/
CISA Orders Federal Agencies to Mitigate Critical Cisco SD-WAN Threats
Published on
CISA Acting Director Madhu Gottumukkala. CISA released emergency directives to agencies to mitigate Cisco SD-WAN threats.

The Cybersecurity and Infrastructure Security Agency has released Emergency Directive 26-03, Mitigate Vulnerabilities in Cisco SD-WAN Systems, along with Supplemental Direction ED 26-03, Hunt and Hardening Guidance for Cisco SD-WAN Systems, to address threat actors actively targeting federal networks leveraging designated Cisco systems and software.

CISA Orders Federal Agencies to Mitigate Critical Cisco SD-WAN Threats

The Potomac Officers Club’s 2026 Cyber Summit on May 21 will examine how government and industry are responding to escalating global cyber threats similar to the attacks on Cisco SD-WAN Systems. Sign up now to join this important GovCon event!

What Prompted the 26-03 Directive?

CISA said Wednesday the identified flaws pose an unacceptable risk to federal civilian executive branch networks, prompting immediate remediation. The company’s forensic analysis, conducted in coordination with international partners, determined that the vulnerabilities could be exploited with limited complexity.

What Actions Must Agencies Take in Response to 26-03?

Agencies are required to create a comprehensive inventory of all affected Cisco SD-WAN assets, collect relevant system logs and virtual snapshots, and apply patches addressing CVE-2026-20127 and CVE-2022-20775. In addition, organizations should actively search their environments for signs of compromise and follow the security measures detailed in Cisco’s Catalyst SD-WAN Hardening Guide. The agency issued an alert accompanied by joint guidance titled the Cisco SD-WAN Threat Hunt Guide to help network defenders identify and respond to malicious activity.

“Operational disruptions create strain and uncertainty, give our adversaries unnecessary advantages, and forces our frontline cybersecurity experts to carry out critical work without pay. Based on collaboration with international partners and CISA’s forensic analysis, the ease with which these vulnerabilities can be exploited demands immediate action from all federal agencies,” said Madhu Gottumukkala, acting director of CISA.

Previous Cisco-Related Emergency Action

The directive follows earlier warnings about threats targeting Cisco systems. In September 2025, CISA issued an emergency directive warning of attackers exploiting vulnerabilities affecting Cisco Adaptive Security Appliances web services. The directive required organizations to identify all affected devices, collect forensic evidence, evaluate systems for signs of intrusion, disconnect unsupported hardware and update software to current supported releases.

//
CMMC 2.0 for Small Businesses: Is It Worth It?
Published on
Cybersecurity. A small defense contracting firm is frustrated by CMMC 2.0's high fees, excessive paperwork and long waits.
  • A small cyber firm that does business with the DOW feels pinched by CMMC 2.0’s high costs, excessive paperwork and long waits for third-party assessors
  • DOW contracts will soon require third-party certification and prime contractors and big opportunities like Golden Dome are already requiring them
  • Hear the latest developments in CMMC directly from top DOW and federal officials at the 2026 Artificial Intelligence Summit on March 18!

A small cyber firm that does business with the Pentagon and the intelligence community is frustrated by the process for Cybersecurity Maturity Model Certification 2.0, specifically high costs, excessive paperwork and long waits for third-party assessors.

Angie Lienert, IntelliGenesis owner, president and CEO, told ExecutiveGov that she has spent $100,000 toward CMMC 2.0 Level 2 certification and expects to spend $180,000 to $200,000 to become fully CMMC-certified, not including updates nor additional assessments. She said CMMC 2.0’s excessive costs will eventually be passed down to the customers and that she had hoped for some sort of credit, discount or benefit in certification costs for small businesses.

What Is IntelliGenesis?

IntelliGenesis is a woman- and veteran-owned firm that has about 140 employees and revenues in the eight-figure range. It performs services such as cybersecurity and network operations, artificial intelligence and machine learning, and data science and analytics, among others.

CMMC 2.0 Level 2 mandates third-party certification starting Nov. 10, 2026, for all applicable Pentagon contracts. Jeremiah Jensen, IntelliGenesis chief operating officer and program manager, told ExecutiveGov that the company is struggling to find an available third-party assessor available because many other companies are also pursuing CMMC. In January, Jensen said the earliest IntelliGenesis could book a third-party assessor was March and, if that got postponed, October.

“Just trying to get on the schedule, and trying to push this through, and everything has been really, really staggering,” Jensen said.

Lienert feels the unavailability of third-party assessors also allows them to charge premium pricing for their services, which will also eventually get passed down to the customer and taxpayers. A mock CMMC Level 2 assessment, Lienert said, cost $40,000. If a company fails the assessment, they have to pay for another one.

Get the latest on CMMC from top DOW and federal officials at the Potomac Officers Club’s 2026 Artificial Intelligence Summit on March 18! Hear whether relief is coming for small businesses or whether CMMC will expand throughout the federal government. Secure your seat today!

What Is CMMC?

CMMC is a Department of War effort that started in the first Trump administration. It seeks to strengthen the DOW’s industrial base cybersecurity and better protect DOW information as it faces increasingly frequent and complex cyber attacks. CMMC assesses defense contractor compliance with existing safeguarding requirements for federal contract information and controlled unclassified information.

DOW officially launched a three-year rollout of CMMC 2.0 cybersecurity requirements on Nov. 10, 2025. Contracting officials will now, in what’s called Phase 1, include new CMMC 2.0 requirements in new solicitations and contracts for the basic safeguarding of FCI. Companies must self-assess and submit scores in the Supplier Performance Risk System.

Phase 2, which begins Nov. 10, 2026, will require either a self-assessment or an independent assessment by an authorized CMMC third-party assessment organization every three years, depending on the type of information involved. Phase 3, where some solicitations will require Level 3 certification, begins on Nov. 10, 2027.

Every contractor will have to be fully compliant by the fourth year, or Nov. 10, 2028.

Deltek’s 2025 Clarity Government Contracting Industry Study provides insights to how businesses are spending money preparing for CMMC. The top three cost-drivers in CMMC, according to survey respondents, are investing in new cybersecurity tools and technologies; infrastructure upgrades, such as hardware or software; and developing and documenting compliance policies and procedures. Thirty-six percent of respondents said they were hiring external CMMC consultants.

Jensen described the paperwork required for CMMC Level 2 as staggering. The company, he said, has already processed 50 documents as part of certification. IntelliGenesis also brought in a consultant, at additional cost, to help with the more technical questions because third-party assessors are not allowed to provide guidance or advice.

Lienert told her team to wait as long as possible to do CMMC Level 2 to see if the DOW would provide any sort of sliding scale for small businesses. Once she realized that help wasn’t coming, she moved forward.

Additionally, Lienert said larger companies are already forcing smaller businesses like hers to comply with CMMC ahead of the DOW’s timelines. Small businesses, she said, could find loopholes around the CMMC process by changing their business structure to stop providing services and only provide products.

If the customer wants the product, she said, there might not be any CMMC associated with it.

“Then push is going to come to shove, and we’ll see which way wins,” Lienert said.

The DOW and Katie Arrington, the Wash100 Award-winning former Pentagon chief information officer, now CIO for IonQ and considered the lead architect of CMMC, declined to comment for this article.

Are you a small business laboring through CMMC? Then you cannot miss the Potomac Officers Club’s 2026 Artificial Intelligence Summit on March 18! Hear how leading contractors are securing their AI systems to secure future DOW business. Learn of new business opportunities with AI and cybersecurity. Sign up today!

Deltek Insights on Small Businesses and CMMC Level 2

An expert on cybersecurity and the CMMC process was not surprised to hear IntelliGenesis’ concerns. Michael GreenmanDeltek senior product marketing manager, told ExecutiveGov that CMMC’s development has had a lot of starts and stops, and opponents and proponents, along the way before implementation.

Greenman said many businesses were skeptical, or even doubtful, that CMMC would get implemented. The market, he said, may have also been misled as to CMMC’s importance, when it would be implemented and how quickly it would be required.

But Greenman said businesses who started the CMMC process early are being rewarded. Firms that started the compliance process earlier had better available third-party assessors and, thus, lower fees.

Additionally, Greenman said CMMC serves a competitive differentiator, as it’s not a bad thing to have extra security, credentials and receipts.

“You have gone through this extra effort to demonstrate to your customer, whether the federal government or a prime contractor, that you have the security, and proof,” Greenman said. “That’s when the lights flicked [on] for that group of typically highly-intelligent, highly-motivated individuals.”

Is CMMC Required for Golden Dome?

Yes, CMMC is required for the first two Golden Dome homeland missile defense system  contract vehicles. The Scalable Homeland Innovative Enterprise Layered Defense, or SHIELD, both require CMMC Level 2, and, in some cases, Level 3, to do business, Greenman said this caught many small businesses by surprise.

Golden Dome is an especially lucrative program. SHIELD is potentially worth $151 billion over 10 yearsGolden Dome, overall, is estimated to cost at least $252 billion over 20 years. The White House has already provided a $25 billion down payment for Golden Dome.

Greenman doesn’t believe the DOW should have provided special considerations, or a sliding scale, for small businesses in CMMC. Data has to be protected, he said, regardless of how cheap or expensive it can be. Greenman said small business CMMC certification is important because their security is weaker than security used by the DOW, and they’re targeted for data breaches.

“They’re not going to try to attack the Pentagon,” Greenman said. “That data needs securing because our warfighters are in danger and our national security is in danger now more than ever.”

Prime Contractors Wield Influence in CMMC Level 2

Greenman said prime contractors have the most effective leverage in CMMC to garner compliance from smaller businesses. He said they have published communication putting subcontractors and small businesses on notice that they are taking CMMC seriously.

Primes aren’t going to risk their business, Greenman said, to uncertified supply chain members because the primes are both in positions of responsibility and enforcement.

“They hold the authority,” Greenman said. “They hold the responsibility and ability to kind of command and demand compliance.”

Could the US Government Expand CMMC?

The federal government could also expand CMMC to other agencies. Greenman said the General Services Administration is starting to put similar language in its contracts. There could also be a top level Federal Acquisition Regulation rule implemented in 2026, he said, that will require all agencies to mandate National Institute of Standards and Technology SP 800-171, likely revision three, as a minimum standard requirement for all contracts.

Of course, how it would be enforced is another open question, he said.

CMMC 2.0 for Small Businesses: Is It Worth It?
/
Kim Brandt: CMS Saves $2B Using AI to Combat Fraud, Prevent Contract Duplication
Published on
Kim Brandt. The CMS deputy administrator and COO talked about the use of AI to strengthen fraud detection.

Kim Brandt, deputy administrator and chief operating officer at the Centers for Medicare and Medicaid Services, said CMS has saved $2 billion since March 2025 by using artificial intelligence to strengthen fraud detection and contract oversight, Nextgov/FCW reported Tuesday.

Kim Brandt: CMS Saves $2B Using AI to Combat Fraud, Prevent Contract Duplication

As agencies report measurable outcomes from AI initiatives, interest continues to grow across government and industry in how emerging technologies are being applied to mission delivery. Book your seat at the 2026 Artificial Intelligence Summit on March 18 and take part in the conversation with federal and industry leaders on the evolving role of AI across the public sector.

How Does CMS Leverage AI to Combat Fraud?

Brandt said CMS uses what she described as a “Netflix-type algorithm” that analyzes existing data to identify potentially high-risk applicants. The system flags those entities for internal monitoring, but does not block participation in CMS programs.

“Within the first year [of using AI], to be able to get rid of 90 percent of some of these potentially bad actors, it’s a huge thing for us,” she said at the Nextgov/FCW Fed Tech Priorities Summit on Feb. 18. “Our hope is that … in this next year, as we implement that even more widely, it’s going to be a huge saver for us.”

How Does CMS Prevent Contract Duplication Using AI?

CMS has also implemented an internal AI tool to compare existing contracts and identify and prevent potential duplication.

“It really gives us the ability to use historical knowledge to be able to make smart financial decisions about how we move forward on the contracts,” Brandt said of the AI tool. “The team has only been using this for a few months now [and] it’s already been extremely effective. They think it saved us maybe the better part of several hundred million [dollars] already.”

What Are the Federal Efforts to Advance AI in Healthcare?

Federal agencies and departments are taking a series of steps to integrate AI into healthcare delivery, oversight and clinical support.

CMS has launched an AI research challenge to address fraudulent activities within the Medicare program. The Department of Veterans Affairs has also released an AI inventory outlining use cases tied to suicide prevention initiatives and electronic health record modernization efforts.

Meanwhile, the Department of Health and Human Services issued a request for information to gather feedback on accelerating AI adoption in clinical settings, including regulatory and reimbursement considerations. HHS also launched a department-wide AI strategy to advance the use of the technology in improving healthcare delivery, public health, human services, biomedical research and agency operations.

/
Navy Designates GenAI.mil as Enterprise IT Service for CUI, IL5 Generative AI
Published on
Department of the Navy seal. DON designated GenAI.mil as its enterprise IT service for CUI and IL5 generative AI use.

The Department of the Navy has officially designated GenAI.mil as its enterprise IT service for controlled unclassified information, or CUI, and Impact Level 5 generative artificial intelligence use.

Navy Designates GenAI.mil as Enterprise IT Service for CUI, IL5 Generative AIAs the Navy formalizes its enterprise approach to generative AI with the GenAI.mil designation, interest in how agencies structure and govern AI adoption continues to grow. Reserve your seat at the 2026 Artificial Intelligence Summit on March 18 and stay informed on the developments shaping AI in the public sector.

The DON said Tuesday that the assistant secretary of the Navy for research, development and acquisition; principal military deputy; and the DON chief information officer issued a memorandum on Jan. 28, directing mission owners and all DON users to transition to GenAI.mil as the mandated generative AI platform.

What Is the DON Policy on GenAI.mil?

Under the policy directive, all DON organizations and commands must transition to GenAI.mil no later than April 30.

The memorandum requires DON commands and organizations to report all current and planned generative AI capabilities for classified and unclassified systems to the DON CIO-established GenAI Task Force within 15 days of the memo’s publication. The DON CIO will submit a consolidated report to the secretary of the Navy.

Within 45 days of the memo’s release, capability owners will receive notification to start consolidation efforts in alignment with the DON Cattle Drive initiative. The Navy will update the memo semiannually to reflect additional capabilities and enhancements to the enterprise AI service.

The memo states that whlie GenAI.mil is certified at IL5 and authorized to process CUI, the use of protected health information and personally identifiable information on the platform is prohibited.

What Is GenAI.mil?

Launched in December, GenAI.mil is the Department of War’s enterprise AI platform designed to provide a unified environment for mission-ready AI capabilities. According to DON, it provides a conversational chat interface for authorized users and supports file uploads, including PDF, DOCX, TXT, PPTX and image formats.

The platform offers Retrieval Augmented Generation, enabling users to generate responses grounded in uploaded documents. It also provides secure web grounding, deep research capabilities and persistent chat histories that allow users to organize and retain conversations.

The DON said GenAI.mil enables personnel to use commercial AI tools for analysis, productivity and decision-making while maintaining strict controls to protect data and ensure compliance with DOW policies. The platform initially rolled out with Google’s Gemini for Government as one of its first frontier AI tools and later expanded to include xAI for Government.

In early February, the DOW partnered with OpenAI to integrate ChatGPT into GenAI.mil to expand access to large language models for personnel across the department.

Adoption of GenAI.mil has expanded across the military services. The Air Force and Space Force have adopted GenAI.mil, while the U.S. Marine Corps designated GenAI.mil as its enterprise AI platform.

/
Former Marine Corps Deputy Commandant James Adams Takes Charge of Defense Intelligence Agency
Published on
Lt. Gen. James Adams. The former USMC deputy commandant is the new director of the DIA.

Lt. Gen. James Adams, former U.S. Marine Corps deputy commandant for programs and resources, officially assumed responsibilities as the 25th director of the Defense Intelligence Agency during a ceremony held on Feb. 20.

What Did DOW’s Bradley Hansell Say About Adams’ New Role?

During the event, Bradley Hansell, under secretary of war for intelligence, commended Adams’ work at the USMC, the only service to pass a clean financial audit.

Discover the lastest artificial intelligence requirements and business opportunities directly from top Pentagon officials like Adams at the Potomac Officers Club’s 2026 Artifical Intelligence Summit on March 18. Secure your seat today!

“He has brought success to every assignment he’s been in and I expect this one to be no different,” Hansell said. “He led the Marine Corps to yet another historic first … as they became the first service to pass a clean financial audit, setting a standard for accountability within the department. He did so, not once, but three times.”

Adams was President Donald Trump’s nominee to lead DIA. He succeeds Air Force Lt. Gen. Jeffrey Kruse, who served as the agency’s director until August, DefenseScoop reported.

What Are James Adams’ Plans for the DIA?

Speaking at the ceremony, Adams emphasized the need for the DIA to transform to meet the “speed, scale and complexity of modern warfare.”

He explained that while artificial intelligence, advanced analytics and open source data analysis have accelerated the agency’s capability to generate insights, the DIA needs to continue building a skilled workforce equipped with experience and tradecraft to deliver judgment and clarity to decision makers.

“It is my responsibility, our responsibility, to develop and empower our workforce to remove obstacles that detract from mission accomplishment,” Adams said. “[We must] ensure every analyst, operator, technologist and support professional can focus on what matters most: delivering insight, credible warning and operational capability to the combatant commands, the services and policymakers on time and on target.”

/
Army Issues RFI for EMSO Capabilities, Potential IDIQ Contract
Published on
ACC seal. ACC-APG has issued a request for information on Electromagnetic Spectrum Operations capabilities.

The U.S. Army Contracting Command-Aberdeen Proving Ground, or ACC-APG, in coordination with Project Manager Electronic Warfare & Cyber, has issued a request for information on Electromagnetic Spectrum Operations, or EMSO, capabilities.

Army Issues RFI for EMSO Capabilities, Potential IDIQ Contract

Enhancing the procurement model remains a top priority under the Army Transformation Initiative. Join top military and industry leaders as they discuss contracting reforms and other vital issues at the Potomac Officers Club’s 2026 Army Summit on June 18. Sign up today!

The RFI is paired with a Characteristics of Needs document developed by the Army Transformation and Training Command to inform market research and refine acquisition planning, the Army said Tuesday.

What Is the Army Seeking?

ACC-APG seeks industry input on developing EMSO technologies to strengthen spectrum control during large-scale combat operations against advanced adversaries. Responses to the RFI will help determine the appropriate procurement approach, including a potential multiple-award indefinite-delivery/indefinite-quantity contract.

Why Is EMSO a Priority?

The effort is part of a broader push to strengthen the Army’s electromagnetic warfare capabilities; expanding its ability to attack, defend, manage and support spectrum operations across multiple domains and warfighting functions. The service is also working to close the gap between rapid advances in spectrum technologies and acquisition processes that have struggled to keep pace.

“Our modern approach of sharing upfront, broad problem statements through a CoN, as recently demonstrated in the Next Generation Command and Control effort, will be critical in obtaining meaningful industry feedback to shape procurement approaches for new equipment,” said Joseph Welch, program acquisition executive for command and control/counter C2.

Modernizing Army Procurement

The request for industry input comes as the Army continues broader acquisition reforms aimed at accelerating modernization and shortening procurement timelines. Under the Army Transformation Initiative, leaders have moved to reassess requirements, prioritize mission-critical capabilities and streamline decision-making to keep pace with rapidly evolving technologies.

/
JIATF 401 Counter-UAS Marketplace Reaches Initial Operational Capability
Published on
Drone swarm. Army-led JIATF 401 achieved initial operational capability for its counter-UAS marketplace.

The U.S. Army-led Joint Interagency Task Force 401 has achieved initial operational capability for its online counter-unmanned aircraft systems marketplace, marking a step forward in efforts to accelerate procurement of drone defense technologies across the Department of War and interagency partners.

The digital platform is hosted on the common hardware systems electronic catalog. It is designed to allow authorized users to identify, compare and purchase validated counter-UAS systems through an established indefinite-delivery, indefinite-quantity contract vehicle, the DOW said Tuesday.

Brig. Gen. Matt Ross, director of JIATF 401, previously stated that the marketplace will provide authoritative performance data so customers can select systems suited to specific threats and operational environments. He said requirements vary depending on location and mission, underscoring the need for a range of counter-drone tools.

What Does the JIATF 401 Marketplace Change for Procurement?

By leveraging an existing IDIQ contract structure within the catalog, the marketplace allows qualified users to move directly to ordering without initiating a new contracting action. That structure is intended to shorten acquisition timelines and reduce administrative burden for units seeking counter-drone capabilities. The catalog currently contains more than 1,600 items.

“The JIATF 401 [counter]-UAS marketplace is a critical step forward in our whole-of-government approach to countering the threat of small drones,” Ross said. 

“Our goal is to integrate sensors, effectors and mission command systems into a responsive, interoperable network that protects service members and American citizens alike,” he added.

How Does the JIATF 401 Marketplace Fit Into Broader Counter-UAS Efforts?

The marketplace builds on JIATF 401’s mandate to streamline development, acquisition and fielding of counter-drone capabilities. The task force was established in 2025 to consolidate authorities and replace the Joint Counter-small Unmanned Aircraft Systems Office.

New DOW counter-UAS guidance issued in January enhances interagency data sharing and extends Title 10 authorities, allowing commanders to mitigate drone threats originating outside installation perimeters. JIATF 401 is supporting implementation of that policy through training resources and access to validated technologies.

/
NIST Publishes New Guidance to Strengthen AI Benchmark Evaluations
Published on
NIST logo. NIST issued new guidance aimed at strengthening the statistical validity of AI benchmark evaluations.

The National Institute of Standards and Technology has issued new guidance aimed at strengthening the statistical validity of artificial intelligence benchmark evaluations.

NIST Publishes New Guidance to Strengthen AI Benchmark Evaluations

Register for the Potomac Officers Club’s 2026 Artificial Intelligence Summit on March 18 to explore real-world strategies and applications of AI, machine learning and automation.

What Problem Is NIST Addressing?

NIST said Thursday its new publication, Expanding the AI Evaluation Toolbox with Statistical Models, addresses shortcomings in common benchmark evaluation practices. These often rely on implicit assumptions, conflate different measures of system performance or fail to adequately quantify uncertainty. Such gaps can complicate interpretation and hinder decision-making based on reported results.

How Does the New Framework Enhance Evaluation?

The NIST AI 800-3 publication introduces a formal modeling framework to clarify how AI benchmark results are interpreted and how uncertainty is measured. It distinguishes between benchmark accuracy, which measures performance on a fixed set of benchmark questions, and generalized accuracy, which estimates performance across a broader population of similar questions. NIST notes that the two measures may differ and require distinct calculation methods.

The publication highlights the use of generalized linear mixed models, or GLMMs, to estimate AI performance and gain insights into benchmark composition and large language models, or LLMs. While regression-free approaches remain common with evaluators, GLMMs can more precisely quantify uncertainty and provide additional explanatory insights when correctly specified.

NIST Seeks Public Input on Automated LLM Benchmarking

In a similar move, NIST is seeking public feedback on a related draft framework focused on automated benchmarking practices for LLMs. The Center for AI Standards and Innovation released an initial public draft of NIST AI 800-2, Practices for Automated Benchmark Evaluations of Language Models. This aims to provide guidance on how automated benchmarks are designed, implemented and applied to evaluate LLMs.

/
GAO Warns of Ongoing Schedule Gaps in NBIS Personnel Vetting Program
Published on
Government Accountability Office's logo. GAO issued a new report on the DOWs development of NBIS

The Government Accountability Office has found that the Department of War still does not have a reliable schedule for the development of the National Background Investigation Services, or NBIS.

In a report published Tuesday, the congressional watchdog warned that, without a reliable schedule, the program may continue to face delays.

Daniel Hettema, director of digital engineering, modeling and simulation at the Office of the Under Secretary of War for Research and Engineering, is speaking at the Potomac Officers Club’s 2026 Digital Transformation Summit on April 22. He will discuss defense modernization alongside top industry leaders. Secure your tickets today

What Deficiencies Has GAO Found in the NBIS Program?

According to GAO, the NBIS program has only partially met the credible and well-constructed characteristics of a reliable schedule.

One issue that the agency raised in the report is the program’s lack of a schedule risk analysis, which would identify problems that may lead to delays. GAO also found that federal agencies are not meeting timeliness goals for nearly all phases of the security clearance process, including for top secret clearances.

What Improvements Has GAO Identified in the NBIS Program?

Despite ongoing schedule concerns, GAO reported improvements in the program’s cost estimating practices.

DOW now projects spending an additional $2.2 billion on NBIS development through FY 2031, in addition to $2.4 billion already spent through FY 2024. GAO said the improved cost estimate should provide better visibility into program expenses and help reduce the risk of unexpected cost overruns.

What Is the National Background Investigation Services?

The NBIS manages the full lifecycle of the background investigation process, beginning with application initiation and continuing through investigation, adjudication and ongoing continuous vetting.

Designed to modernize and secure the federal government’s legacy vetting systems, the NBIS streamlines business processes and integrates data streams into a unified platform. The system is intended to improve user experience, enhance decision-making and provide a scalable and secure environment for handling personnel security information.

//
Army Leaders Leonel Garciga, Michael Obadal Discuss IT Modernization Strategy
Published on
Leonel Garciga and Michael Obadal. The Army CIO and under secretary on IT modernization and business systems consolidation.

Army Chief Information Officer Leonel Garciga and Army Under Secretary Michael Obadal discussed the service’s business systems consolidation and IT modernization efforts at the AFCEA NOVA Army IT Day, Federal News Network reported Monday.

Army Leaders Leonel Garciga, Michael Obadal Discuss IT Modernization Strategy

As Army leaders continue advancing system consolidation and enterprise IT modernization efforts, those priorities are expected to remain central to broader defense technology discussions. Save your spot at the Potomac Officers Club’s 2026 Army Summit on June 18 and join senior military officials and industry leaders as they explore the Army’s evolving priorities and strategic initiatives.

Garciga, a two-time Wash100 awardee, described legacy business systems as the “Achilles heel” of every enterprise, highlighting the Army’s push to eliminate outdated systems.

What Did Garciga Say About Army Legacy System Consolidation?

Garciga said the Army is accelerating efforts to eliminate outdated platforms. While business system modernization has been a governmentwide objective for more than two decades, he said the service is demonstrating measurable progress.

According to Garciga, the Army has shut down 100 systems over two quarters as part of its consolidation campaign. He acknowledged that some organizations have been affected by the changes but said the effort is necessary as the Army deploys enterprise-level capabilities and identifies platforms to focus on.

How Is the Army Advancing Its Enterprise IT Strategy?

The Army has established a low-code, no-code center of excellence aimed at promoting adaptable development and reducing unnecessary customization. Garciga said the service is encouraging functional leaders to rely on out-of-the-box capabilities rather than replicate customized legacy processes.

Garciga said Google Cloud was recently added to the Enterprise Cloud Management Agency portfolio, giving users access to all major cloud service providers.

The Army has also signed enterprisewide software licensing agreements with Palantir, Salesforce and Appian.

What Did Obadal Say About Army System Consolidation & Modernization Effort?

Obadal, a 2026 Wash100 awardee, said the Army began its modernization effort with approximately 800 individual business systems and has reduced that number to fewer than 300.

“Change is happening across the Army, but we have a long way to go,” Obadal said.

He noted that fragmentation remains across mission areas, with 42 systems supporting training and readiness, 58 human resources management systems and 75 logistics systems.

Obadal said the Army is seeing the impact of consolidation in its Total Army Readiness Review process. Since November, the review has shifted from static presentations built through thousands of man hours to live data reporting. Senior leaders can now access real-time information on every unit and major weapon system, down to individual bumper numbers. Obadal added that commanders can view parts backlogs at the Defense Logistics Agency and vendors, track delivery status and leverage large language models to generate real-time insights from large datasets.

“It’s a massive step forward for the Army to be able to transmit its readiness in real time,” he noted.

In January, Obadal said the Army is updating its software directive and advancing Budget Activity 8 to enable program managers to move beyond a hardware-focused budgeting model and access funding through a software-specific appropriations category.

1 10 11 12 13 14 2,696