//
Treasury Seeks Public Input on CFIUS Known Investor Program, Review Streamlining
Published on
Treasury Department. An RFI was issued on the CFIUS Known Investor Program and ways to streamline foreign investment reviews.

The U.S. Department of the Treasury, which chairs the Committee on Foreign Investment in the United States, or CFIUS, has released a request for information seeking public feedback on the CFIUS Known Investor Program and potential ways to improve the efficiency of the foreign investment review process without compromising national security oversight.

The RFI asks industry stakeholders, foreign investors, legal experts and other interested parties to comment on how the Known Investor Program could function, including eligibility requirements, information submissions and anticipated benefits, the Treasury Department said Friday.

“As Chair of CFIUS, Treasury is leading efforts to improve process efficiencies while ensuring that CFIUS continues to fulfill its core mission of identifying and addressing national security risks that can accompany foreign investment,” said Secretary of the Treasury Scott Bessent.

Treasury is also requesting input on broader opportunities to streamline CFIUS procedures, such as reviews of non-notified transactions and ongoing mitigation compliance. Public comments on the RFI are due March 18.

What Is the CFIUS Known Investor Program?

First introduced in May 2025, the Known Investor Program would allow participating foreign investors to voluntarily submit background information outside of individual transaction filings. Treasury said the approach could help CFIUS develop greater familiarity with repeat investors, reduce duplicative data requests and allow the committee to focus resources more effectively.

Treasury emphasized that any process improvements would not alter CFIUS’s statutory authorities or lower its standards for identifying and addressing national security risks associated with foreign investment in the United States.

How Does the RFI Align With White House Investment Policy?

Treasury’s RFI closely aligns with the White House’s America First Investment Policy national security presidential memorandum, signed in February 2025, which calls for promoting foreign investment from trusted partners while strengthening safeguards against national security threats. The memorandum directs federal agencies to facilitate low-risk and passive investments from allied nations and to improve the efficiency and predictability of the foreign investment review process without weakening oversight. 

By seeking public input on the CFIUS Known Investor Program and potential process streamlining, Treasury is advancing those objectives by exploring ways to differentiate between trusted, repeat investors and higher-risk transactions, allowing CFIUS to focus its resources on investments that may pose greater national security concerns.

/
NASA Downselects STRIVE, EDGE Missions for Earth System Explorers Program
Published on
View of the Earth from orbit. NASA has announced the downselection of two missions for its Earth System Explorers Program.

NASA said Thursday that it has selected two missions for continued development under the Earth System Explorers, or ESE, program, which seeks to enable high-quality Earth system science investigations in line with recommendations from the National Academies of Sciences, Engineering and Medicine 2017 Decadal Survey for Earth Science and Applications from Space.

The chosen projects are the Stratosphere Troposphere Response using Infrared Vertically-resolved light Explorer, or STRIVE, mission and the Earth Dynamics Geodetic Explorer, or EDGE, mission.

What Is the STRIVE Mission?

Led by Lyatt Jaegle of the University of Washington in Seattle, STRIVE seeks to take measurements of the temperature, aerosol properties and various atmospheric elements from the upper troposphere to the mesosphere. Unlike previous missions, STRIVE seeks to take these measurements at a much higher spatial density. High-resolution and near-global readings are to be provided on a daily basis.

STRIVE also aims to support the understanding of how the ozone layer is recovering. To achieve this, the mission will work to measure vertical profiles of ozone and trace gasses.

What Is the EDGE Mission?

Led by Helen Amanda Fricker of the University of California San Diego, EDGE aims to advance the measurements being recorded by NASA’s Ice, Cloud, and land Elevation Satellite 2 and the Global Ecosystem Dynamics Investigation mission. EDGE will work to make observations of the surface topography of glaciers, ice sheets and sea ice as well as the three-dimensional structure of terrestrial ecosystems.

How Were the ESE Program Missions Selected?

The selection process for the Earth System Explorers Program began with the choosing of four proposals in May 2024 following the issuance of the program’s final announcement of opportunity a year earlier. Each proposal was to receive $5 million for a one-year concept study, after which NASA would choose two to go forward.

STRIVE and EDGE are now set to undergo a confirmation review in 2027 to assess mission progress and funding availability. If confirmed, the missions will launch no sooner than 2030.

Minus the launch itself, each mission is expected to cost $355 million at most.

//
New Memo Seeks to Bolster CIO Role in Gov’t Agency Tech Acquisition
Published on
Federal CIO Gregory Barbaccia. The Wash100 Award winner has issued a memo outlining his priorities for 2026.

Federal Chief Information Officer and Wash100 Award winner Gregory Barbaccia has issued a memo to government agency CIOs outlining his priorities for 2026, Federal News Network reported Friday. Among the dozen priorities discussed in the memo — which FNN had obtained — are those that appear to bolster the ability of CIOs to oversee the manner in which their respective agencies acquire technologies.

How Does the Memo Strengthen the CIO’s Role in Technology Acquisition?

In one part of the memo, Barbaccia flags the practice by some agencies of incorporating into solicitations requirements of dubious relevance, saying such requirements “inadvertently, or intentionally, box out new entrants.” To the agency CIOs, he said, “Please share with your contracting counterparts that they could expect a call from me requiring clarification about how an eligibility requirement directly and specifically impacts the potential success of a project.”

Elsewhere in the memo, Barbaccia expressed his intent to foster a deeper engagement with technology vendors by, among other things, advocating for common agency challenges and aligning industry support to where it is most needed via the establishment of a unified government CIO perspective.

The federal CIO also called for regular meetings with leaders of technology suppliers and expressed his support for changes to procurement practices and regulations governing small businesses aiming for government IT contracts.

Government IT Leadership and Acquisition Priorities

The memo is the latest of Barbaccia’s pronouncements concerning government IT leadership and acquisition priorities. In May last year, the federal CIO sent out an email outlining 16 operating principles for IT leaders of government agencies. In that email, Barbaccia called on government CIOs to build trust, exercise good judgment when performing their duties and own the outcome of their decisions.

“This is not a typical government shop. We are here to fix what’s broken and build what’s missing,” Barbaccia said regarding the role of being CIO in a government agency.

Harmonizing with that statement, Barbaccia announced in June via email that he would prefer to speak with organizations that offer solutions rather than those that “define problems” — particularly research, advisory and strategy consulting companies. Barbaccia also advised government CIOs to cancel meetings with strategy firms or ask for a summary of solutions or deliverables they offer.

/
Top US Federal AI Officials: A Comprehensive List (Part 2)
Published on
Federal AI. Check out the top AI officials in the federal government in part 2 of our ongoing series.
  • Federal chief AI officers are developing and implementing strategies to help agencies use AI to better serve the public
  • These professionals are redefining government service in realms including business, labor, international diplomacy and trade
  • Hear directly from top federal chief AI officers like these at the 2026 Artificial Intelligence Summit on March 18!

 

Federal chief artificial intelligence officers are the nation’s top technology professionals. They’re developing and implementing intricate strategies to help agencies use AI to better serve the public in realms including business, national security, equal employment and trade.

From the Department of War to the National Archives and Records Administration and the Department of the Interior, these technology professionals are redefining federal success. They’re implementing programs to help agencies better work with proprietary technology and leverage cutting-edge technologies in industries like financial technology to provide improved services more efficiently and effectively.

Evaluate the latest business opportunities in federal AI at the Potomac Officers Club’s 2026 Artificial Intelligence Summit on March 18! Hear directly from Cameron Stanley, the Department of War’s chief digital and AI officer, during his illuminating keynote address. Get your burning questions answered by Stanley during his Q&A session. Secure your seat today for this highly anticipated GovCon event!

Why Should GovCons Care About Chief AI Officers?

These top technology professionals matter because they’re helping the government leverage technology that is revolutionizing productivity. This transformative technology will support and enhance how the federal government provides services for years to come.

Discover the backgrounds of these leading federal AI officers and how they’re redefining technology success in government.

Note: This is the second part of a regular series. We’ll share further profiles over the next few months and will link to them here.

Who Are the Top AI Officers in Government?

 

Top US Federal AI Officials: A Comprehensive List (Part 2)

Cameron Stanley

Chief Digital and AI Officer, Department of War

Cameron Stanley is taking over at the DOW to lead a realignment as the department leans heavily into AI. This isn’t his first stint at the Pentagon as Stanley served as chief data officer for the under secretary of war for intelligence and security from 2022 to 2024.

In a video recorded for Executive Mosaic at a 4×24 Leadership Program dinner in January, Stanley discussed how the DOW is soliciting not only innovative services and products, but also novel methods to deliver and execute technology faster than ever as AI use speeds up in defense missions.

 

Top US Federal AI Officials: A Comprehensive List (Part 2)

Brian Epley

Chief Information Officer, Department of Commerce

Brian Epley is a veteran AI officer with significant federal experience. He became the Department of Commerce’s CIO in 2024 after spending two years as the principal deputy CIO at the Department of Energy from 2022 to 2024. Epley was critical to helping the DOE CIO’s office define its strategy for cybersecurity, AI modernization and data use.

Epley also spent six years at the Environmental Protection Agency as deputy CIO and the IT operations director.

 

Top US Federal AI Officials: A Comprehensive List (Part 2)

Amy Ritualo

Acting Chief Data and AI Officer, Department of State

Amy Ritualo has had an extensive federal career, including stops at the Department of Agriculture, Department of Homeland Security and Citizenship and Immigration Services, before she joined the State Department in 2022. She isn’t new to AI though, as she became the State Department’s deputy chief data and AI officer in 2024 before becoming the acting CDAO in January 2025.

Ritualo is leading a department effort to better utilize AI with its proprietary information such as diplomatic cables. She told FedScoop in a March 2025 interview that the State Department in 2023 produced about 6,300 diplomatic cables per day and that the department is focusing on bringing that data to diplomats across around the world.

“GenerativeAI and public tools aren’t that helpful until you can really bring together our proprietary information,” she said. “We’re focused on things like data quality, data access and data sharing, really making sure we have tight permissioning and role-based access to the data that the State Dept generates.”

 

Top US Federal AI Officials: A Comprehensive List (Part 2)

Brian Peltier

Deputy CIO, Social Security Administration

Brian Peltier has spent over 21 years at the Social Security Administration as an IT professional, rising up the ranks to deputy CIO, which he started in May 2024. Here he strategizes on how to best implement AI applications into SSA work.

Peltier told NextGov in an October 2024 interview that the SSA has been using AI for 20 years. The difference now is that much of the recent growth in AI has been around GenAI. The SSA, he said at the time, had not experimented much with GenAI, but was evaluating options to work more with the technology.

 

Are you an AI professional? Then you can’t afford to miss the Potomac Officers Club’s 2026 Artificial Intelligence Summit on March 18—it’s specifically curated for you. Join the conversation during essential panel discussions on integrating AI into legacy federal systems and automating government with AI. Meet and mingle with other GovCon titans and spark new collaborations. Secure your seat now for this essential GovCon conference!

Top US Federal AI Officials: A Comprehensive List (Part 2)

Mark Gray

Chief Information and Chief Data Officer, Federal Trade Commission

Mark Gray is no stranger to tackling the toughest technology challenges in government. He joined the FTC after a 20-plus year career in the Army, where he served in senior roles in logistics, healthcare and IT.

Gray helmed modernization programs for the services’ financial information systems while also supervising large-scale IT changes. An expert in essential government technologies including cybersecurity, data strategy and digital modernization, Gray has expanded his skillset to AI governance and ethical AI implementation.

 

Top US Federal AI Officials: A Comprehensive List (Part 2)

Hartley Caldwell

CIO, Small Business Administration

Hartley Caldwell may be new to government, but he’s not new to technology. Before becoming the Small Business Administration’s CIO, Caldwell spent four years at Fiserv in a variety of CIO positions, including global banking, senior vice president for digital banking and SVP for company credit union solutions.

Caldwell is leading technology strategy at the SBA. He’s developing and optimizing experiences to improve small business engagement and collaborating with cross-functional teams to align technology with SBA outcomes and goals, according to his LinkedIn page.

 

Top US Federal AI Officials: A Comprehensive List (Part 2)

Gulam Shakir

Acting CIO, National Archives and Records Administration

Gulam Shakir is diving deep into AI at the National Archives and Records Administration. He’s leading an AI pilot to improve the search function within the NARA’s catalog.

Shakir is investigating using AI to recognize personally-identifiable information within NARA files before releasing them to the public. He’s also developing an AI-assisted first transcription of descriptive metadata for the NARA’s files.

Shakir joined NARA in 2016 after stops at PreciseTarget DataXu and JingleNetworks.

 

Top US Federal AI Officials: A Comprehensive List (Part 2)

Mangala Kuppa

Acting CIO, Department of Labor

Mangala Kuppa is leveraging previous AI work at the Department of Labor to help it become a federal leader in the technology. She told FedScoop in June 2024 that earlier DOL efforts modernized internal and customer-oriented operations as part of an effort to implement AI.

The DOL has an internal shared services program that identifies the agency’s CIO office to be the shared services provider for all DOL IT capabilities. This, she said, has helped the department categorize all technologies and systems and better target legacy opportunities or systems that could use improvement with AI.

Kuppa started at the DOL in 2020 as a case management director. She previously spent 10 years at the Bureau of Labor Statistics.

 

Top US Federal AI Officials: A Comprehensive List (Part 2)

Sivaram Ghorakavi

Deputy CIO and Chief AI Officer, Equal Employment Opportunity Commission

Sivaram Ghorakavi is a longtime technology expert with both private and public sector experience. He became CIO at the Equal Employment Opportunity Commission in August after previously serving as deputy CIO and CAIO, and chief technology officer.

As EEOC CTO, Ghorakavi developed and integrated a long term technology strategy, evaluated potential solutions and advocated for technology best practices that maximized the efficiency and effectiveness of the EEOC and its stakeholders.

He spent almost 10 years at the National Labor Relations Board in a variety of technology-focused positions. Ghorakavi also served as the senior level IT portfolio manager at the Patent and Trademark Office from 2015 to 2017.

 

Top US Federal AI Officials: A Comprehensive List (Part 2)

Thomas “Tod” Dabolt

CIO, Department of the Interior

Tod Dabolt leads comprehensive data management, AI and evidence programs at the Department of Interior. He previously spent 10 years as the department’s chief data officer, where he created a robust data governance framework, enhancing data compliance and integrity.

Prior to joining the DOI in 2016, Dabolt spent nearly 20 years at the EPA, including 10 years as a director in the office of water.

 

Top US Federal AI Officials: A Comprehensive List (Part 2)
//
Mitch Nikolich, James Gosler Join DOW Science, Technology & Innovation Board
Published on
Mitch Nikolich and James Gosler. The Johns Hopkins APL national security experts joined the DOW STIB.

Milan “Mitch” Nikolich and James Gosler, national security experts from the Johns Hopkins Applied Physics Laboratory, have joined the Department of War’s Science, Technology and Innovation Board, or STIB.

APL said Thursday Nikolich will serve as the STIB’s inaugural chair and Gosler will sit on the board as a member.

APL Director Dave Van Wie said Nikolich and Gosler’s expertise will support the new board’s mission to connect technical researchers and industry partners and help national leaders maintain U.S. leadership in critical technologies.

What Is the DOW STIB?

The STIB is a new advisory panel established by Emil Michael, under secretary of war for research and engineering and a 2026 Wash100 awardee. The STIB consolidates the former Defense Science Board and Defense Innovation Board into a single entity to provide faster scientific and technical assessments and accelerate the delivery of capabilities to warfighters. It will operate with the Subcommittee on Strategic Options and the Subcommittee on National Security Innovation. 

According to APL, the STIB includes 18 science and technology experts from industry, government and the research community.

The STIB is awaiting formal establishment through publication in the Federal Register.

Who Is Mitch Nikolich?

Nikolich is a senior researcher within APL’s National Security Analysis Department. He previously served as director of defense research and engineering for research and technology from 2018 to 2020.

He has held senior roles at several firms, including SAIC, CACI and National Security Research. He also served in the physics division at Los Alamos National Laboratory.

His career includes contributions to the Strategic Defense Initiative, the department’s Countering Weapons of Mass Destruction program and nuclear weapons modernization efforts.

Who Is James Gosler?

Gosler is a senior fellow at APL and has more than five decades of technical leadership experience in national security, cybersecurity, counterterrorism and nuclear weapon security.

He spent more than 30 years at Sandia National Laboratories, where he founded and led the Vulnerability Assessments Program and became Sandia’s sixth fellow.

The U.S. Navy veteran was the first director of the CIA’s Clandestine Information Technology Office. He is also a former member of the Defense Science Board, the National Security Agency Advisory Board and the Naval Studies Board.

//
CISA Directive Seeks to Address Security Risks From Unsupported Edge Devices
Published on
Cybersecurity and Infrastructure Security Agency logo. CISA issued a directive to help strengthen edge device security.

The Cybersecurity and Infrastructure Security Agency has introduced a new directive requiring federal civilian executive branch, or FCEB, agencies to strengthen security controls for edge devices by removing unsupported hardware and software from federal networks.

CISA Directive Seeks to Address Security Risks From Unsupported Edge Devices

CISA’s new directive highlights the continued focus on strengthening cybersecurity across government networks. As agencies and industry stakeholders track evolving requirements and threat-driven priorities, the Potomac Officers Club’s 2026 Cyber Summit will bring together leaders from across the federal cyber community. Register now to save your seat at this May 21 event!

CISA said Thursday the directive—Binding Operational Directive 26-02, Mitigating Risk From End-of-Support Edge Devices—is intended to reduce technical debt and limit the risk of cyber compromise associated with devices that no longer receive vendor security updates.

What Are the Required Actions Under the CISA Edge Device Security Directive?

CISA outlined several mandatory steps agencies must take under the directive, including updating vendor-supported edge devices running end-of-support software to a vendor-supported version and conducting an inventory of all devices to identify those that are end-of-support. Agencies must also report inventory findings to CISA.

The directive also requires agencies to remove all end-of-support edge devices from agency networks and replace them as needed with vendor-supported devices that can receive security updates. Agencies must develop a mature lifecycle management process for continuous discovery of edge devices and maintain an inventory of those that are or will become end-of-support.

What Did CISA Leadership Say About Edge Device Security?

CISA Acting Director Madhu Gottumukkala said unsupported edge devices should not remain on enterprise networks due to the risk they pose to federal systems.

“When the threat landscape demands decisive action, CISA will direct FCEB agencies to strengthen cyber resilience and build a stronger, safer digital infrastructure for America’s future. CISA strongly encourages non-federal organizations to adopt similar actions to strengthen the security of their edge devices,” added Gottumukkala.

Nick Andersen, executive assistant director for cybersecurity at CISA, said removing unsupported edge devices is a key part of maintaining cyber hygiene and reducing risk across government systems.

“Driving timely risk reduction across the federal enterprise is critical, but true impact comes when all organizations commit to the same goal. By proactively managing asset lifecycles and removing end-of-support technology, we can collectively strengthen resilience and protect the global digital ecosystem,” Andersen noted.

What Are CISA’s Recent Directives & Actions?

CISA has taken several recent actions to address urgent cyber risks across federal networks. The agency previously issued an emergency directive requiring agencies to identify and update at-risk F5 virtual and physical devices and software. CISA has also released a directive related to vulnerabilities in Cisco Adaptive Security Appliance and Firepower devices, citing exploitation concerns and required mitigation steps.

In January, CISA announced the retirement of 10 older emergency directives, noting that the required actions had been completed or incorporated into broader federal vulnerability management requirements under Binding Operational Directive 22-01.

//
Pentagon Issues Guidance on Vendor Threat Mitigation
Published on
Pentagon. The War Department issued new guidance establishing procedures for mitigating vendor threats.

The Department of War has issued new guidance establishing procedures for identifying, assessing and mitigating threats posed by vendors supporting U.S. military operations.

According to DOW, Under Secretary of War for Acquisition and Sustainment Michael Duffey, a 2026 Wash100 awardee, approved the guidance on vendor threat mitigation, or VTM, which took effect Monday.

What Is the Purpose of the Vendor Threat Mitigation Guidance?

The VTM guidance establishes standardized procedures across the department to vet commercial suppliers and manage risks linked to foreign adversaries, criminal networks and extremist organizations that may exploit vendor relationships with DOW.

The guidance directs DOW officials to establish and maintain programs that evaluate the threat profile of vendors engaging in covered activities with the department.

The instruction requires combatant commands other DOW components to protect U.S., allied and partner personnel, equipment and installations from espionage, sabotage and other security threats arising from compromised vendor support and promote cross-functional coordination among contracting, intelligence, security, legal and mission assurance communities to support informed decision-making.

The guidance also aligns with existing risk-management processes, including referral of certain assessments to the Defense Counterintelligence and Security Agency and the DOW Supply Chain Risk Management Threat Analysis Center.

What Are the Responsibilities of DOW Officials Under the VTM Guidance?

The instruction assigns leadership roles and responsibilities to senior DOW officials to implement and oversee the VTM framework.

Under the guidance, the deputy assistant secretary of war for logistics should develop policy and oversee the implementation of VTM capabilities; validate VTM requirements; support information sharing and workforce training efforts; and co-chair the VTM Executive Council and subordinate working groups, among other responsibilities.

The guidance tasks the principal director for defense pricing, contracting and acquisition policy, or DPCAP, with coordinating updates to acquisition regulations and issuing contracting guidance to support VTM implementation.

The principal director, DPCAP, should also address acquisition data gaps by supporting systems to house vendor information and help ensure that contract clauses, procurement guidance and acquisition workforce training support execution of VTM programs.

/
Army CIO Issues Interim Cybersecurity Guidance for Small UAS Operations
Published on
Army CIO Leonel Garciga. Leonel Garciga issued an interim cybersecurity guidance for small unmanned aircraft systems.

U.S. Army Chief Information Officer Leonel Garciga has issued interim cybersecurity guidance governing the operation and network connectivity of small unmanned aircraft systems, or sUAS, across the service.

Army CIO Issues Interim Cybersecurity Guidance for Small UAS Operations

The Potomac Officers Club’s 2026 Army Summit on June 18 will highlight how the Army’s transformation efforts are reshaping modernization and contracting priorities, providing industry leaders with insight into the service’s path toward its 2030 goals. Save your seat now!

What Is the Purpose of the Cybersecurity Guidance?

According to the memo issued Feb. 5, the policy establishes interim requirements for operating small UAS, defined as Group 1 and Group 2 systems weighing 55 pounds or less. The guidance is intended to establish new protocols for rapid procurement and fielding of drones while protecting the Department of War Information Network, or DoWIN, from cybersecurity threats.

What Are the Key Cybersecurity Rules?

Under the guidance, O-6 level commanders authorized to procure, test or train with sUAS must follow Army cybersecurity requirements governing network connectivity. Small UAS may not connect to DoWIN without both an authorization to operate and authority to connect. Systems operating in closed-loop or standalone configurations that do not interface with Army networks are exempt from formal authorization, provided other requirements are met.

Platforms on the Defense Innovation Unit and Defense Contract Management Agency Blue UAS Select list receive type-based authorization but still require approval to connect, while all other systems must complete the assess-and-authorize process through the Enterprise Mission Assurance Support Service, or eMASS.

What Systems & Organizations Are Covered by the Guidance?

The Army CIO, acting on behalf of the secretary of the Army, is responsible for setting policy, allocating resources and providing oversight for the Army Cybersecurity Program in accordance with Army Regulation, or AR, 25-2, titled Information Management: Army Cybersecurity, including issuing policy memoranda as needed to clarify or expand existing guidance. The policy applies across all headquarters, Department of the Army elements, Army commands, Army service component commands, direct reporting units and reserve components, regardless of duty status, but excludes small UAS used for intelligence gathering.

/
GAO Recommends Budget Certification Authority for Pentagon R&E Office
Published on
GAO logo. A GAO report says OUSD(R&E) needs stronger authority to oversee tech investments.

The Government Accountability Office is urging Congress to consider giving the Pentagon’s research and engineering office formal budget certification authority, arguing the change is needed to strengthen oversight of the Department of War’s technology investments and improve alignment across the military departments.

In a report published Thursday, GAO said the Office of the Under Secretary of Defense for Research and Engineering is generally executing its statutory roles—such as issuing the 2023 National Defense Science and Technology Strategy—but faces limitations in managing service-led science and technology efforts and in ensuring those investments align with DOW-wide priorities.

Why Does GAO Want Congress to Expand OUSD(R&E)’s Authority?

According to the watchdog, OUSD(R&E) is constrained in its ability to influence military department research, development, test and evaluation budgets. Officials noted that they often receive only top-line data and are given insufficient time to review detailed department submissions during the annual budget cycle

GAO framed the authority as a mechanism to require earlier and more complete budget submissions for review and to improve visibility into whether service budgets support DOW-wide technology priorities.

However, GAO said the Departments of the Army, Air Force and Navy disagreed with the idea. In its written comments, the DOW raised concerns that the added certification step could delay budget approval, reduce autonomy and increase workload.

What Issues Did GAO Flag in DOW’s Technology Planning and Road Maps?

GAO said the services’ science and technology strategies vary in how current they are and how closely they align with DOW’s S&T strategy, creating a risk that the military departments pursue technologies that do not match DOW’s vision.

The report also said OUSD(R&E) has not issued guidance for developing critical technology area roadmaps. GAO highlighted that without such oversight, road maps provide inconsistent details on infrastructure and the industrial base, undermining their utility for leaders tasked with guiding national investments.

GAO noted that OUSD(R&E) relies heavily on information from the military departments; however, officials estimated the office’s data collection efforts capture only about 70 percent to 80 percent of ongoing technology development projects, limiting oversight and coordination.

What Does GAO Want DOW to Do Next?

GAO made three recommendations to DOW, including directing each military department to develop S&T strategies that align with the National Defense S&T Strategy to the maximum extent practicable, issuing guidance for critical technology area roadmaps and providing guidance on the level of investment needed in each critical technology area to support road map alignment. DOW agreed with those recommendations.

The report comes as DOW’s fiscal year 2026 budget request includes nearly $180 billion for technology management and enhancement.

/
NIST Releases Concept Paper on AI Agent Identity, Authorization Controls
Published on
Artificial intelligence. NIST is soliciting feedback on the application of identity standards for AI agents.

The National Institute of Standards and Technology’s National Cybersecurity Center of Excellence is seeking public input on a new concept paper focused on how identity standards and access control practices should apply to software and artificial intelligence agents.

NIST’s National Cybersecurity Center of Excellence said Thursday the concept paper, titled “Accelerating the Adoption of Software and Artificial Intelligence Agent Identity and Authorization,” outlines a potential NCCoE project aimed at demonstrating how organizations can securely identify and authorize AI agents used to automate tasks across systems and data environments. Public comments will be accepted through April 2.

NIST Releases Concept Paper on AI Agent Identity, Authorization Controls

The Potomac Officers Club’s 2026 Artificial Intelligence Summit on March 18 convenes government and industry practitioners to explore how AI, machine learning and automation are reshaping federal operations. Discussions will focus on real-world implementation, mission-driven use cases and the challenges of deploying AI at scale across complex, security-focused environments. Register now.

Why Is NIST Looking at Identity and Authorization for AI Agents?

NIST said AI agents can autonomously perform tasks using data, algorithms and access to enterprise tools, creating opportunities for improved productivity and decision-making. However, the agency warned that expanding agent access to datasets and applications introduces risks that require stronger identification and authorization controls.

The concept paper emphasizes that organizations will need to apply identity standards and best practices to mitigate threats tied to AI agents operating with broad system privileges.

What Would the NCCoE Project Cover?

NIST said the potential project would focus on applying existing identity and access management standards to agentic architectures that use tools and context dynamically to take actions.

The agency noted the effort would not address all AI system architectures. The concept paper states that retrieval-augmented generation and large-language-model-only implementations are out of scope.

NIST said it is seeking input on use cases, technical challenges and existing standards that could guide secure agent identity and access management. Other areas of interest include AI agent auditing, non-repudiation and controls to mitigate prompt injection attacks.

What Standards Could Shape AI Agent Identity Controls?

The concept paper highlights multiple existing standards and frameworks that could inform the project, including OAuth, OpenID Connect, System for Cross-domain Identity Management, Secure Production Identity Framework for Everyone and SPIFFE Runtime Environment, and Next Generation Access Control.

NIST cited existing guidance, such as Special Publication 800-207, Zero Trust Architecture, and SP 800-63-4, Digital Identity Guidelines, as potential reference points.

1 18 19 20 21 22 2,696