The Joint Warfighting Cloud Capability (JWCC) is DoD's primary enterprise cloud contract vehicle — the mechanism through which defense agencies purchase cloud infrastructure and services from Amazon Web Services, Microsoft Azure, Google Cloud, and Oracle at enterprise scale. For small business IT contractors, JWCC matters even though small businesses do not hold JWCC directly: the work flowing through JWCC creates subcontracting opportunities, and understanding how JWCC functions is essential for positioning your business correctly to capture that work.
What JWCC Is and How It Works
JWCC is a multiple-award indefinite delivery/indefinite quantity (MA-IDIQ) contract awarded in December 2022 to four cloud service providers (CSPs): AWS, Microsoft Azure, Google Cloud, and Oracle. The contract runs through February 2028.
Under JWCC, DoD components (agencies, programs, combatant commands) issue task orders to one or more of the four CSPs for cloud infrastructure and services. JWCC replaced the contested JEDI contract and was designed to enable DoD components to leverage multiple clouds simultaneously rather than a single-vendor lock-in.
What is purchased through JWCC:
- Cloud infrastructure (compute, storage, networking) at all impact levels
- Platform services (managed databases, container services, serverless)
- Cloud-native security services
- Professional services directly related to cloud implementation (when ordered as part of a cloud service)
What is NOT typically purchased through JWCC:
- Custom software development (this goes through IDIQ vehicles like OASIS+, CIO-SP4, or direct awards)
- Cybersecurity services not directly tied to cloud platform management
- IT staffing and staff augmentation
This distinction matters for small businesses: the custom software development, DevSecOps engineering, and compliance work that runs on JWCC-procured cloud infrastructure is not typically procured through JWCC itself. It flows through separate IT services vehicles where small businesses compete directly.
How Small Businesses Engage with JWCC Work
There are three paths for small businesses to participate in the DoD cloud ecosystem created by JWCC:
Path 1: Subcontracting to JWCC holders. AWS, Microsoft, Google, and Oracle all have partner ecosystems and frequently engage small business partners for professional services work that supports task order delivery. AWS's partner network, Azure Government partner program, and Google Cloud Public Sector partner program all provide pathways for small businesses to be engaged as delivery partners on JWCC task orders. The CSP acts as the prime; the small business delivers implementation, migration, or compliance engineering work as a sub.
Path 2: Separate IT services vehicles (OASIS+, CIO-SP4, SeaPort-NxG). The software development, DevSecOps engineering, and cybersecurity services work that programs need alongside their JWCC cloud infrastructure is typically procured through IT services vehicles. Agencies issue task orders on these vehicles for the "on top of cloud" work — the code, the pipelines, the compliance architecture. Small businesses can compete on OASIS+ and CIO-SP4 task orders directly (or through teaming arrangements with OASIS+/CIO-SP4 holders) for this work.
Path 3: Direct agency awards. Below the micro-purchase threshold, agencies can directly award cloud professional services work to small businesses without a vehicle. As the threshold has risen to $250,000 for commercial items (per recent NDAA changes), direct awards have become a viable pipeline for smaller projects.
For more on OASIS+ and CIO-SP4 task order positioning, see OASIS+ and CIO-SP4: What Primes Need from Subs.
What DoD Agencies Actually Buy (And What They Need From Subs)
Understanding what agencies purchase through and alongside JWCC helps position your capabilities correctly. The typical JWCC-era DoD cloud program has:
Cloud infrastructure layer (JWCC-procured): AWS GovCloud compute, managed Kubernetes (EKS), storage (S3), managed databases, networking infrastructure. Procured directly from the CSP.
Cloud engineering layer (separately procured): Landing zone architecture, Terraform IaC, CI/CD pipeline implementation, STIG hardening, security baseline configuration. This is the work small businesses with cloud engineering expertise perform.
Compliance and authorization layer (separately procured): SSP development and maintenance, POAM management, continuous monitoring setup, cATO pipeline implementation, CMMC readiness. This is the work small businesses with government compliance expertise perform.
Application layer (separately procured): Custom software development, API design, frontend applications, data pipelines, ML/AI workloads. This is the work software development small businesses perform.
A small business with cloud engineering and compliance capabilities is relevant to every DoD program using JWCC — because the infrastructure the JWCC contract provides still requires engineering, hardening, and authorization work that the CSPs do not deliver.
Positioning as a Cloud Engineering Sub
The JWCC ecosystem creates a clear positioning opportunity for small business cloud engineering firms: be the technical implementation partner that programs need after they've ordered their cloud infrastructure but before they can actually use it in a compliant, authorized way.
Programs that have JWCC cloud access but lack internal cloud engineering and compliance expertise are the ideal customer. They have budget, they have a cloud environment, and they need a credible small business technical partner to make it operationally compliant.
This is exactly Rutagon's position. SAM-registered, CAGE 19ZR7, CMMC Level 1, with production experience building IL4-compliant GovCloud environments. When a DoD program office has a JWCC task order in hand and needs to build out their landing zone, harden their Kubernetes environment, and get to cATO — that's the conversation we're ready to have.
See also What Primes Look for in a Cloud Sub and Small Business Delivery at Prime Speed.
Frequently Asked Questions
What is JWCC and who holds it?
JWCC (Joint Warfighting Cloud Capability) is a DoD multiple-award IDIQ contract for cloud infrastructure and services awarded in December 2022 to four cloud service providers: Amazon Web Services, Microsoft Azure, Google Cloud, and Oracle. DoD agencies issue task orders under JWCC to purchase cloud infrastructure at all impact levels (IL2 through IL6). The contract has a ceiling of approximately $9B and runs through February 2028.
Can small businesses hold JWCC directly?
No — JWCC was awarded exclusively to the four major commercial cloud service providers. Small businesses do not hold JWCC. However, small businesses participate in the DoD cloud ecosystem in two primary ways: as subcontractors to JWCC-holding CSPs for professional services delivery, and as prime or subcontractors on separate IT services vehicles (OASIS+, CIO-SP4) that fund the custom software development and compliance engineering work that runs on JWCC-procured cloud infrastructure.
What is the difference between JWCC and JEDI?
JEDI (Joint Enterprise Defense Infrastructure) was a single-award cloud contract awarded to Microsoft in 2019 and subsequently cancelled after extensive legal challenges from competing vendors. JWCC replaced JEDI as a multi-award structure, awarding contracts to all four major CSPs simultaneously. This multi-cloud approach eliminates the vendor lock-in that made JEDI controversial and allows DoD programs to use the cloud provider that best fits their technical and compliance requirements.
How does a small business find JWCC-related subcontracting work?
Three primary paths: (1) Register as a partner in the CSP government partner programs (AWS Partner Network, Microsoft Azure Government, Google Cloud Public Sector) and indicate your DoD cloud engineering capabilities; (2) Monitor SAM.gov for IT services task orders on OASIS+, CIO-SP4, and SeaPort-NxG where agencies are looking for cloud implementation support alongside their JWCC infrastructure; (3) Build relationships with system integrators and prime contractors (especially ANC-owned companies) who hold IT services vehicles and regularly need cloud engineering subs for task order delivery.
What cloud engineering capabilities are most in demand for JWCC-era DoD programs?
The highest-demand technical capabilities for DoD programs operating on JWCC cloud infrastructure include: landing zone architecture (multi-account GovCloud setup), Infrastructure-as-Code (Terraform for compliant provisioning), DevSecOps pipeline implementation (GitHub Actions or GitLab CI with STIG scanning, SLSA provenance), continuous ATO pipeline development (automated compliance evidence generation), CMMC Level 2 implementation, and Kubernetes hardening (EKS with DISA STIG compliance). Programs have cloud budget but need engineering expertise to use it in an ATO-ready way.