Federal-Style Military Software Factory: A 2026 Guide to Group‑Institute‑Department Architecture

Three Maturity Stages of Software Factories

Software factories evolve through three stages: Zero‑scattered (each institute or department builds its own stack), Centralized (a group‑wide base is shared and institutes run local factories), and Federal (the mature form where the group provides only a shared base and institutes run domain‑specific factories). The stages are evolutionary, not mutually exclusive.

Federal Model Reference from the U.S. Military

More than 50 U.S. DoD factories have operated the federal model for over five years. The model consists of a shared Platform One base, a layer of domain factories, and numerous Tiger Teams that execute specific mission tasks. Platform One supplies four core services: Iron Bank (hardened container image repository), Big Bang (DevSecOps reference architecture), Party Bus (multi‑level network isolation), and Repo One (code and artifact hosting).

Roles of the Three Layers

Group layer builds the base and does not run factories. It provides five essential assets: a hardened image repository, a DevSecOps reference architecture, multi‑level network access specifications, a triple‑compliance interface (GJB 5000B, CSRC 2.0, New Cybersecurity Law 2026), and shared code/model/dataset stores.

Institute layer runs domain factories. Each institute adds specialized tools (e.g., radar simulation, satellite ground‑station testing, navigation fusion, electronic‑countermeasure simulation, ship‑control integration), maintains a "model × platform" template library, trains platform/security/MLOps engineers, and implements institute‑specific compliance extensions on top of the group base.

Department layer forms Tiger Teams of 6‑15 cross‑functional engineers. Teams do not build independent factories; they consume institute factories via the shared base, focusing on end‑to‑end model delivery (design, coding, testing, deployment, operation, monitoring). Teams can rotate across departments to grow expertise.

Interface Contracts

Group → Institute contracts (mandatory): hardened‑image API, reference‑architecture package, compliance‑evidence API, code/model/dataset API, multi‑level network API.

Institute → Department contracts (mandatory): pipeline integration specification, template‑library usage rules, domain‑tool API, exception‑escalation path.

Institute ↔ Institute (horizontal) contracts: model‑repository sharing standards, dataset‑exchange protocols, engineer‑rotation mechanisms, best‑practice diffusion processes.

Evolution Roadmap to the Federal Model

Step 1 – Group builds a base MVP : deliver hardened image repo and DevSecOps reference architecture; validate with 1–2 institutes.

Step 2 – Select pilot institutes : choose 1–2 institutes with strong information‑technology foundations; run a complete domain‑factory iteration and pass compliance audit.

Step 3 – Pilot departments join : form Tiger Teams in 1–2 pilot departments, integrate with institute pipelines, and achieve stable delivery for at least six months.

Step 4 – Horizontal replication & base evolution : replicate the successful institute model to other institutes while continuously extending the group base (additional compliance interfaces, shared repositories, multi‑level network access).

Common Misalignments

Group tries to act as a total‑factory, keeping all decision power – KPI should shift from tool count to reuse rate.

Institutes or departments build isolated factories without a shared base – the base must precede local factories.

Skipping the institute layer and letting the group manage departments directly – institutes provide essential domain expertise and mediation.

Governance Model

Three authority types govern the federation:

Pass authority : group approves images and tools; institutes approve models; departments approve internal team decisions.

Block authority : any violation of security or compliance can be halted at the appropriate layer; third‑party audits can also block.

Override authority : explicitly prohibited – any attempt to bypass a higher‑level contract must be escalated, ensuring all overrides are recorded and audited.

Adhering to these contracts and governance rules is the decisive factor for a federal software factory to function, rather than merely existing on paper.