Implementation Kickoff Guide for AFWERX Deployment¶

This guide outlines the implementation process and shared responsibilities between your team and Second Front’s Game Warden platform. It includes what’s expected at each phase of onboarding, what artifacts you need to provide, and how we’ll work together to securely deploy your application to Game Warden.

Implementation phases & milestones¶

Phase	What Second Front Does	What You Do
Kickoff	Assign Mission Success Manager (MSM) and Technical Implementation Manager (TIM) Deliver onboarding resources and guidance	Assign technical & security leads Review onboarding requirements Obtain a signed MFR from their Government Mission Owner Begin collecting technical artifacts
Configuration	Set up Development (DEV) environment Configure Helm charts and pipelines	Provide images & initial documentation Complete access control setup with Platform One (P1) SSO, Keycloak, and Government Access Card (required for deployments to IL4+ environments)
Security Review	Perform container scans (DAST) Support Body of Evidence (BoE) and Certificate to Field (CtF) documentation	Perform container scans (SAST) and submit results to 2F Justify or remediate CVEs Complete the BoE and Authorization Boundary Diagram
Approved	Submit Deployment Passport for Authorizing Official (AO) signature Prepare Staging (STG) environments
Validation	Deploy to STG environment Assist with test cases and validation checks	Perform final functional tests in STG Confirm production readiness
Deployed to Production (PRD)	Push to PRD environment Monitor initial usage and performance	Confirm the PRD readiness Begin end-user onboarding
Deployed to Classified Networks	Collaborate with customers to obtain the necessary documents for intake by the Department of Air Force CloudWorks (DAFCW). This process can start after submitting the Deployment Passport.	Provide necessary documents required by DAFCW.
Day 2 Operations	Provide ongoing support Deliver quarterly business reviews and growth planning	Join regular syncs Review logs and scan results Plan for roadmap milestones

Shared Responsibility Model¶

Second Front uses the Shared Responsibility Model to clarify which tasks are owned by the customer and which are managed by Second Front, helping streamline implementation and compliance. Refer to Game Warden's Shared Responsibility Model for more information.

Required technical artifacts¶

To support a smooth and secure implementation, please collect and submit the required items listed in the Technical Artifacts guide as early as possible in the process.

Security requirements¶

Security is core to the Game Warden platform. You must be prepared to support the following:

Authorization Boundary Diagram	Required for BoE and initial implementation planning. Must include all outbound integrations or API dependencies to initiate Approval to Connect (AtC) workflows early.
CVEs & Remediation	You’ll use Findings to manage container scans. CVEs must be addressed per the Acceptance Baseline Criteria.
BoE	Gather required details early to avoid bottlenecks.
SAST Scan & AI Attestation	Prepare static analysis outputs and AI-related disclosures, if applicable.

Technical considerations¶

To ensure a smooth deployment process, your team should review:

Access Control - Integrate with Keycloak and implement JWT authentication

→ Access Control Guide
CNAP Whitelisting - Required for IL4+ environments

→ CNAP Whitelist
Logging & Monitoring - Game Warden integrates with Loki and Grafana

→ Observability Stack
Pipelines & Image Push - Push hardened images to the Harbor Registry

→ Push Images to Harbor

Action items & best practices¶

Assign a dedicated technical and security lead
Schedule weekly/bi-weekly syncs with your Game Warden team
Set up P1 accounts for all relevant team members
Review observability tools and security scanning expectations
Begin preparing your BoE, authorization boundary, and technical artifacts
Push initial image to Game Warden registry as early as possible

Helpful links