//
Executive Order Establishes US Arms Transfer Strategy
Published on
White House. President Trump signed an executive order establishing the America First Arms Transfer Strategy.

President Donald Trump has signed an executive order to establish and implement a strategy designed to ensure that future arms sales prioritize U.S. interests by using foreign purchases and capital to build U.S production and capacity and strengthen the U.S. defense industrial base.

What Are the Objectives of the America First Arms Transfer Strategy?

According to a White House fact sheet published Friday, the America First Arms Transfer Strategy aims to use U.S. arms transfers as a mechanism to bolster foreign policy and the domestic defense industrial base. 

The strategy seeks to expand production capacity for weapons systems most relevant to the National Security Strategy; support domestic reindustrialization and improve the resilience of the U.S. defense industrial base; prioritize transfers to allies and partners that invest in their own defense capabilities and hold strategic geographic importance; and strengthen critical supply chains.

What Are the EO’s Directives to Federal Leaders?

The executive order directs senior federal officials to implement the America First Arms Transfer Strategy through coordinated planning and oversight across key departments. 

Under the EO, the secretaries of war, state and commerce must create a sales catalog of prioritized systems and platforms that support the strategy’s goals; improve advocacy efforts for U.S. arms transfers in line with the strategy’s objectives; publish quarterly performance metrics on defense sales case execution; and identify efficiencies in the enhanced end use monitoring criteria, congressional notification process and the third-party transfer process.

The order also calls for the establishment of the Promoting American Military Sales Task Force, to be chaired by the assistant to the president for national security affairs, to oversee implementation and report quarterly on progress and performance metrics. 

In November, War Secretary Pete Hegseth, a 2026 Wash100 awardee, issued new guidance aimed at unifying its arms transfer and security cooperation enterprise to strengthen burden-sharing with allies and partners and enhance the U.S. defense industrial base.

//
Marine Corps Expedites Training, Fielding of Organic Counter-sUAS Dismounted Systems
Published on
The U.S. Marine Corps seal. USMC conducted the simultaneous training and fielding of its O-CsUAS dismounted equipment.

The U.S. Marine Corps has conducted simultaneous training and fielding of its Organic-Counter Small Unmanned Aircraft Systems, or O-CsUAS, dismounted equipment across the service to accelerate delivery of counter-drone capability to operational units.

Marine Corps Expedites Training, Fielding of Organic Counter-sUAS Dismounted Systems

As the Marine Corps continues to accelerate modernization efforts across the force, defense leaders and industry partners are closely tracking how the services are adapting to emerging operational demands. Secure your spot at the Potomac Officers Club’s 2026 Navy Summit on Aug. 27, and join government and industry stakeholders for a full day of discussion and networking.

USMC said Friday the effort is intended to shorten the timeline between production and operational use to a few months.

Program Manager Ground Based Air Defense, or PM GBAD, is executing the accelerated approach, with New Equipment Training currently being recorded at Marine Corps Base Quantico in Virginia.

What Is the O-CsUAS Capability?

The O-CsUAS dismounted equipment provides man-portable capability to detect, track and counter Groups 1 and 2 drones using kinetic and non-kinetic effects.

The service described the system as a short-range, self-defense capability designed for small units. The effectors can be integrated with the M4 rifle, enabling Marines to detect threats and receive targeting cues.

The Marine Corps said the dismounted counter-UAS kits are intended to mitigate vulnerabilities associated with the proliferation of low-cost drones while improving force protection and operational readiness.

What Did USMC Personnel Say About O-CsUAS Deployment?

Dana Rodgers, product manager for O-CsUAS within PM GBAD, said the effort reflects the urgency of delivering counter-drone tools in response to current operational threats and is designed to ensure the acquisition process remains agile in support of deployed Marines. 

“The expedited fielding and concurrent release of virtual training offers Marines immediate training, and continued access to the training materials to maintain familiarity with the systems. Marines will be more lethal and better protected from sUAS the moment equipment is fielded,” Rodgers added.

Lance Cpl. Bryen Martinez with the Marine Corps Base Quantico Security Battalion said the simultaneous fielding and training approach represents a shift in how the service introduces new capabilities.

“We have entered a more advanced, modern-day war. This equipment, and the ability to continuously learn on it, will help Marines employ the system’s lethality, giving us a higher survivability rate,” he noted.

What Are the Other Marine Corps Counter-UAS Initiatives?

The USMC’s simultaneous fielding and training of O-CsUAS dismounted equipment builds on a series of recent counter-UAS initiatives aimed at accelerating force readiness. 

In April 2025, the service first announced plans to field dismounted counter-sUAS capabilities across the Marine Air-Ground Task Force. The effort expanded in September, when the Marine Corps selected first-person-view unmanned aerial vehicles from four companies to advance to the next phase of the Defense Innovation Unit’s Project G.I.

Most recently, the service launched a training and certification program designed to rapidly expand the number of qualified operators for small attack drones.

///
MITRE Study Finds Acquisition Security Rules Slowing Defense Procurement Timelines
Published on
MITRE’s FAST Study warns that outdated acquisition security processes are slowing defense procurement.

A new MITRE study concludes that the Department of War’s acquisition reforms aimed at accelerating fielding timelines could be undermined by industrial security processes that have not kept pace with modern program execution or the push to expand the defense industrial base.

The Fast-tracking Acquisition Security Transformation study, which MITRE released Friday, found that acquisition security-related delays are increasing the cost and schedule burden for companies supporting classified and sensitive programs, particularly small businesses and nontraditional contractors that cannot absorb lengthy clearance and compliance timelines.

How Was the FAST Study Conducted?

MITRE said the study was funded by the Office of the Under Secretary of War for Intelligence and Security and focused on how security requirements affect the defense industrial base’s ability to support accelerated acquisition.

Between July and November 2025, MITRE researchers collected data representing 6,734 security professionals across 105 organizations through interviews, questionnaires and focus groups. The findings were then analyzed to identify systemic challenges and quantify impacts on time, cost and workforce hours.

Why Does MITRE Say Current Security Practices Are Misaligned?

The report argues that the National Industrial Security Program’s structure has remained largely intact since its establishment in 1993, even though the environment surrounding defense acquisition has changed significantly.

MITRE said today’s programs depend on distributed digital systems that generate and transmit sensitive information across networks, while many security processes still rely on a legacy mindset where data remains static, analog and confined to fixed locations.

The study also found that many delays are not driven by missing authorities but by inconsistent application of existing requirements across the system.

What Security Bottlenecks Did MITRE Identify?

MITRE identified 74 acquisition security challenges spanning five areas: entity eligibility and access, foreign ownership, control or influence; safeguarding of sensitive and classified information; cybersecurity; and the integration of security into acquisition and contracting workflows.

One of the most significant schedule impacts highlighted in the report involves foreign ownership reviews. MITRE said the process for addressing FOCI issues can routinely extend beyond 40 weeks, creating barriers for companies attempting to enter or expand within classified defense work.

The study also identified delays due to the absence of DD Form 254 at the solicitation stage. DD-254 is the primary form to justify a company’s need for classified access on government work and to sponsor an entity clearance determination. MITRE said providing the form late in the acquisition cycle forces program teams and contractors to make teaming and design decisions without complete security direction.

Why Do Security Timelines Matter for Small Business Participation?

MITRE said the department’s strategy to rely more heavily on small businesses and nontraditional defense contractors increases the urgency of reducing security-related delays, as newer entrants often lack the resources to navigate long, unpredictable processes.

The report also noted that the upcoming implementation of the National Defense Authorization Act Section 847 could further stress the system. Under Section 847, DOW contractors and subcontractors with contracts exceeding $5 million must undergo periodic assessments of their FOCI disclosure compliance. They are also subject to a re-assessment whenever a changed condition is reported to ensure continued eligibility.

What Reforms Did MITRE Recommend?

MITRE said it identified 155 recommended government actions intended to streamline the way existing security rules are implemented, including measures focused on automation, clarity and standardization.

The report recommended moving away from “facility clearance” terminology in favor of an “entity clearance” model that distinguishes between eligibility and access.

MITRE’s findings emphasize that modernizing the National Industrial Security System Increment II and TurboFCL tools is essential to providing the visibility needed to streamline industrial security. Beyond tooling, the report recommends adopting an integrated cybersecurity enterprise approach and including security requirements in the pre-award phase.

//
Treasury Seeks Public Input on CFIUS Known Investor Program, Review Streamlining
Published on
Treasury Department. An RFI was issued on the CFIUS Known Investor Program and ways to streamline foreign investment reviews.

The U.S. Department of the Treasury, which chairs the Committee on Foreign Investment in the United States, or CFIUS, has released a request for information seeking public feedback on the CFIUS Known Investor Program and potential ways to improve the efficiency of the foreign investment review process without compromising national security oversight.

The RFI asks industry stakeholders, foreign investors, legal experts and other interested parties to comment on how the Known Investor Program could function, including eligibility requirements, information submissions and anticipated benefits, the Treasury Department said Friday.

“As Chair of CFIUS, Treasury is leading efforts to improve process efficiencies while ensuring that CFIUS continues to fulfill its core mission of identifying and addressing national security risks that can accompany foreign investment,” said Secretary of the Treasury Scott Bessent.

Treasury is also requesting input on broader opportunities to streamline CFIUS procedures, such as reviews of non-notified transactions and ongoing mitigation compliance. Public comments on the RFI are due March 18.

What Is the CFIUS Known Investor Program?

First introduced in May 2025, the Known Investor Program would allow participating foreign investors to voluntarily submit background information outside of individual transaction filings. Treasury said the approach could help CFIUS develop greater familiarity with repeat investors, reduce duplicative data requests and allow the committee to focus resources more effectively.

Treasury emphasized that any process improvements would not alter CFIUS’s statutory authorities or lower its standards for identifying and addressing national security risks associated with foreign investment in the United States.

How Does the RFI Align With White House Investment Policy?

Treasury’s RFI closely aligns with the White House’s America First Investment Policy national security presidential memorandum, signed in February 2025, which calls for promoting foreign investment from trusted partners while strengthening safeguards against national security threats. The memorandum directs federal agencies to facilitate low-risk and passive investments from allied nations and to improve the efficiency and predictability of the foreign investment review process without weakening oversight. 

By seeking public input on the CFIUS Known Investor Program and potential process streamlining, Treasury is advancing those objectives by exploring ways to differentiate between trusted, repeat investors and higher-risk transactions, allowing CFIUS to focus its resources on investments that may pose greater national security concerns.

/
NASA Downselects STRIVE, EDGE Missions for Earth System Explorers Program
Published on
View of the Earth from orbit. NASA has announced the downselection of two missions for its Earth System Explorers Program.

NASA said Thursday that it has selected two missions for continued development under the Earth System Explorers, or ESE, program, which seeks to enable high-quality Earth system science investigations in line with recommendations from the National Academies of Sciences, Engineering and Medicine 2017 Decadal Survey for Earth Science and Applications from Space.

The chosen projects are the Stratosphere Troposphere Response using Infrared Vertically-resolved light Explorer, or STRIVE, mission and the Earth Dynamics Geodetic Explorer, or EDGE, mission.

What Is the STRIVE Mission?

Led by Lyatt Jaegle of the University of Washington in Seattle, STRIVE seeks to take measurements of the temperature, aerosol properties and various atmospheric elements from the upper troposphere to the mesosphere. Unlike previous missions, STRIVE seeks to take these measurements at a much higher spatial density. High-resolution and near-global readings are to be provided on a daily basis.

STRIVE also aims to support the understanding of how the ozone layer is recovering. To achieve this, the mission will work to measure vertical profiles of ozone and trace gasses.

What Is the EDGE Mission?

Led by Helen Amanda Fricker of the University of California San Diego, EDGE aims to advance the measurements being recorded by NASA’s Ice, Cloud, and land Elevation Satellite 2 and the Global Ecosystem Dynamics Investigation mission. EDGE will work to make observations of the surface topography of glaciers, ice sheets and sea ice as well as the three-dimensional structure of terrestrial ecosystems.

How Were the ESE Program Missions Selected?

The selection process for the Earth System Explorers Program began with the choosing of four proposals in May 2024 following the issuance of the program’s final announcement of opportunity a year earlier. Each proposal was to receive $5 million for a one-year concept study, after which NASA would choose two to go forward.

STRIVE and EDGE are now set to undergo a confirmation review in 2027 to assess mission progress and funding availability. If confirmed, the missions will launch no sooner than 2030.

Minus the launch itself, each mission is expected to cost $355 million at most.

//
New Memo Seeks to Bolster CIO Role in Gov’t Agency Tech Acquisition
Published on
Federal CIO Gregory Barbaccia. The Wash100 Award winner has issued a memo outlining his priorities for 2026.

Federal Chief Information Officer and Wash100 Award winner Gregory Barbaccia has issued a memo to government agency CIOs outlining his priorities for 2026, Federal News Network reported Friday. Among the dozen priorities discussed in the memo — which FNN had obtained — are those that appear to bolster the ability of CIOs to oversee the manner in which their respective agencies acquire technologies.

How Does the Memo Strengthen the CIO’s Role in Technology Acquisition?

In one part of the memo, Barbaccia flags the practice by some agencies of incorporating into solicitations requirements of dubious relevance, saying such requirements “inadvertently, or intentionally, box out new entrants.” To the agency CIOs, he said, “Please share with your contracting counterparts that they could expect a call from me requiring clarification about how an eligibility requirement directly and specifically impacts the potential success of a project.”

Elsewhere in the memo, Barbaccia expressed his intent to foster a deeper engagement with technology vendors by, among other things, advocating for common agency challenges and aligning industry support to where it is most needed via the establishment of a unified government CIO perspective.

The federal CIO also called for regular meetings with leaders of technology suppliers and expressed his support for changes to procurement practices and regulations governing small businesses aiming for government IT contracts.

Government IT Leadership and Acquisition Priorities

The memo is the latest of Barbaccia’s pronouncements concerning government IT leadership and acquisition priorities. In May last year, the federal CIO sent out an email outlining 16 operating principles for IT leaders of government agencies. In that email, Barbaccia called on government CIOs to build trust, exercise good judgment when performing their duties and own the outcome of their decisions.

“This is not a typical government shop. We are here to fix what’s broken and build what’s missing,” Barbaccia said regarding the role of being CIO in a government agency.

Harmonizing with that statement, Barbaccia announced in June via email that he would prefer to speak with organizations that offer solutions rather than those that “define problems” — particularly research, advisory and strategy consulting companies. Barbaccia also advised government CIOs to cancel meetings with strategy firms or ask for a summary of solutions or deliverables they offer.

/
Top US Federal AI Officials: A Comprehensive List (Part 2)
Published on
Federal AI. Check out the top AI officials in the federal government in part 2 of our ongoing series.
  • Federal chief AI officers are developing and implementing strategies to help agencies use AI to better serve the public
  • These professionals are redefining government service in realms including business, labor, international diplomacy and trade
  • Hear directly from top federal chief AI officers like these at the 2026 Artificial Intelligence Summit on March 18!

 

Federal chief artificial intelligence officers are the nation’s top technology professionals. They’re developing and implementing intricate strategies to help agencies use AI to better serve the public in realms including business, national security, equal employment and trade.

From the Department of War to the National Archives and Records Administration and the Department of the Interior, these technology professionals are redefining federal success. They’re implementing programs to help agencies better work with proprietary technology and leverage cutting-edge technologies in industries like financial technology to provide improved services more efficiently and effectively.

Evaluate the latest business opportunities in federal AI at the Potomac Officers Club’s 2026 Artificial Intelligence Summit on March 18! Hear directly from Cameron Stanley, the Department of War’s chief digital and AI officer, during his illuminating keynote address. Get your burning questions answered by Stanley during his Q&A session. Secure your seat today for this highly anticipated GovCon event!

Why Should GovCons Care About Chief AI Officers?

These top technology professionals matter because they’re helping the government leverage technology that is revolutionizing productivity. This transformative technology will support and enhance how the federal government provides services for years to come.

Discover the backgrounds of these leading federal AI officers and how they’re redefining technology success in government.

Note: This is the second part of a regular series. We’ll share further profiles over the next few months and will link to them here.

Who Are the Top AI Officers in Government?

 

Top US Federal AI Officials: A Comprehensive List (Part 2)

Cameron Stanley

Chief Digital and AI Officer, Department of War

Cameron Stanley is taking over at the DOW to lead a realignment as the department leans heavily into AI. This isn’t his first stint at the Pentagon as Stanley served as chief data officer for the under secretary of war for intelligence and security from 2022 to 2024.

In a video recorded for Executive Mosaic at a 4×24 Leadership Program dinner in January, Stanley discussed how the DOW is soliciting not only innovative services and products, but also novel methods to deliver and execute technology faster than ever as AI use speeds up in defense missions.

 

Top US Federal AI Officials: A Comprehensive List (Part 2)

Brian Epley

Chief Information Officer, Department of Commerce

Brian Epley is a veteran AI officer with significant federal experience. He became the Department of Commerce’s CIO in 2024 after spending two years as the principal deputy CIO at the Department of Energy from 2022 to 2024. Epley was critical to helping the DOE CIO’s office define its strategy for cybersecurity, AI modernization and data use.

Epley also spent six years at the Environmental Protection Agency as deputy CIO and the IT operations director.

 

Top US Federal AI Officials: A Comprehensive List (Part 2)

Amy Ritualo

Acting Chief Data and AI Officer, Department of State

Amy Ritualo has had an extensive federal career, including stops at the Department of Agriculture, Department of Homeland Security and Citizenship and Immigration Services, before she joined the State Department in 2022. She isn’t new to AI though, as she became the State Department’s deputy chief data and AI officer in 2024 before becoming the acting CDAO in January 2025.

Ritualo is leading a department effort to better utilize AI with its proprietary information such as diplomatic cables. She told FedScoop in a March 2025 interview that the State Department in 2023 produced about 6,300 diplomatic cables per day and that the department is focusing on bringing that data to diplomats across around the world.

“GenerativeAI and public tools aren’t that helpful until you can really bring together our proprietary information,” she said. “We’re focused on things like data quality, data access and data sharing, really making sure we have tight permissioning and role-based access to the data that the State Dept generates.”

 

Top US Federal AI Officials: A Comprehensive List (Part 2)

Brian Peltier

Deputy CIO, Social Security Administration

Brian Peltier has spent over 21 years at the Social Security Administration as an IT professional, rising up the ranks to deputy CIO, which he started in May 2024. Here he strategizes on how to best implement AI applications into SSA work.

Peltier told NextGov in an October 2024 interview that the SSA has been using AI for 20 years. The difference now is that much of the recent growth in AI has been around GenAI. The SSA, he said at the time, had not experimented much with GenAI, but was evaluating options to work more with the technology.

 

Are you an AI professional? Then you can’t afford to miss the Potomac Officers Club’s 2026 Artificial Intelligence Summit on March 18—it’s specifically curated for you. Join the conversation during essential panel discussions on integrating AI into legacy federal systems and automating government with AI. Meet and mingle with other GovCon titans and spark new collaborations. Secure your seat now for this essential GovCon conference!

Top US Federal AI Officials: A Comprehensive List (Part 2)

Mark Gray

Chief Information and Chief Data Officer, Federal Trade Commission

Mark Gray is no stranger to tackling the toughest technology challenges in government. He joined the FTC after a 20-plus year career in the Army, where he served in senior roles in logistics, healthcare and IT.

Gray helmed modernization programs for the services’ financial information systems while also supervising large-scale IT changes. An expert in essential government technologies including cybersecurity, data strategy and digital modernization, Gray has expanded his skillset to AI governance and ethical AI implementation.

 

Top US Federal AI Officials: A Comprehensive List (Part 2)

Hartley Caldwell

CIO, Small Business Administration

Hartley Caldwell may be new to government, but he’s not new to technology. Before becoming the Small Business Administration’s CIO, Caldwell spent four years at Fiserv in a variety of CIO positions, including global banking, senior vice president for digital banking and SVP for company credit union solutions.

Caldwell is leading technology strategy at the SBA. He’s developing and optimizing experiences to improve small business engagement and collaborating with cross-functional teams to align technology with SBA outcomes and goals, according to his LinkedIn page.

 

Top US Federal AI Officials: A Comprehensive List (Part 2)

Gulam Shakir

Acting CIO, National Archives and Records Administration

Gulam Shakir is diving deep into AI at the National Archives and Records Administration. He’s leading an AI pilot to improve the search function within the NARA’s catalog.

Shakir is investigating using AI to recognize personally-identifiable information within NARA files before releasing them to the public. He’s also developing an AI-assisted first transcription of descriptive metadata for the NARA’s files.

Shakir joined NARA in 2016 after stops at PreciseTarget DataXu and JingleNetworks.

 

Top US Federal AI Officials: A Comprehensive List (Part 2)

Mangala Kuppa

Acting CIO, Department of Labor

Mangala Kuppa is leveraging previous AI work at the Department of Labor to help it become a federal leader in the technology. She told FedScoop in June 2024 that earlier DOL efforts modernized internal and customer-oriented operations as part of an effort to implement AI.

The DOL has an internal shared services program that identifies the agency’s CIO office to be the shared services provider for all DOL IT capabilities. This, she said, has helped the department categorize all technologies and systems and better target legacy opportunities or systems that could use improvement with AI.

Kuppa started at the DOL in 2020 as a case management director. She previously spent 10 years at the Bureau of Labor Statistics.

 

Top US Federal AI Officials: A Comprehensive List (Part 2)

Sivaram Ghorakavi

Deputy CIO and Chief AI Officer, Equal Employment Opportunity Commission

Sivaram Ghorakavi is a longtime technology expert with both private and public sector experience. He became CIO at the Equal Employment Opportunity Commission in August after previously serving as deputy CIO and CAIO, and chief technology officer.

As EEOC CTO, Ghorakavi developed and integrated a long term technology strategy, evaluated potential solutions and advocated for technology best practices that maximized the efficiency and effectiveness of the EEOC and its stakeholders.

He spent almost 10 years at the National Labor Relations Board in a variety of technology-focused positions. Ghorakavi also served as the senior level IT portfolio manager at the Patent and Trademark Office from 2015 to 2017.

 

Top US Federal AI Officials: A Comprehensive List (Part 2)

Thomas “Tod” Dabolt

CIO, Department of the Interior

Tod Dabolt leads comprehensive data management, AI and evidence programs at the Department of Interior. He previously spent 10 years as the department’s chief data officer, where he created a robust data governance framework, enhancing data compliance and integrity.

Prior to joining the DOI in 2016, Dabolt spent nearly 20 years at the EPA, including 10 years as a director in the office of water.

 

Top US Federal AI Officials: A Comprehensive List (Part 2)
//
Mitch Nikolich, James Gosler Join DOW Science, Technology & Innovation Board
Published on
Mitch Nikolich and James Gosler. The Johns Hopkins APL national security experts joined the DOW STIB.

Milan “Mitch” Nikolich and James Gosler, national security experts from the Johns Hopkins Applied Physics Laboratory, have joined the Department of War’s Science, Technology and Innovation Board, or STIB.

APL said Thursday Nikolich will serve as the STIB’s inaugural chair and Gosler will sit on the board as a member.

APL Director Dave Van Wie said Nikolich and Gosler’s expertise will support the new board’s mission to connect technical researchers and industry partners and help national leaders maintain U.S. leadership in critical technologies.

What Is the DOW STIB?

The STIB is a new advisory panel established by Emil Michael, under secretary of war for research and engineering and a 2026 Wash100 awardee. The STIB consolidates the former Defense Science Board and Defense Innovation Board into a single entity to provide faster scientific and technical assessments and accelerate the delivery of capabilities to warfighters. It will operate with the Subcommittee on Strategic Options and the Subcommittee on National Security Innovation. 

According to APL, the STIB includes 18 science and technology experts from industry, government and the research community.

The STIB is awaiting formal establishment through publication in the Federal Register.

Who Is Mitch Nikolich?

Nikolich is a senior researcher within APL’s National Security Analysis Department. He previously served as director of defense research and engineering for research and technology from 2018 to 2020.

He has held senior roles at several firms, including SAIC, CACI and National Security Research. He also served in the physics division at Los Alamos National Laboratory.

His career includes contributions to the Strategic Defense Initiative, the department’s Countering Weapons of Mass Destruction program and nuclear weapons modernization efforts.

Who Is James Gosler?

Gosler is a senior fellow at APL and has more than five decades of technical leadership experience in national security, cybersecurity, counterterrorism and nuclear weapon security.

He spent more than 30 years at Sandia National Laboratories, where he founded and led the Vulnerability Assessments Program and became Sandia’s sixth fellow.

The U.S. Navy veteran was the first director of the CIA’s Clandestine Information Technology Office. He is also a former member of the Defense Science Board, the National Security Agency Advisory Board and the Naval Studies Board.

//
CISA Directive Seeks to Address Security Risks From Unsupported Edge Devices
Published on
Cybersecurity and Infrastructure Security Agency logo. CISA issued a directive to help strengthen edge device security.

The Cybersecurity and Infrastructure Security Agency has introduced a new directive requiring federal civilian executive branch, or FCEB, agencies to strengthen security controls for edge devices by removing unsupported hardware and software from federal networks.

CISA Directive Seeks to Address Security Risks From Unsupported Edge Devices

CISA’s new directive highlights the continued focus on strengthening cybersecurity across government networks. As agencies and industry stakeholders track evolving requirements and threat-driven priorities, the Potomac Officers Club’s 2026 Cyber Summit will bring together leaders from across the federal cyber community. Register now to save your seat at this May 21 event!

CISA said Thursday the directive—Binding Operational Directive 26-02, Mitigating Risk From End-of-Support Edge Devices—is intended to reduce technical debt and limit the risk of cyber compromise associated with devices that no longer receive vendor security updates.

What Are the Required Actions Under the CISA Edge Device Security Directive?

CISA outlined several mandatory steps agencies must take under the directive, including updating vendor-supported edge devices running end-of-support software to a vendor-supported version and conducting an inventory of all devices to identify those that are end-of-support. Agencies must also report inventory findings to CISA.

The directive also requires agencies to remove all end-of-support edge devices from agency networks and replace them as needed with vendor-supported devices that can receive security updates. Agencies must develop a mature lifecycle management process for continuous discovery of edge devices and maintain an inventory of those that are or will become end-of-support.

What Did CISA Leadership Say About Edge Device Security?

CISA Acting Director Madhu Gottumukkala said unsupported edge devices should not remain on enterprise networks due to the risk they pose to federal systems.

“When the threat landscape demands decisive action, CISA will direct FCEB agencies to strengthen cyber resilience and build a stronger, safer digital infrastructure for America’s future. CISA strongly encourages non-federal organizations to adopt similar actions to strengthen the security of their edge devices,” added Gottumukkala.

Nick Andersen, executive assistant director for cybersecurity at CISA, said removing unsupported edge devices is a key part of maintaining cyber hygiene and reducing risk across government systems.

“Driving timely risk reduction across the federal enterprise is critical, but true impact comes when all organizations commit to the same goal. By proactively managing asset lifecycles and removing end-of-support technology, we can collectively strengthen resilience and protect the global digital ecosystem,” Andersen noted.

What Are CISA’s Recent Directives & Actions?

CISA has taken several recent actions to address urgent cyber risks across federal networks. The agency previously issued an emergency directive requiring agencies to identify and update at-risk F5 virtual and physical devices and software. CISA has also released a directive related to vulnerabilities in Cisco Adaptive Security Appliance and Firepower devices, citing exploitation concerns and required mitigation steps.

In January, CISA announced the retirement of 10 older emergency directives, noting that the required actions had been completed or incorporated into broader federal vulnerability management requirements under Binding Operational Directive 22-01.

//
Pentagon Issues Guidance on Vendor Threat Mitigation
Published on
Pentagon. The War Department issued new guidance establishing procedures for mitigating vendor threats.

The Department of War has issued new guidance establishing procedures for identifying, assessing and mitigating threats posed by vendors supporting U.S. military operations.

According to DOW, Under Secretary of War for Acquisition and Sustainment Michael Duffey, a 2026 Wash100 awardee, approved the guidance on vendor threat mitigation, or VTM, which took effect Monday.

What Is the Purpose of the Vendor Threat Mitigation Guidance?

The VTM guidance establishes standardized procedures across the department to vet commercial suppliers and manage risks linked to foreign adversaries, criminal networks and extremist organizations that may exploit vendor relationships with DOW.

The guidance directs DOW officials to establish and maintain programs that evaluate the threat profile of vendors engaging in covered activities with the department.

The instruction requires combatant commands other DOW components to protect U.S., allied and partner personnel, equipment and installations from espionage, sabotage and other security threats arising from compromised vendor support and promote cross-functional coordination among contracting, intelligence, security, legal and mission assurance communities to support informed decision-making.

The guidance also aligns with existing risk-management processes, including referral of certain assessments to the Defense Counterintelligence and Security Agency and the DOW Supply Chain Risk Management Threat Analysis Center.

What Are the Responsibilities of DOW Officials Under the VTM Guidance?

The instruction assigns leadership roles and responsibilities to senior DOW officials to implement and oversee the VTM framework.

Under the guidance, the deputy assistant secretary of war for logistics should develop policy and oversee the implementation of VTM capabilities; validate VTM requirements; support information sharing and workforce training efforts; and co-chair the VTM Executive Council and subordinate working groups, among other responsibilities.

The guidance tasks the principal director for defense pricing, contracting and acquisition policy, or DPCAP, with coordinating updates to acquisition regulations and issuing contracting guidance to support VTM implementation.

The principal director, DPCAP, should also address acquisition data gaps by supporting systems to house vendor information and help ensure that contract clauses, procurement guidance and acquisition workforce training support execution of VTM programs.

1 24 25 26 27 28 2,703