Department of the Air Force logo. DAF issued a new memorandum classifying SaaS as a commodity-based subscription service.
DAF issued a new memorandum classifying software-as-a-service as a commodity-based subscription service.
"Seal of the U.S. Department of the Air Force," by Arthur E. DuBois, https://www.dcms.uscg.mil, Licensed under Public domain
//

Air Force Issues New Guidance on SaaS Procurement, Usage

3 mins read

The Department of the Air Force has issued a new memorandum that classifies software as a service as a commodity-based subscription service rather than a licensed software asset.

In a LinkedIn post, the DAF chief information officer said the policy change shifts the department’s focus to usage, consumption and performance, unlocking real-time visibility into SaaS utilization, centralized procurement and cost control, stronger alignment with zero trust and data ownership mandates, and reduced sustainment burden on the workforce.

Unlike traditional licenses, which grants ownership of the product, SaaS provides only access to applications. That distinction, according to the memo, makes it critical for the service to closely monitor usage, consumption and associated costs.

The directive outlines new standards for acquiring, managing and tracking SaaS across the Air Force enterprise. By tightening procurement rules and mandating enterprise-level oversight, the service aims to improve cost control, strengthen data governance and ensure consistent security practices for cloud-based platforms that support mission operations.

Centralized Procurement and Oversight

To eliminate fragmented purchases, SaaS subscriptions may no longer be added as contract line items or other direct costs under larger agreements. Instead, they must be procured through separate contracting actions or established enterprise vehicles. Program offices are directed to check the Enterprise Service Catalog before pursuing new subscriptions, with exceptions requiring approval from the Air Force CIO.

Data Control and Usage Tracking

Vendors must guarantee government ownership of all data created under SaaS agreements and provide near-real-time reporting on subscriptions and usage. This approach is intended to provide leaders with visibility at both the individual and enterprise levels.

Monitoring and Platform Health

The guidance requires tracking of usage against purchased quantities, allocations and consumption rates. If demand exceeds contracted levels, adjustments must be coordinated with the CIO. Vendors are also required to support platform health checks at no additional cost, covering areas such as security patching, user activity and compliance.

Limits on Customization

The memo clarifies that while the basic configuration of SaaS platforms is permitted, custom code or unapproved modifications are not. Any expanded functionality must receive prior approval from the CIO to prevent security risks and ensure uniformity.

Alignment With Defense Acquisition Policy

SaaS offerings supporting mission operations will be governed as Defense Business Systems or National Security Systems, ensuring compliance with Department of Defense acquisition and lifecycle management standards.

Related Articles

Pete Hegseth. The defense secretary announced reforms aimed at boosting warfighter readiness.
Defense Secretary Details Reforms to Strengthen DOD Warfighting Readiness

Defense Secretary Pete Hegseth, a 2025 Wash100 Award recipient, has unveiled new directives aimed at reshaping the culture and standards of the Department of Defense during a 45-minute address to senior military leaders at Quantico, Virginia. Hegseth outlined reforms that he said will restore focus on warfighter readiness, discipline and leadership, DOD said Tuesday. “The topic today is about the nature of ourselves because no plan, no program, no reform [and] no formation will ultimately succeed unless we have the right people and the right culture at the Department of War,” Hegseth told the audience, underscoring his view that the

Zachary Terrell. Terrell was named chief technology officer at the Department of Health and Human Services.
Zachary Terrell Appointed CTO of Department of Health and Human Services

Zachary Terrell has been named chief technology officer of the Department of Health and Human Services, FedScoop reported Monday. Three anonymous officials confirmed his designation, which aligns with HHS’ broader restructuring of its technology operations under Secretary Robert Kennedy Jr. This effort includes consolidating IT offices and implementing ChatGPT department-wide, highlighted by an OpenAI agreement with the General Services Administration to provide agencies with ChatGPT access for $1 each over the next year. DOGE Background and NSF Involvement Terrell previously held a role related to the Department of Government Efficiency at HHS and the National Science Foundation, where he was involved

National Institute of Standards and Technology's logo. NIST published drafts of its proposed guidance for securing CUI
NIST Releases Draft Guidance on Securing Controlled Unclassified Information for Public Comments

The National Institute of Standards and Technology has published drafts of new guidance for securing controlled unclassified information, or CUI. The agency is seeking public feedback on Special Publications 800-172r3, or Enhanced Security Requirements for Protecting Controlled Unclassified Information, and 800-172Ar3, or Assessing Enhanced Security Requirements for Controlled Unclassified Information. The drafts represent the third revision of the guidance, which NIST began updating in 2024. The documents provide enhanced security requirements and flexible assessment procedures for upholding the confidentiality, integrity and availability of CUI in nonfederal systems and organizations. What NIST Wants to Know The agency is specifically seeking feedback