https://armypubs.army.mil/epubs/DR_pubs/DR_a/ARN44571-PPM_CIO-076-000-WEB-1.pdf
DEPARTMENT OF THE ARMY
CHIEF INFORMATION OFFICER
107 ARMY PENTAGON
WASHINGTON DC 20310-0107
ADD-GOV-DS-076
SAIS-ADD (25-1rrrr) 31 July 2025
MEMORANDUM FOR SEE DISTRIBUTION
SUBJECT: Army Low-Code/No-Code Development Guidance
1. References. See enclosure.
2. Purpose. This memorandum establishes Army-wide guidance on the creation, use,
and governance of Low-Code/No-Code (LCNC) platforms—
3. Background.
a. Reference 1a emphasizes agile software development and leveraging the latest
Commercial Off-the-Shelf (COTS) technology.
b. Industry advancements have led to an increase in secure, easy-to-use LCNC
solutions, with the primary principles behind these solutions allowing for development
without exposing the system’s source code of the system.
c. The Army must modernize hundreds of defense business systems that primarily
perform routine or common transactional functions. Several of these functions could be
streamlined using LCNC solutions, leveraging APIs to authoritative data sources.
d. To increase speed and efficiency implementing solutions to Army business
functions and mission areas while ensuring governance and cybersecurity compliance,
the Army is developing an ecosystem that includes:
(1) LCNC solutions—Allowing rapid solving of organizational problems and
eventually replacing legacy programs of record that can’t adapt to user needs as
rapidly.
(2) Data Platforms—In accordance with reference 1b, providing a means by
which to query, provision, wrangle, and ingest data for use in data product creation, in
which LCNC solutions have a key role, conforming to reference 1c, as per reference 1d.
(3) DevSecOps Tools—Ensuring interoperability with reference 1e, integrating
LCNC solutions into existing development pipelines
SAIS-ADD (25-1rrrr)
SUBJECT: Army Low-Code/No-Code Development Guidance
4. Platforms. Army Enterprise LCNC platforms enable users to create a variety of
solutions through configuration of out-of-the-box features that require minimal software
development skills. All LCNC Platforms should—
a. Utilize Army enterprise services (e.g., Identity, Credential and Access
Management (ICAM), cArmy, Army Data Platforms).
b. Operate within clear cybersecurity boundary set by hosting platform, as part of
the hosting platform’s Authority to Operate (ATO) process. As a result, individual
commands do not require a separate ATO for each solution.
c. Incorporate data portability, interoperability standards as per reference 1c, and
open Solution Programming Interface (API) requirements within Army security
boundaries, allowing the sharing of data products. (Applies to enterprise solutions.)
5. Platform Adoption. The Department of the Army views the rapid adoption of
scalable, secure, LCNC platforms as an essential component of enhancing readiness
and modernizing the Force. Accelerating the adoption of these technologies is essential
and requires the barriers to entry to be significantly lowered.
6. Definitions.
a. LCNC Platforms enable users to create end-user facing applications using rapid
development tools and by configuring out-of-the-box features, requiring minimal
software development skill or experience.
b. LCNC Application allows an end-user to perform specific functions within a
broader business or mission process and is focused on ease of use and enabling the
expeditious completion of the task. LCNC Applications are hosted within an LCNC
Platform.
7. Policy.
a. Process for Identification.
(1) PEOs or Army Commands shall submit requests to the CIO for promotion of
LCNC Platforms to the enterprise level.
(2) CIO will elevate existing LCNC Platforms for enterprise use and expansion
when necessary.
2
SAIS-ADD (25-1rrrr)
SUBJECT: Army Low-Code/No-Code Development Guidance
(3) The process for nominating LCNC Platforms for enterprise-wide use
proceeds as follows—
(a) The Functional Owner or the Command identifies a Platform, which could
become an enterprise-wide offering, and nominates to the Enterprise Cloud
Management Agency (ECMA) Cloud Governance Council for broader use.
Alternatively, the CIO may select solutions for potential enterprise-wide adoption.
(b) ECMA will identify the process to assess the technical viability of the
Platform.
(c) ECMA provides a recommendation for enterprise-wide adoption as well as
identifying a deployment pattern, business model (e.g., charge back, show back),
baseline and above baseline services, licensing model, and Platform Operator.
(d) CIO makes determination.
(4) Licensing considerations: The CIO will work with the Army Acquisition
Executive to address licensing considerations for LCNC Platforms at scale.
8. Relationship to previous policy: The following data platforms and unified network
enterprise service are considered as approved LC/NC platforms—
a. The six Army Data Platforms (Army Vantage, Army Intelligence Data Platform,
ADVANA, Gabriel Nimbus, the Army Resource Cloud, cPeople/Person Event Data
Environment)
b. Army 365, built into base image for every Army user in the form of Microsoft 365
Suite.
9. Roles and Responsibilities.
a. Application Sponsor. Functional stakeholder responsible for application
requirements, funding, and oversight. Also identifies processes or solutions that can be
moved to an LCNC Platform.
b. Application Owner. Responsible for maintenance and governance of an
application implemented within an LCNC Platform. Data Security and access control:
manage data access.
c. Platform Sponsor. Responsible for providing executive sponsorship, validating
requirements, and championing funding requests.
3
SAIS-ADD (25-1rrrr)
SUBJECT: Army Low-Code/No-Code Development Guidance
d. Platform Owner. The System Owner for the Platform and ensures security,
governance, and functionality of the platform, in accordance with reference 1f, to
maintain compliance with acquisition policies, and will—
(1) Ensure compliance with references 1g and 1h to align with existing
standards and security requirements. Include detailed risk assessment protocols from
reference 1h, supplemented with continuous monitoring activities from reference 1i.
(2) Ensure compliance with reference 1h to ensure platform-specific skills,
cybersecurity awareness, and governance knowledge. Include certification programs
and continuous learning opportunities.
(3) Provide quarterly performance reports to the Army CIO’s office, ensuring
alignment reference 1i and reference 1g. Incorporate standardized Key Performance
Indicators (KPIs) aligned with references 1a and 1f, covering deployment speed, user
adoption, and cybersecurity incident reduction.
(4) Regular Security Assessments: conduct regular vulnerability assessments,
penetration testing, and configuration and code reviews, even within the constraints of
the LCNC environment.
(5) Manage the fully burdened cost of operation and as appropriate nominate a
billing structure for users for CIO approval.
(6) Identify and track usage of the LCNC platform.
(7) Establish a clear and transparent onboarding process.
(8) Provide onboarding assistance to functional stakeholders.
(9) Clearly document system capabilities, usage requirements, and sources for
training.
e. The Army Chief Information Officer will—
(1) Be a Platform Sponsor and designate Platform Owners.
(2) Charter LCNC Platform governance forums and set authorities, roles, and
responsibilities.
4
SAIS-ADD (25-1rrrr)
SUBJECT: Army Low-Code/No-Code Development Guidance
(3) Ensure governance will include periodic reviews and reporting to Army IT
steering committees.
(4) Nominate, when necessary, to ASA(ALT) LCNC solutions to replace legacy
programs.
(5) Through a business management office, coordinate with LCNC Platform
owners, and provide guidance on, oversee, and approve LCNC business models and
rates.
(6) Provide guidance to both functional stakeholders and system owners on
LCNC capabilities, advancements, and changes.
(7) With LCNC system owner support, provide as needed during LCNC
capability maturation “triage” like teams to assist functionals with onboarding to LCNC
capabilities.
f. Authorizing Official (AO) will—
(1) Establish an authority to operate and ensure proper cybersecurity for LCNC
Platforms.
(2) Certify LCNC Platforms for operational use such that each LCNC Application
inherits security controls and does not require a separate certification process or ATO.
(3) Evaluate security risks, ensure compliance with cybersecurity policies, and
issues security authorization decisions.
g. Functional Sponsor. A senior leader/commander responsible for overseeing
business operations improvements and ensuring mission alignment. The Function
Sponsor directs solution analysis, engages stakeholders, allocates resources, accepts
risk, and validates the Platform meets business needs and delivers expected benefits.
10. Duration.
a. This memorandum remains in effect until superseded, rescinded, or incorporated
into Army regulations.
b. The CIO’s office will review this memorandum annually to assess the need for
updates.
5
SAIS-ADD (25-1rrrr)
SUBJECT: Army Low-Code/No-Code Development Guidance
11. Point of Contact.
a. CIO Policy Inbox: usarmy.pentagon.hqda-cio.mbx.policy-inbox@army.mil
b. Mr. Thomas M. Sasala, (571) 256-4841, thomas.m.sasala.civ@army.mil
Digitally signed by
GARCIGA.LE GARCIGA.LEONEL.T.1
ONEL.T.1186 186170411
Date: 2025.07.31
170411 14:05:20 -04'00'
Encl LEONEL T. GARCIGA
Chief Information Officer
DISTRIBUTION:
Principal Officials of Headquarters, Department of the Army
Commander
U.S. Army Forces Command
U.S. Army Training and Doctrine Command
U.S. Army Materiel Command
U.S. Army Futures Command
U.S. Army Pacific
U.S. Army Europe and Africa
U.S. Army Central
U.S. Army North
U.S. Army South
U.S. Army Special Operations Command
Military Surface Deployment and Distribution Command
U.S. Army Space and Missile Defense Command/Army Strategic Command
U.S. Army Cyber Command
U.S. Army Medical Command
U.S. Army Intelligence and Security Command
U.S. Army Corps of Engineers
U.S. Army Military District of Washington
U.S. Army Test and Evaluation Command
U.S. Army Human Resources Command
U.S. Army Corrections Command
Superintendent, U.S. Military Academy
Commandant, U.S. Army War College
Director, U.S. Army Civilian Human Resources Agency
Executive Director, Military Postal Service Agency
Director, U.S. Army Criminal Investigation Division
Director, Civilian Protection Center of Excellence
(CONT)
6
SAIS-ADD (25-1rrrr)
SUBJECT: Army Low-Code/No-Code Development Guidance
DISTRIBUTION: (CONT)
Superintendent, Arlington National Cemetery
Director, U.S. Army Acquisition Support Center
CF:
Principal Cyber Advisor
Director of Enterprise Management
Director, Office of Analytics Integration
Commander, Eighth Army
7
REFERENCES
a. AD 2024-02 (Enabling Modern Software Development and Acquisition Practices).
(Available at https://armypubs.army.mil/epubs/DR_pubs/DR_a/ARN42696-
ARMY_DIR_2024-02-000-WEB-1.pdf)
b. Army Acquisition Executive and Army CIO memorandum (Data Platforms Guidance),
1 March 2024. (Available at
https://armypubs.army.mil/epubs/DR_pubs/DR_a/ARN41173-PPM_CIO-001-DRB-000-
WEB-1.pdf)
c. ASA (ALT) and CIO document (Army Unified Data Reference Architecture), v1.1,
6 January 2025. (Available at https://armyeitaas.sharepoint-mil.us/:u:/r/sites/ASA-ALT-
DASA-DESPlaybooks/SitePages/UDRA-Digital-Model.aspx?csf=1&web=1&e=uFU2Bp)
d. ASA (ALT) memorandum (Army Unified Data Reference Architecture Conformance
Policy), 25 October 2024. (Available at https://armyeitaas.sharepoint-mil.us/sites/ASA-
ALT-DASA-DESPlaybooks/SitePages/UDRA-Policy-and-Conformance-
Assessment.aspx?csf=1&web=1&e=bRmrfm&CID=52dfc9c8-1c8e-490e-9b28-
f54f924f1e69)
e. CIO memorandum (Army Development, Security, and Operations Platform
Certification), 12 December 2024. (Available at
https://armypubs.army.mil/epubs/DR_pubs/DR_a/ARN42685-PPM_CIO-049-000-WEB-
1.pdf)
f. DoDI 5000.87 (Software Acquisition Pathway).
g. AR 25-1 (Army Information Technology).
h. DA Pam 25-2-14 (Risk Management Framework for Army Information Technology).
i. CIO memorandum (Army Risk Management Framework for Cloud Assessment and
Authorization Implementation), 30 September 2024. (Available at
https://armypubs.army.mil/epubs/DR_pubs/DR_c/ARN42237-PPM_CIO-041-000-WEB-
1.pdf)
j. DoDI 5000.75 (Business Systems Requirements and Acquisition).
ENCLOSURE