Lean-Agile Configuration and Change Management: Maintaining Structure and Process While Embracing Agile and Being Responsive to Change at the Speed of Relevance

U.S. Army Acquisition Support Center

Courtesy Story

Date: 04.29.2026

Posted: 05.04.2026 08:19

News ID: 564278

Category: Innovation

Winner

by Kelly A. Rutherford

Executive Summary

Foreign Military Sales-Army Case Execution System (FMS-ACES) Product Office at U.S. Army Capability Program Executive Enterprise Software and Services (CPE ES2) has fundamentally transformed how the Army manages software changes and configurations in a complex, high-stakes environment. By pioneering the Lean Agile Configuration and Change Management (LACCM) process, the team cut the change adjudication cycle from weeks to less than 24 hourswhile preserving auditability, configuration control and compliance with Department of War and Army policy.

This innovation is not merely procedural—it represents a cultural shift in how Agile methods, DevSecOps practices and Information Technology Infrastructure Library (ITIL) based compliance requirements can coexist in a military acquisition environment.The LACCM process embeds configuration and change decisions directly within Agile sprint activities, empowering technical experts’ immediate authority to resolve issues, prioritize fixes and plan enhancements without the need for burdensome review boards, while maintaining Product Office oversight. The process has already improved communication with stakeholders, increased the speed of capability delivery and reduced administrative work through automation, while improving compliance with the Risk Management Framework (RMF) and ITIL requirements.

The result is a noteworthy achievement:the first Army program to deliver a scalable, auditable, LACCM model for software acquisition—one that not only accelerates modernization of Army systems, but sets a precedent for adoption by all software programs. The FMS-ACES program has fully incorporated the most current Agile best practices used by industry leaders, while demonstrating how software development programs can more efficiently meet congressional and military requirements.

Program Scope and Significance

As referenced within Executive Order 14268 (“Reforming Foreign Defense Sales to Improve Speed and Accountability”), FMS is a cornerstone of U.S. national security and foreign policy, supporting allied nations with defense capabilities, while ensuring interoperability with the U.S. military. The Army’s legacy Centralized Integrated System – International Logistics (CISIL), built on Common Business-Oriented Language (COBOL) in the 1980s, has long been the backbone of case management for Army FMS. But after five decades of use, CISIL is outdated, difficult to maintain and incapable of supporting cloud migration, cybersecurity requirements, modern data transparency needs or the potential for advances in artificial intelligence. The Defense Security Cooperation Agency’s (DSCA) Case Execution Modernization Initiativeaims to modernize security assistance across the military services through a federated approach. DSCA and the Army will realize this intent through the decommissioning of CISIL and consolidation of Army reports and the case management application into one modern solution: FMS-ACES.This modernization supports:

Billions of dollars in FMS transactions annually, impacting Army readiness and global partner relationships.
A multitiered stakeholder base, from the Army Security Assistance Enterprise (ASAE) to command level users and partner governments.
Continuous modernization aligned with Department policy related to digital transformation, ensuring cloud-native, secure and auditable systems.

The desired end state is a modern, transparent and standardized solutionthat improves execution of every Army FMS case. Against this critical mission backdrop, the FMS-ACES team needed to reinvent traditional Configuration and Change Management (CCM) to meet the need for continuous software modernization in support of military commanders.

The Challenge: A Gap in Guidance and Practice

When FMS-ACES entered the execution phase of the Software Acquisition Pathway (DoDI 5000.87) in September 2024, no clear guidance existedfor Agile configuration and change management within the Army. The program faced competing demands:

Stay compliant with Army and CPE ES2 (formerly PEO Enterprise) directives mandating integration of Agile practices across the life cycle.
Maintain control and traceability of changes across a high-visibility program with significant congressional, foreign partner and Department oversight.
Deliver cutting-edge capability at the speed of relevance—acting quickly and decisively within the changing context of threats, technology and information to achieve mission objectives—while maintaining strict auditability.

The challenges were compounded by:

Institutional inertia:Stakeholders accustomed to traditional configuration control boards involving lengthy deliberations and a rigid meeting cadence.
Legacy integration:CISIL and associated systems had sparse documentation, incongruent data structures and interfaces that complicated modernization.
Absence of lessons learned: Limited industry experience in terms of Agile CCM on a military scale.

In short, FMS-ACES had to create the modelfor a LACCM process that blended rigor, agility, speed and auditability—a challenge no other program had fully solved.

Creation of FMS-ACES LACCM

In February 2025, the FMS-ACES Product Office convened a two-day workshop to design and codify a new paradigm: the LACCM process.This pioneering framework embodies four critical goals:

Agility:Embed configuration/change decisions into day-to-day sprint collaboration.
Governance:Auditable traceability that complies with ITIL and RMF requirements.
Scalability:General, adaptable model which Army and other government programs can adopt.
Adaptability:Integrate lessons learned and adapt continuously without bureaucratic limitations.

How LACCM Works

The LACCM process is a balanced integration of traditional CCM strengths (control, accountability) and Agile/DevSecOps advantages (speed, automation, collaboration) with additional efficiencies. Aspects of Traditional & Agile Configuration Management Compared to the LACCM Process

Key Differentiators:

Elimination of recurring CCM boards:Adjudication occurs organically during daily collaboration by technical experts, drastically reducing scheduled meetings.
Automation and tools:DevSecOps tools serve as the single source of adjudication, documentation and audit traceability for the life of the change.
Speed of adjudication:Proposed changes are reviewed, commented upon and adjudicated within 24-hours, compared to weeks or months in legacy models.
Integrated compliance:Audit, risk management and configuration documentation is generated in real time, eliminating cumbersome audit preparation cycles.
Scalability:Any team member can propose or comment on changes, while approvals follow a clear Responsible, Accountable, Consult, Inform (RACI) model with final authority vested in the Product Lead.

Examples of LACCM impact include:

Faster fixes:A defect identified by users during testing was adjudicated, prioritized and deployed as a fix within a single sprint using LACCM, compared with months of waiting under a traditional review board model.
Audit readiness:All configuration changes now have embedded digital records, eliminating hours of manual preparation for annual Functional and Physical Configuration Audits.
Stakeholder collaboration:Cross-functional teams, including the Government Product Office, operational community and technical integration providers, can adjudicate multiple proposed changes simultaneously within the same system.
Mission continuity:The ability to rapidly implement secure, auditable fixes for urgent changes without delay, ensuring uninterrupted operations.

Outcomes to Date

Since LACCM’s adoption in spring 2025, FMS-ACES has realized measurable, mission-relevant benefits:

Cycle time:Reduced change adjudication from multiweek board schedules to 24-hour resolution.
Efficiency:Cut administrative workload by over 75% through DevOps automation and elimination of recurring “review board” meetings.
Consistency:Ensured traceability and compliance with the RMF, ITIL and Army directives with auditable digital trails.
Stakeholder alignment:Improved transparency across ASAE stakeholders, fostering trust and collaboration.
Speed to delivery:Shortened time from defect identification to deployed solution by more than 50%.

Perhaps the most important achievement is not procedural but cultural: LACCM proves that governance and efficiency are not mutually exclusive. Whereas traditional CCM approaches in acquisition emphasized control at the expense of speed, FMS-ACES demonstrated that:

Automation enables both speed and rigor.
Decentralization improves ownership and quality.
Cross-functional collaboration strengthens compliance.
Process efficiency can be increased over time as lessons learned are applied.
This model sets a new cultural benchmark for the Army and potentially all of government and industry: control without bureaucracy, speed without sacrificing accountability.
Significance of the LACCM process.
First-of-its-kind modelin Army Agile software acquisition, created without precedent or clear guidance.
Demonstrated enhancement to industry best practices in advance of changes to Department policy.
High impact on mission,directly supporting the Army’s ability to manage billions of dollars in FMS cases critical to U.S. foreign policy.
Exportable frameworkthat can serve as the baseline for Army and broader federal government, with potential for industry-wide adoption of efficient CCM approaches using an Agile mindset.
Sustainable cultural changethat replaces outdated bureaucratic practices with efficient, collaborative, auditable processes.
Direct warfighter impactby accelerating operational capability delivery to partner nations and the ASAE.

Prior to LACCM, a simple interface update or defect fix could languish in a review pipeline for weeks. Subject matter experts had to justify changes in lengthy documentation packages, wait for configuration control boards to convene (often monthly) and risk miscommunication since decisionmakers were often not in direct communication with technical experts. This mismatch wasted time, created risk of errors and frustrated stakeholder customers.

LACCM turned this paradigm upside down.By embedding configuration review into daily Agile activities, experts are empowered to take ownership of changes. The process is not imposed externally; it is owned by the Sprint team itself. This sense of ownership increases accountability, speeds delivery, and ensures quality, because the people closest to the work make and validate the decisions.

Additionally, the use of DevOps automation tools means documentation is created and preserved organically as part of normal workflows. This innovation eliminated the duplicative step of creating “audit packages” after the fact. Instead, compliance is achieved continuously, on demand, and demonstrably within systems to which auditors obtain direct access. This “shift left” of governance tasksis revolutionary in the Departmental context, where oversight demands are high, but agility is often constrained. By shifting governance activities into standard workflows, FMS-ACES not only gains speed but reduces the risk of findings during audits and inspections.

Broader Implications and Future Impact

The broader significance of the LACCM process lies in its adaptability. Because it is not program-specific, it can:

Be adopted across any system,creating a common baseline Agile CCM model.
Inform government and industry best practices,filling a gap in existing standards and guidance.
Serve as a playbook for other programsexecuting under the Software Acquisition Pathway with Agile and DevSecOps mandates.

The FMS-ACES Product Lead has already shared lessons learned with other Army programs exploring Agile CCM approaches. Early indicators suggest FMS-ACES is paving the way for enterprise adoption.

Summary

FMS-ACES has achieved something remarkable. Faced with no precedent, incomplete guidance and high-stakes mission demands, the program created the LACCM process—an innovation that transformed adjudication timelines, automated audit compliance, reduced administrative burden and accelerated mission delivery. The LACCM process is a cultural and technological breakthrough—proof that agility and accountability can coexist in Army software acquisition. It has already delivered measurable results for the program, and its potential for government-wide scalability makes it a model for the future. The FMS-ACES LACCM process represents the rare combination of technical ingenuity, leadership and mission impact that not only advances a single program but reshapes how the government approaches software modernization.

KELLY RUTHERFORD is the product lead for FMS-ACES within the Acquisition, Training and Readiness (AT&R) portfolio at U.S. Army CPE ES2. She is responsible for delivering a fully functional and modernized, cloud-native, auditable system for the Army in support of the DSCA 2025 Strategic Goal #3 to improve the effectiveness and efficiency of the Security Cooperation Enterprise. She is also responsible for overseeing the modernization of the legacy CISIL and the consolidation of functionality in ancillary applications to improve CISIL processes and user interfaces.