//
NSA Releases Guidance to Mitigate UEFI Secure Boot Vulnerabilities
Published on
The National Security Agency's logo. NSA issued a new Cybersecurity Information Sheet

The National Security Agency has issued a Cybersecurity Information Sheet detailing how organizations can address configuration challenges associated with Unified Extensible Firmware Interface—a.k.a. UEFI—Secure Boot.

The agency said Thursday that the guidance provides system owners with instructions on how to verify Secure Boot settings and detect or recover from misconfigurations.

NSA Releases Guidance to Mitigate UEFI Secure Boot Vulnerabilities

Cyber has become a principal battlefield in global conflict and American systems are being targeted. Join the Potomac Officers Club’s 2026 Cyber Summit on May 21 to gain a better understanding of cyber from global adversaries and near-peer nations and get updates to ongoing and future cyber initiatives across the federal government. Get your tickets today.

What Are Secure Boot Vulnerabilities?

Secure Boot, introduced to the UEFI standard in the mid-2000s, restricts which software can run during the boot process. It blocks unsigned or unknown boot software while allowing many common operating system distributions.

However, over the years, experts have identified vulnerabilities affecting Secure Boot, emphasizing the need for accurate configuration across enterprise environments.

One vulnerability, BootHole, could enable malicious cyber actors to gain control of Linux systems during the boot process. NSA published mitigation options for the BootHole vulnerability in 2020.

The agency warned that Secure Boot is still widely used across modern devices, making it critical for organizations to assess their Secure Boot configurations and reduce their cyber risk.

What Does NSA Recommend?

The agency urged IT administrators and managers to review the guidance to confirm proper enforcement of Secure Boot policies. 

NSA said organizations must not assume that their systems are secure with a Trusted Platform Module or full disk encryption tools like BitLocker.

Additionally, NSA encourages organizations to conduct acceptance testing of new devices to check if the Secure Boot is configured properly.

/
GSA, Tenable Partner to Offer Discounted Cloud Security Capabilities
Published on
FAS Commissioner Josh Gruenbaum. GSA and Tenable partnered to offer discounted access to Tenable Cloud Security Enterprise

The U.S. General Services Administration has partnered with Tenable Public Sector through a OneGov agreement to provide federal agencies with discounted access to Tenable Cloud Security Enterprise.

What Does the GSA-Tenable OneGov Agreement Entail?

Under the OneGov agreement, agencies can receive a 65 percent discount on Tenable’s cloud security capabilities, authorized by the Federal Risk and Authorization Management Program, through GSA’s Multiple Award Schedule – IT Category, the agency said Thursday. The agreement offers a Cloud Native Application Protection Platform, or CNAPP, aimed at safeguarding sensitive government cloud environments.

What Did Josh Gruenbaum & Tenable Say About the Agreement?

“Robust cybersecurity is essential for implementing AI into federal government workflows while simultaneously protecting American citizens’ data and information, a crucial component in supporting the White House’s AI Action Plan,” said Josh Gruenbaum, Federal Acquisition Service commissioner and 2025 Wash100 Award winner. “This OneGov agreement with Tenable will enable federal agencies to secure their networks and data more easily and cost-effectively.”

Federal agencies can take advantage of discounted pricing until March 31, 2027. Option years carry favorable escalation rates: 0 percent in year 1 and 3 percent in years 2 and 3, maintaining substantial discounts of 62 percent in year 2 and 59 percent in year 3.

“With our FedRAMP-authorized cloud security solution, Tenable is proud to help federal agencies stay ahead of evolving threats, strengthen resilience, and secure the cloud-first future of government as part of a holistic approach to exposure management,” said Steve Vintz, co-CEO of Tenable. 

/
GAO Calls on DOW to Modernize Weapon System Testing Policies
Published on
GAO logo. GAO revealed the DOW's test and evaluation policies are not aligned with best practices in product development.

The Department of War’s test and evaluation policies are not fully aligned with product development best practices, hindering its goal to rapidly deliver weapon systems to warfighters, according to a recent Government Accountability Office report.

GAO Calls on DOW to Modernize Weapon System Testing Policies

Representatives from the DOW and various military services will attend the Potomac Officers Club’s 2026 Defense R&D Summit on Jan. 29. Register now to hear them discuss the military’s modernization efforts to future-proof national defense.

What Leading Practices Are Missing From DOW Policies?

The report noted that DOW is modernizing testing through digital engineering and a skilled workforce to accelerate weapon system delivery. However, the GAO found DOW policies omit four key practices used by top technology companies to bring complex systems to market efficiently—early tester involvement, iterative testing, digital twins and threads, and ongoing user feedback.

GAO also found DOW policies lack processes to implement these practices, while military departments mirror DOW-wide policies without additional enhancements. It also determined that key program documents, including acquisition and test strategies, do not reflect them.

What Are GAO’s Recommendations?

The GAO issued 13 open recommendations calling for the Department of War and military services to update their weapon system test and evaluation, digital engineering, and systems engineering, as well as acquisition policies, to better align with leading product development practices. The recommendations emphasize three primary needs across DOW:

  • Requiring developmental and operational testers to participate early in shaping acquisition strategies, particularly on issues involving digital twins and digital threads
  • Adopting iterative, integrated testing approaches supported by digital engineering tools to enable faster delivery of minimum viable products
  • Incorporating formal end-user agreements that define how ongoing user feedback will be gathered during system development and testing

These recommendations apply to the Office of the Secretary of Defense as well as the Air Force, Army and Navy.

//
OPM, OMB Unveil Federal HR 2.0 Initiative
Published on
Scott Kupor. The OPM director commented on the launch of the Federal HR 2.0 initiative.

The Office of Personnel Management and the Office of Management and Budget have launched a modernization initiative aimed at consolidating more than 100 outdated federal human resources systems into a single platform.

OPM, OMB Unveil Federal HR 2.0 Initiative

Be part of the conversation shaping government technology at the Potomac Officers Club’s 2026 Digital Transformation Summit on April 22. Hear from experts on AI, cyber and enterprise IT. Register today to secure your spot.

Under the Federal HR 2.0 initiative, OPM said Wednesday federal agencies will transition to one Core Human Capital Management, or HCM, system, establishing it as the government’s unified system of record for personnel management. 

“Today’s announcement is a major win for efficiency, accountability, and good government,” said OPM Director Scott Kupor. “By consolidating more than 100 systems into a single, modern HR platform, we are delivering billions in savings while giving agencies the tools they need to manage the federal workforce as one coordinated enterprise. This is exactly the kind of smart, cost-saving reform the American people expect and deserve.”

In a memo issued Wednesday, Kupor and OMB Director Russell Vought stated that the Core HCM platform will encompass several functions, including personnel action processing, employee system of record, employee and manager self-service, analytics and dashboards, position management, time and attendance, and learning. 

According to the document, OPM is overseeing a procurement effort to identify a vendor to implement the new system.

What Are the Goals of Federal HR 2.0? 

According to OPM, Federal HR 2.0 aims to eliminate duplicative systems and redundant contracts and improve HR service delivery through self-service tools, standardized workflows and real-time data integration.

The initiative also seeks to support agencies in hiring, retaining and managing talent and establish a governmentwide HR system designed to strengthen security and data integrity.

In the memo, Kupor and Vought noted that the transition to the Core HCM platform will occur in two waves to “allow for significant interagency feedback and collaboration to help ensure successful implementation.”

Wave 1 agencies, including the Departments of Homeland Security, Agriculture and Health and Human Services, are expected to begin the transition in fiscal year 2026.

The Department of Commerce, General Services Administration, the Department of War, NASA and other Wave 2 agencies will move to the new system in FY 2027.

What Federal Hiring Reforms Did OPM & OMB Announce?

In November, OPM and OMB issued new guidance introducing stricter oversight of federal hiring. The directive requires agencies to justify each position in alignment with administration priorities and to limit new hires until detailed staffing plans are approved.

In September, OPM finalized a rule replacing the longstanding “rule of three” with the “rule of many” to modernize federal hiring. According to the agency, the rule applies to competitive and excepted service appointments and is designed to ensure agencies select candidates based on practical skills and merit as assessed through skills-based evaluations.

//
FedRAMP Kicks Off 20x Phase 2 Pilot With Cohort 1 Selection
Published on
FedRAMP logo. FedRAMP announced three cloud services participating in Cohort 1 of the 20x Phase 2 pilot.

The Federal Risk and Authorization Management Program has announced the three cloud services participating in the first cohort of FedRAMP 20x Phase 2 pilot.

FedRAMP said Wednesday 20x Phase 2, which was first announced in September, required cloud services to submit pilot proposals demonstrating their planned approach in advance.

The cloud services selected for Cohort 1 of the FedRAMP 20x Phase 2 pilot are Confluent Cloud for Government, Meridian LMS and Paramify Cloud.

What’s Next for FedRAMP 20x in 2026?

FedRAMP Director Pete Waterman shared an open letter to the FedRAMP Board highlighting the next steps for the 20x Phase 2 pilot program.

Upcoming efforts include:

  • Review of proposals for Phase 2, Cohort 2: From Jan. 5 to 9, FedRAMP will review pilot proposals from eligible 20x Phase 2 pilot participants and will select up to seven participants to take part in the Phase 2 pilot.
  • Transition to Phase 3: Phase 2 will conclude at the end of the second quarter of fiscal year 2026, paving the way for broader adoption of 20x improvements in the third and fourth quarters of FY 2026 under Phase 3.
  • AI Authorizations: FedRAMP plans to finalize the first three AI Prioritization 20x Low authorizations in January.
  • Innovation through partnerships: FedRAMP will continue hosting quarterly FedRAMP Days.

What Is FedRAMP 20x?

FedRAMP 20x is a cloud-native authorization framework designed to advance the use of automation to accelerate the authorization process and facilitate secure cloud adoption across federal agencies.

Under the initiative, cloud service providers are encouraged to establish their security goals, continuously validate the effectiveness of the capabilities used to meet those goals and measure their performance against those goals. 

Through this framework, CSPs secure authorization to enhance their service offerings without needing permission for significant changes.

/
Legislators Reintroduce Bipartisan Satellite Cybersecurity Act Amid Rising Space-Based Threats
Published on
Satellites in orbit. Senate legislators have introduced a bill to secure satellites from cyberthreats

Sens. Gary Peters, D-Mich., and John Cornyn, R-Texas, have reintroduced a bipartisan bill to support satellite owners and operators against growing cybersecurity threats to space assets.

Legislators Reintroduce Bipartisan Satellite Cybersecurity Act Amid Rising Space-Based Threats

American systems are being targeted by adversaries. Gain better understanding of emerging cyberthreats to the nations and learn directly from government and industry experts at the Potomac Officers Club’s 2026 Cyber Summit on May 21. Click here to secure your tickets.

What Is the Satellite Cybersecurity Act?

The Satellite Cybersecurity Act tasks the Department of Commerce to provide voluntary cybersecurity recommendations and establish an online clearinghouse to streamline access to information on how to secure space systems, the Senate said Wednesday.

The bill also tasks the Government Accountability Office to examine programs to secure commercial satellites and identify ways to integrate satellite capabilities into critical infrastructure sectors.

Peters, a ranking member of the Senate’s Homeland Security and Governmental Affairs Committee, said in a statement that the Satellite Cybersecurity Act will enable companies to protect their satellite systems from cyberthreats.

“Foreign adversaries and cybercriminals continue to target cybersecurity vulnerabilities in commercial satellites, and these attacks have the potential to significantly disrupt American lives and livelihoods,” he warned.

Cornyn added that the bipartisan bill will provide satellite operators with the tools they need to safeguard their systems against disruptions caused by bad actors.

When Else Have the Senators Introduced the Satellite Cybersecurity Act?

Peters and Cornyn have introduced the Satellite Cybersecurity Act two other times, most recently in 2023. The Record reported that the bill advanced out of the Homeland Security Committee both times but did not receive votes once it moved to the Senate floor.

/
House Passes FY26 Defense Spending Bill Authorizing $900.6B
Published on
The Department of War's logo. House passed a spending bill for DOW

The House of Representatives voted 312-112 to pass the National Defense Authorization Act, authorizing a $900.6 billion funding for the Pentagon for fiscal year 2026, Breaking Defense reported.

The bill increases the pay of service members, approves military aid for Ukraine, and finances shipbuilding and procurement of aircraft, ground vehicles and munitions.

House Passes FY26 Defense Spending Bill Authorizing $900.6B

Learn more about the technologies that reinforce the U.S. military’s edge over adversaries at the Potomac Officers Club’s 2026 Defense R&D Summit on Jan. 29. The event will feature leaders from across the Department of War and the GovCon industry to deliver insights into the present and future of warfare. Secure your tickets to this highly anticipated networking event today.

How Will NDAA FY26 Affect Military Procurement Processes?

Additionally, the new NDAA includes provisions that impact the U.S. military’s capability procurement programs.

The NDAA marks the Department of War’s shift from the current program executive officer, or PEOs, to a portfolio acquisition executive, or PAE.

According to previously released department documents, the PAE will oversee multiple programs and will be in charge of allocating resources across systems to ensure timely delivery.

In November, the Army announced the establishment of six PAEs under Army Transformation and Training Command and the assistant secretary of the Army for acquisition, logistics and technology.

The NDAA also includes language to halt the Air Force’s retirement of its A-10 Thunderbolt II fleet and divest F-15E Strike Eagle aircraft over the next year. In contrast, the bill is preventing the Pentagon from canceling the E-7 Wedgetail program.

For the Army, the bill greenlights the acquisition of UH-60 Black Hawk and the early production of the Future Long-Range Assault Aircraft.

What Programs Will NDAA FY26 Fund?

NDAA authorizes over $25 billion for the purchase of critical munitions, including Naval Strike Missiles, Tomahawks, Javelins, Sidewinders and Advanced Medium Range Air-to-Air Missiles.

The bill also provides the Pentagon $26 billion in shipbuilding funds for the purchase of Columbia-class ballistic missile and Virginia-class submarines, Arleigh Burke-class destroyers, ship-to-shore connector landing craft, and other vessels.

President Donald Trump’s Golden Dome will also receive funding under the policy bill.

//
DIU, USINDOPACOM Select 10 Startups for Blue Object Management Accelerator
Published on
DIU logo. DIU has chosen 10 startup teams to participate in the first Blue Object Management Challenge Accelerator.

The Defense Innovation Unit has announced the 10 startup teams that will participate in the first Blue Object Management Challenge Accelerator.

What Is the Blue Object Management Challenge Accelerator?

The Blue Object Management Challenge, launched in August, seeks to rapidly discover and prototype commercial technologies that align with the operational priorities of the U.S. Indo-Pacific Command, or USINDOPACOM, in the Indo-Pacific region, DIU said Wednesday.

The term “blue objects” refers to U.S. forces, systems and facilities in military operations. The initiative prioritizes tracking and managing these assets in real time to ensure commanders have accurate operational insight.

Which Companies Were Selected for the 2025 Cohort?

The 2025 cohort is composed of 10 companies competitively selected through DIU’s prize challenge process for their work in advancing artificial intelligence-driven decision-making to enhance the integration, accessibility and use of mission-critical data across Department of War platforms and forces.

The selected participants include CI-PHER Tech, Countifi, Dunedain Systems, Exia Labs, Kinnami Software, Lumbra, MAIK, Snorkel AI, Unstructured Technologies and Valinor Streamline. Each one will receive a portion of the $500,000 prize pool. During the 12-week accelerator program, the teams will collaborate with DIU and USINDOPACOM to test, validate and transition their projects.

/
DOE Announces $320M Investment to Advance Genesis Mission AI
Published on
DOE seal. DOE has announced a $320 million investment for accelerating the development of Genesis Mission's AI capabilities.

The Department of Energy has disclosed an investment exceeding $320 million intended for accelerating the development of Genesis Mission’s artificial intelligence capabilities.

DOE Announces $320M Investment to Advance Genesis Mission AI

Explore the ways AI is enabling government, military and the GovCon industry to process data and accomplish intricate missions at the Potomac Officers Club’s 2026 Artificial Intelligence Summit on March 19.

What Is the Genesis Mission & Its Key Initiatives?

The Genesis Mission is a DOE-led initiative focused on leveraging AI to advance U.S. energy dominance, strengthen national security and fast-track scientific discovery. The funding will support four key initiatives of the program, including the American Science Cloud, which will host and distribute AI models and scientific data for the research community, and the Transformational AI Models Consortium, which will create self-improving AI models for science, engineering and energy missions.

The investment will fund 14 projects in robotics, automated laboratories and autonomous control of large-scale experiments. These projects aim to transform laboratory environments and scientific experiments with intelligent systems leveraging embodied AI, advanced automation and robotics. Additionally, the program will support 37 foundational AI projects focused on organizing and preparing massive amounts of existing scientific data and developing powerful and reliable AI models that are rigorously tested for scientific use.

“Thanks to President Trump’s Working Families Tax Cut, the Department of Energy is proud to advance AI investments to ensure American technological leadership and accelerate scientific discovery,” said Dario Gilunder secretary for science and innovation at DOE. ”By investing in the American Science Cloud and the Transformational AI Model Consortium we are creating the foundational technologies and AI-ready data sets that will enable the success of the Genesis Mission.”

//
NASA JPL Opens New Center to Accelerate Moon, Mars Missions Through AI Partnerships
Published on
Moon. NASA's JPL has launched a new Rover Operations Center to support missions to the moon and Mars.

NASA’s Jet Propulsion Laboratory has opened a new Rover Operations Center, serving as a central hub for mission operations and a mechanism to support the space technology development efforts of commercial space and artificial intelligence organizations.

JPL said Wednesday that the facility is designed to consolidate its planetary surface mission expertise and expand the use of autonomous systems across upcoming lunar and Mars programs. 

Representatives from commercial space and AI companies joined JPL personnel during the facility’s inauguration for technical discussions and demonstrations.

How Will the ROC Support Future Moon and Mars Missions?

JPL leadership described the ROC as a means to increase mission efficiency and broaden access to the lab’s operational capabilities. The facility provides a centralized structure for engineering support, mission planning, training, anomaly response and integration activities for rover and aerial systems.

“The Rover Operations Center is a force multiplier,” said Dave Gallagher, director at JPL. “It integrates decades of specialized knowledge with powerful new tools, and exports that knowledge through partnerships to catalyze the next generation of Moon and Mars surface missions.”

What Role Will AI Play in the New JPL Operations Center?

A primary focus of the ROC is accelerating the adoption of advanced autonomy in surface missions. The center is already applying AI to operational workflows, including a recent demonstration in which the Perseverance team used generative AI to explore possible future driving routes on Mars.

The effort builds on JPL’s long-running autonomy development. Past milestones include the introduction of autonomous task scheduling on Perseverance and the earlier evolution of rover independence dating back to Sojourner in the 1990s.

Matt Wallace, head of JPL’s Exploration Systems Office, said the mission environment demands faster advancement. “Our rovers are lasting longer and are more sophisticated than ever before. It’s time to take our game up a notch and bring everybody we can with us.”

How Will Industry Benefit from the ROC?

As NASA’s federally funded research and development center, JPL is positioned to enable technology transfer and collaborative development. Through the ROC, JPL aims to deliver new mission-enabling technologies such as digital engineering models, mission-adapted AI tools and autonomy stacks designed for edge computing environments.

1 43 44 45 46 47 2,697