///
Troy Meink on Air Force’s Acquisition Transformation
Published on
Troy Meink. The Air Force secretary highlighted major changes in the Department of the Air Force’s acquisition process.

Secretary of the Air Force Troy Meink highlighted major changes in the Department of the Air Force’s acquisition process during his keynote speech Thursday at the Spacepower 2025 Conference, the U.S. Space Force reported.

What Are Troy Meink’s Thoughts on Portfolio Acquisition Executives?

One of the structural changes Meink cited is the shift from program executive officers to portfolio acquisition executives, or PAEs, to speed up the decision-making process and provide leaders with clearer authority. 

“We’re moving from the old program executive officer model to portfolio acquisition executives, and the whole focus is making sure our people are empowered to do their jobs,” Meink said. “For too long, we’ve had responsibility without the authority to match. We’re fixing that by streamlining oversight and giving PAEs the ability to make decisions quickly — and we’ll have their backs when things don’t go right.”

“PAEs must have authorities, resources and talent to execute some of the most technical programs,” he added.

Meink urged the Space Force “to innovate faster and deliver capability at the pace the mission demands,” noting that automation will continue to play a critical role in satellite operations and data processing.

What Key Space Force Developments Did Gen. Saltzman Highlight at Spacepower 2025?

At the Space Force Association-hosted conference, Gen. Chance Saltzman, Space Force chief of space operations and a three-time Wash100 awardee, announced the naming of two Space Force weapon systems—Ursa Major and Bifrost—as part of a Guardian-driven initiative to enhance operational identity.

He highlighted the increasing role of allies and partners in the service branch’s force design, operational planning and exercises, citing Resolute Space 25 as a demonstration of combined readiness.

Saltzman also noted that the Space Force is accelerating the delivery of capabilities through modernized and streamlined acquisition processes to support warfighters and counter threats.

/
CISA Issues New Cross-Sector Cybersecurity Performance Goals to Counter Emerging Threats
Published on
The Cybersecurity and Infrastructure Security Agency's logo. CISA issued its new Cybersecurity Performance Goals guidance

The Cybersecurity and Infrastructure Security Agency has released version 2.0 of its Cross-Sector Cybersecurity Performance Goals, or CPGs, an updated guidance for integrating cybersecurity within an organization’s daily operations.

CISA Issues New Cross-Sector Cybersecurity Performance Goals to Counter Emerging Threats

The Potomac Officers Club’s 2026 Cyber Summit on May 21 will bring together cybersecurity experts from across government and industry to discuss some of the most pressing cyber issues and opportunities today. Get your tickets here.

CISA said Thursday that the document reflects three years of operational insights and contains best practices collected from industry and government leaders and cybersecurity experts.

“Over the past year, CISA has engaged extensively with hundreds of stakeholders across both the public and private sectors to ensure the updated goals reflect real-world challenges and operational realities,” Acting CISA Director Madhu Gottumukkala stated. “Version 2.0 demonstrates our commitment to listening to and incorporating partner feedback to deliver practical, outcome-driven guidance that organizations can act on.”

The Cross-Sector CPGs align with the National Institute of Standards and Technology Cybersecurity Framework 2.0.

What Is the CPG Version 2.0?

The updated goals expand the agency’s current guidance on account and device security, data protection, governance, vulnerability management, supply chain risk, and incident response and recovery.

The Cross-Sector CPG 2.0 introduces a section on the role of organizational leadership. CISA also consolidated operational and information technology into universal goals and added measures addressing emerging threats to eliminate silos in the new guidance.

The document also adds new goals for third-party risk, zero trust architecture and incident communication.

According to Gottumukkala, the CPGs apply to all critical infrastructure sectors.

Are CISA’s Cross-Sector CPGs Effective?

The updated guidance comes almost a year after CISA published its Cybersecurity Performance Goals Adoption Report. The agency found that, based on its analysis of 7,791 critical infrastructure organizations enrolled in its vulnerability scanning service, cybersecurity has improved in the sector since the implementation of CPG in 2022.

The report found a decline in known exploited vulnerabilities, or KEVs, and Secure Sockets Layer misconfigurations.

//
NSA Releases Guidance to Mitigate UEFI Secure Boot Vulnerabilities
Published on
The National Security Agency's logo. NSA issued a new Cybersecurity Information Sheet

The National Security Agency has issued a Cybersecurity Information Sheet detailing how organizations can address configuration challenges associated with Unified Extensible Firmware Interface—a.k.a. UEFI—Secure Boot.

The agency said Thursday that the guidance provides system owners with instructions on how to verify Secure Boot settings and detect or recover from misconfigurations.

NSA Releases Guidance to Mitigate UEFI Secure Boot Vulnerabilities

Cyber has become a principal battlefield in global conflict and American systems are being targeted. Join the Potomac Officers Club’s 2026 Cyber Summit on May 21 to gain a better understanding of cyber from global adversaries and near-peer nations and get updates to ongoing and future cyber initiatives across the federal government. Get your tickets today.

What Are Secure Boot Vulnerabilities?

Secure Boot, introduced to the UEFI standard in the mid-2000s, restricts which software can run during the boot process. It blocks unsigned or unknown boot software while allowing many common operating system distributions.

However, over the years, experts have identified vulnerabilities affecting Secure Boot, emphasizing the need for accurate configuration across enterprise environments.

One vulnerability, BootHole, could enable malicious cyber actors to gain control of Linux systems during the boot process. NSA published mitigation options for the BootHole vulnerability in 2020.

The agency warned that Secure Boot is still widely used across modern devices, making it critical for organizations to assess their Secure Boot configurations and reduce their cyber risk.

What Does NSA Recommend?

The agency urged IT administrators and managers to review the guidance to confirm proper enforcement of Secure Boot policies. 

NSA said organizations must not assume that their systems are secure with a Trusted Platform Module or full disk encryption tools like BitLocker.

Additionally, NSA encourages organizations to conduct acceptance testing of new devices to check if the Secure Boot is configured properly.

/
GSA, Tenable Partner to Offer Discounted Cloud Security Capabilities
Published on
FAS Commissioner Josh Gruenbaum. GSA and Tenable partnered to offer discounted access to Tenable Cloud Security Enterprise

The U.S. General Services Administration has partnered with Tenable Public Sector through a OneGov agreement to provide federal agencies with discounted access to Tenable Cloud Security Enterprise.

What Does the GSA-Tenable OneGov Agreement Entail?

Under the OneGov agreement, agencies can receive a 65 percent discount on Tenable’s cloud security capabilities, authorized by the Federal Risk and Authorization Management Program, through GSA’s Multiple Award Schedule – IT Category, the agency said Thursday. The agreement offers a Cloud Native Application Protection Platform, or CNAPP, aimed at safeguarding sensitive government cloud environments.

What Did Josh Gruenbaum & Tenable Say About the Agreement?

“Robust cybersecurity is essential for implementing AI into federal government workflows while simultaneously protecting American citizens’ data and information, a crucial component in supporting the White House’s AI Action Plan,” said Josh Gruenbaum, Federal Acquisition Service commissioner and 2025 Wash100 Award winner. “This OneGov agreement with Tenable will enable federal agencies to secure their networks and data more easily and cost-effectively.”

Federal agencies can take advantage of discounted pricing until March 31, 2027. Option years carry favorable escalation rates: 0 percent in year 1 and 3 percent in years 2 and 3, maintaining substantial discounts of 62 percent in year 2 and 59 percent in year 3.

“With our FedRAMP-authorized cloud security solution, Tenable is proud to help federal agencies stay ahead of evolving threats, strengthen resilience, and secure the cloud-first future of government as part of a holistic approach to exposure management,” said Steve Vintz, co-CEO of Tenable. 

/
GAO Calls on DOW to Modernize Weapon System Testing Policies
Published on
GAO logo. GAO revealed the DOW's test and evaluation policies are not aligned with best practices in product development.

The Department of War’s test and evaluation policies are not fully aligned with product development best practices, hindering its goal to rapidly deliver weapon systems to warfighters, according to a recent Government Accountability Office report.

GAO Calls on DOW to Modernize Weapon System Testing Policies

Representatives from the DOW and various military services will attend the Potomac Officers Club’s 2026 Defense R&D Summit on Jan. 29. Register now to hear them discuss the military’s modernization efforts to future-proof national defense.

What Leading Practices Are Missing From DOW Policies?

The report noted that DOW is modernizing testing through digital engineering and a skilled workforce to accelerate weapon system delivery. However, the GAO found DOW policies omit four key practices used by top technology companies to bring complex systems to market efficiently—early tester involvement, iterative testing, digital twins and threads, and ongoing user feedback.

GAO also found DOW policies lack processes to implement these practices, while military departments mirror DOW-wide policies without additional enhancements. It also determined that key program documents, including acquisition and test strategies, do not reflect them.

What Are GAO’s Recommendations?

The GAO issued 13 open recommendations calling for the Department of War and military services to update their weapon system test and evaluation, digital engineering, and systems engineering, as well as acquisition policies, to better align with leading product development practices. The recommendations emphasize three primary needs across DOW:

  • Requiring developmental and operational testers to participate early in shaping acquisition strategies, particularly on issues involving digital twins and digital threads
  • Adopting iterative, integrated testing approaches supported by digital engineering tools to enable faster delivery of minimum viable products
  • Incorporating formal end-user agreements that define how ongoing user feedback will be gathered during system development and testing

These recommendations apply to the Office of the Secretary of Defense as well as the Air Force, Army and Navy.

//
OPM, OMB Unveil Federal HR 2.0 Initiative
Published on
Scott Kupor. The OPM director commented on the launch of the Federal HR 2.0 initiative.

The Office of Personnel Management and the Office of Management and Budget have launched a modernization initiative aimed at consolidating more than 100 outdated federal human resources systems into a single platform.

OPM, OMB Unveil Federal HR 2.0 Initiative

Be part of the conversation shaping government technology at the Potomac Officers Club’s 2026 Digital Transformation Summit on April 22. Hear from experts on AI, cyber and enterprise IT. Register today to secure your spot.

Under the Federal HR 2.0 initiative, OPM said Wednesday federal agencies will transition to one Core Human Capital Management, or HCM, system, establishing it as the government’s unified system of record for personnel management. 

“Today’s announcement is a major win for efficiency, accountability, and good government,” said OPM Director Scott Kupor. “By consolidating more than 100 systems into a single, modern HR platform, we are delivering billions in savings while giving agencies the tools they need to manage the federal workforce as one coordinated enterprise. This is exactly the kind of smart, cost-saving reform the American people expect and deserve.”

In a memo issued Wednesday, Kupor and OMB Director Russell Vought stated that the Core HCM platform will encompass several functions, including personnel action processing, employee system of record, employee and manager self-service, analytics and dashboards, position management, time and attendance, and learning. 

According to the document, OPM is overseeing a procurement effort to identify a vendor to implement the new system.

What Are the Goals of Federal HR 2.0? 

According to OPM, Federal HR 2.0 aims to eliminate duplicative systems and redundant contracts and improve HR service delivery through self-service tools, standardized workflows and real-time data integration.

The initiative also seeks to support agencies in hiring, retaining and managing talent and establish a governmentwide HR system designed to strengthen security and data integrity.

In the memo, Kupor and Vought noted that the transition to the Core HCM platform will occur in two waves to “allow for significant interagency feedback and collaboration to help ensure successful implementation.”

Wave 1 agencies, including the Departments of Homeland Security, Agriculture and Health and Human Services, are expected to begin the transition in fiscal year 2026.

The Department of Commerce, General Services Administration, the Department of War, NASA and other Wave 2 agencies will move to the new system in FY 2027.

What Federal Hiring Reforms Did OPM & OMB Announce?

In November, OPM and OMB issued new guidance introducing stricter oversight of federal hiring. The directive requires agencies to justify each position in alignment with administration priorities and to limit new hires until detailed staffing plans are approved.

In September, OPM finalized a rule replacing the longstanding “rule of three” with the “rule of many” to modernize federal hiring. According to the agency, the rule applies to competitive and excepted service appointments and is designed to ensure agencies select candidates based on practical skills and merit as assessed through skills-based evaluations.

//
FedRAMP Kicks Off 20x Phase 2 Pilot With Cohort 1 Selection
Published on
FedRAMP logo. FedRAMP announced three cloud services participating in Cohort 1 of the 20x Phase 2 pilot.

The Federal Risk and Authorization Management Program has announced the three cloud services participating in the first cohort of FedRAMP 20x Phase 2 pilot.

FedRAMP said Wednesday 20x Phase 2, which was first announced in September, required cloud services to submit pilot proposals demonstrating their planned approach in advance.

The cloud services selected for Cohort 1 of the FedRAMP 20x Phase 2 pilot are Confluent Cloud for Government, Meridian LMS and Paramify Cloud.

What’s Next for FedRAMP 20x in 2026?

FedRAMP Director Pete Waterman shared an open letter to the FedRAMP Board highlighting the next steps for the 20x Phase 2 pilot program.

Upcoming efforts include:

  • Review of proposals for Phase 2, Cohort 2: From Jan. 5 to 9, FedRAMP will review pilot proposals from eligible 20x Phase 2 pilot participants and will select up to seven participants to take part in the Phase 2 pilot.
  • Transition to Phase 3: Phase 2 will conclude at the end of the second quarter of fiscal year 2026, paving the way for broader adoption of 20x improvements in the third and fourth quarters of FY 2026 under Phase 3.
  • AI Authorizations: FedRAMP plans to finalize the first three AI Prioritization 20x Low authorizations in January.
  • Innovation through partnerships: FedRAMP will continue hosting quarterly FedRAMP Days.

What Is FedRAMP 20x?

FedRAMP 20x is a cloud-native authorization framework designed to advance the use of automation to accelerate the authorization process and facilitate secure cloud adoption across federal agencies.

Under the initiative, cloud service providers are encouraged to establish their security goals, continuously validate the effectiveness of the capabilities used to meet those goals and measure their performance against those goals. 

Through this framework, CSPs secure authorization to enhance their service offerings without needing permission for significant changes.

/
Legislators Reintroduce Bipartisan Satellite Cybersecurity Act Amid Rising Space-Based Threats
Published on
Satellites in orbit. Senate legislators have introduced a bill to secure satellites from cyberthreats

Sens. Gary Peters, D-Mich., and John Cornyn, R-Texas, have reintroduced a bipartisan bill to support satellite owners and operators against growing cybersecurity threats to space assets.

Legislators Reintroduce Bipartisan Satellite Cybersecurity Act Amid Rising Space-Based Threats

American systems are being targeted by adversaries. Gain better understanding of emerging cyberthreats to the nations and learn directly from government and industry experts at the Potomac Officers Club’s 2026 Cyber Summit on May 21. Click here to secure your tickets.

What Is the Satellite Cybersecurity Act?

The Satellite Cybersecurity Act tasks the Department of Commerce to provide voluntary cybersecurity recommendations and establish an online clearinghouse to streamline access to information on how to secure space systems, the Senate said Wednesday.

The bill also tasks the Government Accountability Office to examine programs to secure commercial satellites and identify ways to integrate satellite capabilities into critical infrastructure sectors.

Peters, a ranking member of the Senate’s Homeland Security and Governmental Affairs Committee, said in a statement that the Satellite Cybersecurity Act will enable companies to protect their satellite systems from cyberthreats.

“Foreign adversaries and cybercriminals continue to target cybersecurity vulnerabilities in commercial satellites, and these attacks have the potential to significantly disrupt American lives and livelihoods,” he warned.

Cornyn added that the bipartisan bill will provide satellite operators with the tools they need to safeguard their systems against disruptions caused by bad actors.

When Else Have the Senators Introduced the Satellite Cybersecurity Act?

Peters and Cornyn have introduced the Satellite Cybersecurity Act two other times, most recently in 2023. The Record reported that the bill advanced out of the Homeland Security Committee both times but did not receive votes once it moved to the Senate floor.

/
House Passes FY26 Defense Spending Bill Authorizing $900.6B
Published on
The Department of War's logo. House passed a spending bill for DOW

The House of Representatives voted 312-112 to pass the National Defense Authorization Act, authorizing a $900.6 billion funding for the Pentagon for fiscal year 2026, Breaking Defense reported.

The bill increases the pay of service members, approves military aid for Ukraine, and finances shipbuilding and procurement of aircraft, ground vehicles and munitions.

House Passes FY26 Defense Spending Bill Authorizing $900.6B

Learn more about the technologies that reinforce the U.S. military’s edge over adversaries at the Potomac Officers Club’s 2026 Defense R&D Summit on Jan. 29. The event will feature leaders from across the Department of War and the GovCon industry to deliver insights into the present and future of warfare. Secure your tickets to this highly anticipated networking event today.

How Will NDAA FY26 Affect Military Procurement Processes?

Additionally, the new NDAA includes provisions that impact the U.S. military’s capability procurement programs.

The NDAA marks the Department of War’s shift from the current program executive officer, or PEOs, to a portfolio acquisition executive, or PAE.

According to previously released department documents, the PAE will oversee multiple programs and will be in charge of allocating resources across systems to ensure timely delivery.

In November, the Army announced the establishment of six PAEs under Army Transformation and Training Command and the assistant secretary of the Army for acquisition, logistics and technology.

The NDAA also includes language to halt the Air Force’s retirement of its A-10 Thunderbolt II fleet and divest F-15E Strike Eagle aircraft over the next year. In contrast, the bill is preventing the Pentagon from canceling the E-7 Wedgetail program.

For the Army, the bill greenlights the acquisition of UH-60 Black Hawk and the early production of the Future Long-Range Assault Aircraft.

What Programs Will NDAA FY26 Fund?

NDAA authorizes over $25 billion for the purchase of critical munitions, including Naval Strike Missiles, Tomahawks, Javelins, Sidewinders and Advanced Medium Range Air-to-Air Missiles.

The bill also provides the Pentagon $26 billion in shipbuilding funds for the purchase of Columbia-class ballistic missile and Virginia-class submarines, Arleigh Burke-class destroyers, ship-to-shore connector landing craft, and other vessels.

President Donald Trump’s Golden Dome will also receive funding under the policy bill.

//
DIU, USINDOPACOM Select 10 Startups for Blue Object Management Accelerator
Published on
DIU logo. DIU has chosen 10 startup teams to participate in the first Blue Object Management Challenge Accelerator.

The Defense Innovation Unit has announced the 10 startup teams that will participate in the first Blue Object Management Challenge Accelerator.

What Is the Blue Object Management Challenge Accelerator?

The Blue Object Management Challenge, launched in August, seeks to rapidly discover and prototype commercial technologies that align with the operational priorities of the U.S. Indo-Pacific Command, or USINDOPACOM, in the Indo-Pacific region, DIU said Wednesday.

The term “blue objects” refers to U.S. forces, systems and facilities in military operations. The initiative prioritizes tracking and managing these assets in real time to ensure commanders have accurate operational insight.

Which Companies Were Selected for the 2025 Cohort?

The 2025 cohort is composed of 10 companies competitively selected through DIU’s prize challenge process for their work in advancing artificial intelligence-driven decision-making to enhance the integration, accessibility and use of mission-critical data across Department of War platforms and forces.

The selected participants include CI-PHER Tech, Countifi, Dunedain Systems, Exia Labs, Kinnami Software, Lumbra, MAIK, Snorkel AI, Unstructured Technologies and Valinor Streamline. Each one will receive a portion of the $500,000 prize pool. During the 12-week accelerator program, the teams will collaborate with DIU and USINDOPACOM to test, validate and transition their projects.

1 49 50 51 52 53 2,703