
- Is there any sensitive information, stakeholder dynamic, or political reality we should respect while we co-create the path forward?
- Finally, what is the preferred way to capture ongoing concerns and small wins during the next phase—regular report, shared channel, or embedding a liaison?
-
-
Success
Confirm mission outcomes, capture lessons learned, and maintain a shared channel for issues and enhancements.
Success Reviews
- Mission Outcomes Confirmation
- Operational Acceptance Board (OAB)
- Lessons Learned Retrospective
- Issues, Enhancements & Shared Channel Onboarding
- Sustainment & Enhancement Roadmap Planning
Issues & Enhancements
- Publish triage SOP and SLA matrix to the channel and ensure stakeholders acknowledge receipt.
- Convert lessons into a prioritized set of improvement actions with owners and delivery dates.
- Identify which artifacts (CONOPS, test plans, SLAs, runbooks) require formal updates and assign responsibility.
- Publish the Lessons Learned Report and distribute to program leadership, contracting, and technical teams.
- Update the program ConOps, runbooks, and training materials based on prioritized lessons.
- Schedule a change-control review for any contract or SOW updates required to institutionalize improvements.
- Review Current Issue & Enhancement Inventory
- Establish a single, accessible shared channel for issues and enhancements with defined access and classification.
- Agree triage rules, SLAs, and escalation paths so customers and sustainment teams have clear expectations.
- Populate the channel with the existing backlog and assign immediate owners for high-severity items.
- Provision the agreed shared channel, invite stakeholders, and import the current backlog within 3 business days.
- Introductions & Meeting Objectives
- Assign owners for top 5 high-severity open items and schedule initial remediation checkpoints.
- Context: Funding Profile & Milestone Constraints
- Produce an agreed 12-month sustainment and enhancement roadmap with prioritization and tentative milestones.
- Identify which roadmap items require contract modifications or additional funding and owners to pursue them.
- Establish a quarterly roadmap review cadence and stakeholder list for ongoing governance.
- Publish the signed roadmap with RAG status for each item and deliverable owners.
- Initiate contract modification or funding requests for roadmap items that require additional obligations.
- Schedule the first quarterly roadmap review and circulate pre-read materials two weeks prior.
- Obtain formal customer acceptance for delivered mission outcomes where success signals are met.
- Document any variances with quantified mission impact and agree mitigations, owners, and timelines.
- Produce a one-page outcomes summary to serve as the canonical closeout artifact for the program office.
- Publish the formal Outcomes Summary and attach acceptance signatures to the program record.
- Create a tracked list of variances with owners, mitigations, and target close dates.
- Schedule follow-up validation check for conditional acceptances within the agreed timeline.
- Pre-work Verification & Agenda Review
- Secure a documented operational acceptance decision from the board for program close or conditional actions.
- Ensure RMF/accreditation responsibilities and residual risk owners are clearly assigned in writing.
- Define an escalation path for any unresolved items requiring executive-level intervention.
- Record and archive the OAB decision package including votes, dissenting opinions, and required corrective actions.
- Assign accreditation and RMF follow-on tasks to named individuals with milestone dates.
- If required, convene an executive escalation meeting within 7 business days to resolve blocking issues.
- Set the Frame & Review Objectives
- Document top 5 lessons with root causes and evidence to be shared with program stakeholders.
- Define Triage & Prioritization Rules
- Timeline Recap & Key Events
- Operational Validation Presentation
- Executive Summary of Delivered Outcomes
- Capture Candidate Enhancements & Sustainment Needs
- Evidence Walk-through
- Prioritization Against Mission Impact & Funding
- What Went Well / What Went Poorly (Breakouts)
- Select & Configure Shared Channel Tooling
- Risk & RMF Status Confirmation
- Formal Vote & Outcome Recording
- Resourcing, Contract & Schedule Implications
- Assign Governance Roles & Escalation Paths
- Root Cause Analysis
- Variance & Impact Analysis
- Roadmap Approval & Quarterly Review Cadence
- Acceptance Decisions & Signatures
- Action Prioritization & Institutionalization
- Onboarding & Next Steps