//
NIST Seeks Feedback on Draft Secure Software Development Guidelines
Published on
Software development. NIST is seeking feedback on draft software development security guidelines.

The National Institute of Standards and Technology is conducting a public consultation on a preliminary draft of guidelines for improved security in all stages of the software development lifecycle, from a software’s initial planning and testing to its deployment, operation and maintenance.

A NIST consortium, including National Cybersecurity Center of Excellence computer security experts and 14 industry partners, created the draft NIST Special Publication 1800-44, titled Secure Software Development, Security, and Operations Practices, in accordance with Executive Order 14306, which aims to strengthen U.S. cybersecurity, NIST said Wednesday. The agency plans to hold a virtual event on Aug. 27 to discuss the guidelines and gather additional insight for the project ahead of the Sept. 12 deadline for feedback on the draft.

SP 1800-44 Expands NIST’s Secure Software Development Framework

The publication will complement the best practices outlined in NIST’s Secure Software Development Framework, or SSDF. According to the agency, the SSDF provides high-level secure software development practices but does not guide organizations in creating a secure development environment that fits their objectives. Building on the SSDF, SP 1800-44 offers specific examples to help organizations establish such an environment, accelerate software development and keep unauthorized individuals from the development processes.

“The SSDF looks at building software holistically, helping organizations figure out what needs to be done to make their development environment more secure, how to protect it and find deficiencies that make it vulnerable,” said NCCoE’s Alper Kerman, one of the publication’s authors. “The draft guidelines we are developing will show how organizations can use commercial, off-the-shelf technologies and AI capabilities and apply zero trust principles and methodologies to create an efficient and secure development environment for producing fast and more reliable software.”

/
OSTP Director Discusses American AI Export Stack, Safety Institute Rebranding
Published on
OSTP Director Michael Kratsios. Kratsios discusses the White House's AI Action Plan

Governments around the world are exploring the use of artificial intelligence to manage data and provide public services, and it would create risks if nations start using AI solutions that are not from the United States, warned Michael Kratsios, director of the White House Office of Science and Technology Policy and a two-time Wash100 awardee.

During a recent event, the official recalled his experience convincing nations to remove telecommunications equipment made by the Chinese technology company Huawei.

“Whether it’s the way you pay your taxes, whether it’s your health care records, whether it’s small things like if you want to get a permit to go to national park for a campsite – all of this stuff is going to be part of the AI fabric,” he explained during the event. “And it would be a huge problem if the model that is fine-tuned to generate these AI solutions isn’t from America.”

America’s AI Stack for Export

Kratsios’ comments follow the White House’s issuance of an AI Action Plan, which tasked the Department of Commerce to team up with industry to develop full-stack AI export packages. Offering a technology stack for export instead of individual tools could make adoption easier for foreign governments.

The official also pointed out that, while a lot of countries want to implement AI, the specifics of how they use the technology remain unclear. He shared that the U.S. can “fill in the blanks” for foreign government partners.

“We have to show them what the potential is for AI for their people, and their country and their economies, and make it as easy as humanly possible for them to implement it,” Kratsios said.

NIST’s Center for AI Standards and Innovation

Kratsios also addressed the recent rebranding of the AI Safety Institute, which was established under the previous administration, to the Center for AI Standards and Innovation. The OSTP director explained that the AI Safety Institute was too focused on setting up guardrails, curtailing innovation.

The new center, he revealed, will conduct model measurements and evaluations.

The Center for AI Standards and Innovation will operate under the National Institute of Standards and Technology. It will figure out how to measure a model, which would be invaluable to industry. 

/
DAF PEO C3BM Highlights New Strategic Anchors to Enhance Battle Network
Published on
C3BM PEO Luke Cropsey. The DAF PEO C3BM unveiled three new strategic anchors to strengthen the DAF BATTLE NETWORK.

The Department of the Air Force Program Executive Office for Command, Control, Communications and Battle Management has unveiled new strategic priorities aimed at enhancing the decision-making capabilities and resilience of joint and coalition forces.

PEO C3BM’s 3 New Strategic Anchors

The DAF PEO C3BM shared Wednesday that Maj. Gen. Luke Cropsey, C3BM PEO and 2025 Wash100Award winner, highlighted three new strategic anchors to strengthen the DAF Battle Network. He emphasized that the first anchor is to utilize a “deliver to depreciate” approach, prioritizing rapid capability deployment to address operational gaps and build stronger credibility and responsiveness with operational partners.

The second is to develop a comprehensive technical strategy for the entire DAF Battle Network by identifying technologies vital to mission needs. The PEO aims to unify the technical foundation of the DAF Battle Network, or “The Stack,” to accelerate the adoption of innovations. Cropsey asserted that to close mission threads, the PEO must actively manage key technologies by identifying weapons platforms, developing components and communications for each kill chain, then aligning schedules and budgets to deliver on the advertised capabilities.

The third anchor ensures that supporting activities are aligned with the implementation of the other two strategies. This includes accelerating delivery processes by eliminating bureaucratic obstacles. Cropsey further stressed the importance of operating faster than adversaries, particularly in procurement, requirements and resource enterprises.

“Our goal is to define a clear list of priorities by program, align our manpower with those priorities, engage with our key stakeholders and codify our plan and the resulting resource decisions to deliver capabilities to our warfighters now,” said Cropsey.

//
SBA Issues Letter of Warning to Federal Contracting Officers Following Reports of Fraud
Published on
SBA Administrator Kelly Loeffler. Loeffler published a letter of warning for government contracting officers

The Small Business Administration has issued a formal letter of warning reminding government contracting officers to report suspected fraud, waste and abuse. According to SBA Administrator Kelly Loeffler, the notice represents the agency’s commitment to strengthening its oversight of the SBA 8(a) Business Development Program.

“Our 8(a) contracting officers have a legal responsibility to uphold the law and protect taxpayer dollars, ensuring that federal awards go to legitimate, eligible small businesses,” the official said. “Today, we’re putting them on notice – that we will no longer tolerate the self-dealing and fraud that was allowed to proliferate under the Biden Administration.”

The 8(a) program provides training and technical assistance to socially and economically disadvantaged small business owners. It also opens up opportunities for small businesses to work with government agencies and enter the federal marketplace.

DOJ Uncovers SBA Fraud

The letter follows a Department of Justice investigation of the 8(a) Business Development Program that revealed fraud and bribery schemes involving federal contracts. According to the investigation, over $550 million in federal contracts were fraudulently awarded by a contracting officer from the U.S. Agency for International Development. One federal contractor involved in the scheme received $800 million in contracts, even after it was flagged by USAID for its lack of “honesty or integrity.”

Loeffler has already ordered a full-scale audit of the business development program. The audit will look at high-dollar and limited-competition contracts issued in the past fifteen years.

“Effective immediately, I am launching a full-scale audit of the program to stop bad actors from making the kind of backroom deals that have already cost taxpayers hundreds of millions of dollars,” the official said at the time. “We must hold both contracting officers and 8(a) participants accountable – and start rewarding merit instead of those who game the system.”

//
CISA Unveils Zero Trust Microsegmentation Guidance Part 1
Published on
CISA official Shelly Hartsook cited the release of new guidance for agencies to implement microsegmentation as part of ZTA.

The Cybersecurity and Infrastructure Security Agency has issued the first part of its latest guide that provides an overview of microsegmentation as part of CISA’s efforts to help federal civilian executive branch agencies implement zero trust architectures.

CISA Unveils Zero Trust Microsegmentation Guidance Part 1

Join the Potomac Officers Club’s 2025 Homeland Security Summit on Nov. 12, and keep abreast of the latest government cybersecurity initiatives and policies. Save your spot now!

What Is the Purpose of CISA’s Zero Trust Microsegmentation Guidance?

CISA said Tuesday the document titled “Microsegmentation in Zero Trust, Part One: Introduction and Planning” is part of its Journey to Zero Trust series and covers key concepts associated with microsegmentation, which seeks to reduce the attack surface, limit lateral movement and boost visibility.

“So many organizations, both on the federal side and in the private sector, we saw make early investments in zero trust network access tools, or SASE tools – secure access service edge –as part of their early implementation,” Shelly Hartsook, an acting associate director within CISA’s cybersecurity division, told Federal News Network in an interview.

“And there is a value in those bringing those tools into the toolbox and initially implementing them. This guidance can help organizations make the most of those technology investments and how they’re configured and really used across the enterprise,” Hartsook added.

The document also offers recommended actions to advance zero trust principles and modernize network security.

The agency intends to launch a subsequent technical guide to provide implementatation teams with technical considerations and detailed implementation scenarios.

Phased Approach to Microsegmentation

The document provides agencies with a phased approach when transitioning portions of their enterprise to microsegmentation.

The phased approach includes identifying candidate resources for segmentation; identifying dependencies for selected candidate resources; determining appropriate segmentation policies; and deploying updated segmentation policies.

Hartsook noted that implementing microsegmentation requires organizations to do careful planning from the start.

“So really understanding how to apply it and having a deliberate strategy architecture and planning is critical to doing this in a way that achieves the cybersecurity intent without mucking up your just normal business with your organization,” she told FNN.

////
DIU Taps Oshkosh Subsidiary for EHOSS Prototype Development Contract
Published on
Defense Innovation Unit logo. DIU selected Pratt Miller for the EHOSS prototype development contract.

The Defense Innovation Unit has awarded a contract to Oshkosh subsidiary Pratt Miller to build a prototype of its platform under the Expeditionary Hydrogen On Ship and Shore, or EHOSS, project.

DIU Taps Oshkosh Subsidiary for EHOSS Prototype Development Contract

Hear experts discuss the latest naval capabilities and emerging tech at the Potomac Officers Club’s 2025 Navy Summit. Book your seats now for this Aug. 26 event!

What Is the Goal of the DIU EHOSS Project?

DIU said Tuesday the EHOSS project seeks to generate, store and distribute hydrogen both aboard ship and ashore by leveraging commmercial off-the-shelf components to create a tactical “micro hydrogen supply chain.”

The initiative aims to support the Department of Defense’s strategic priorities to reduce logistical fuel supply vulnerabilities, improve energy dominance and facilitate distributed operations in contested environments.

DIU collaborates with the Naval Research Laboratory, U.S. Indo-Pacific Command, U.S. Marine Corps Expeditionary Energy Office, Naval Undersea Warfare Command, Naval Information Warfare Center Pacific and the U.S. Army Ground Vehicle Systems Center on the EHOSS project to help extend operational capabilities and improve energy resilience across joint forces.

“Hydrogen fuel cell technologies offer a pathway to reduced logistical risk and greater operational flexibility, especially in environments where conventional fuel delivery is constrained or compromised,” said Andrew Higier, energy portfolio director at DIU.

“EHOSS is a step toward enabling persistent, low-signature operations that can help us untether from larger fuel supply chains and adapt across the maritime and littoral fight,” Higier added.

Containerized Hydrogen Generation Tech Development

Under the contract, Pratt Miller will build a prototype of a containerized hydrogen generation and fueling system that could produce and provide over 20 kilograms of 350 bar, high-purity hydrogen per day.

According to DIU, the EHOSS prototype builds on prior development and deployment of hydrogen platforms. The system prototype will be fully instrumented to gather and measure data, enable real-time predictive maintenance and facilitate remote monitoring.

/
GSA to Launch GO.gov Website to Enhance Federal Travel Management
Published on
GSA logo. GSA will launch the GO.gov website in November to enhance federal travel management.

The General Services Administration has introduced GO.gov, a new website developed by IBM to enhance federal travel management.

The centralized OneGov travel service initiative will officially launch in November, the agency said Tuesday. GO.gov will provide federal agencies with modern capabilities to enhance their operations, including streamlining booking and authorization processes, managing expenses, creating reports, and other tasks.

The unified travel management service, which will integrate with travel management companies, is also designed to offer a more intuitive experience for travelers. It incorporates charge card integration, a mobile interface and other commercially available functionalities.

IBM created and will operate GO.gov as part of the potential 15-year, $148 million contract it received from the GSA in November 2024. It is working toward achieving Federal Risk and Authorization Management Program accreditation.

Josh Gruenbaum, Stephen Ehikian on the GO.gov Initiative

“Common systems are an industry best practice and are proven to drive efficiency, promote compliance and establish uniform processes across agencies,” said Josh Gruenbaum, Federal Acquisition Service commissioner and 2025 Wash100 Award winner.

“As part of GSA’s OneGov strategy, GO.gov will allow all agencies to accomplish more while spending less, improve performance, provide a better customer experience and reduce administrative burdens,” he added.

“GO.gov is a common-sense solution that will relieve agencies of the burden of travel management, helping them be as effective and efficient as possible,” said GSA Deputy Administrator Stephen Ehikian.

//
US Army Launches Interface to Streamline Procurement, Financial Processes
Published on
U.S. Army logo. The Army has created an interface linking three systems.

The U.S. Army Program Executive Office Enterprise and the Office of the Deputy Assistant Secretary of the Army for Procurement have launched an interface that links three systems, the Logistics Modernization Program, or the LMP; Army Working Capital Funds, or AWCF; and Army Contract Writing System, or ACWS in an effort to streamline procurement and financial processes. The interface allows for automated sharing of contract and financial data between the LMP and the ACWS, the Army said Tuesday. 

What Is the LMP-ACWS Interface?

The LMP-ACWS interface is part of a major initiative to standardize how purchase request and procurement data are shared between systems, as the ACWS prepares to take over older contracting systems including the Procurement Automated Data and Document System, or PADDS; and the Standard Procurement System, or SPS. The PEO Enterprise will launch the second phase in October, which will allow the ACWS to handle more types of funding and fully phase out the PADDS.

Through the interface, ACWS users manage all new orders funded by AWCF directly in ACWS, including orders related to maintenance, logistics and supply support. Meanwhile, LMP users can now combine item and service needs into a single request instead filling out separate request forms. The new interface seeks to save time, reduce paperwork, improve tracking and accountability.

Army’s Kevin Stoddard Shares Thoughts

Kevin Stoddard, ACWS lead for the Office of the Deputy Assistant Secretary of the Army for Procurement, called the establishment of the interface a “noteworthy step forward.”

“The new LMP-ACWS interface reduces manual entry, improves data accuracy and supports timely obligation and contract execution tracking. It also eliminates duplicate data entry, where any updates — particularly for purchase requests — are synced bi-directionally, so there are no duplicate changes. Users enter data once in ACWS, and the data is automatically mapped to LMP/AWCF fields,” he said.

//
Information Services Group Report Shows Public Sector Adoption of AI Against Cyberthreats
Published on
Headshot of Nathan Frey, an ISG partner. Frey comments on the new ISG report on cybersecurity

Information Services Group, or ISG, has warned that agencies at the federal, state and local levels face increasingly sophisticated cyberthreats. To strengthen security, the government is adopting advanced technologies, such as artificial intelligence, to mitigate cyberattacks, the research and advisory firm revealed in its new report.

The 2025 ISG Provider Lens Cybersecurity — Services and Solutions report assessed the cybersecurity trends that impact the U.S. public sector. It is part of ISG’s Provider Lens Quadrant research series, which extracts insights from empirical and data-driven research and market analysis combined with real-world observations.

What ISG Found

According to the report, the convergence of information and operational technologies in supply chains and critical infrastructures creates major cyber risks. ISG said supply chains involved in government procurements require regular vendor risk management and monitoring. The firm also noted that an early notification system prevented a ransomware attack against transportation infrastructure.

AI offers enhanced cybersecurity through threat detection, automated discovery of vulnerabilities and predictive analysis.

More agencies are also addressing cyberthreats by deploying cloud security posture management and workload protection platforms, which can safeguard critical applications across distributed systems.

“Public agencies need strong data protection strategies to continue delivering services and maintain public trust,” said Nathan Frey, ISG partner and U.S. public sector lead.

Top Government Technology Providers

The report also assessed 86 cybersecurity solutions and service providers across six quadrants: identity and access management, extended detection and response, technical security services, security service edge, strategic security services, and next-generation security operations center and managed detection and response.

IBM is the leading provider across five quadrants. Meanwhile, Accenture, Deloitte, Capgemini, Infosys, HCLTech and EY led in three quadrants.

“Providers enable clients to align security measures with agency goals and build effective defenses with limited resources,” commented Gowtham Sampath, assistant director and principal analyst for ISG Provider Lens Research.

/
GAO Study Reveals Increased Generative AI Use by Federal Agencies
Published on
GAO seal. GAO revealed a rise in generative AI use by federal agencies.

The Government Accountability Office released a report on Tuesday, revealing a significant increase in the use of generative artificial intelligence by government agencies from 2023 to 2024.

Generative AI Use & Potential Applications

The report, titled Artificial Intelligence: Generative AI Use and Management at Federal Agencies, determined that AI use across 11 federal agencies increased from 571 to 1,110 instances, while use of generative AI jumped from 32 to 282 usage cases.

GAO also determined that generative AI has the potential to enhance written communication and boost efficiency in accessing information and tracking program status. The Department of Veterans Affairs has begun automating medical imaging processes to bolster diagnostic services for veterans, while the Department of Health and Human Services has leveraged generative AI to contain poliovirus by gathering data from publications regarding supposedly polio-free areas.

In general, agencies can use generative AI to boost productivity, support internal operations and streamline the delivery of services, among other possible applications.

Challenges in Generative AI Adoption

GAO also reported that agencies are encountering roadblocks with deploying generative AI, including navigating federal policies like data privacy, securing technical resources and funds, and maintaining appropriate use policies and practices.

To address these challenges, agencies develop their internal policies using existing AI frameworks and guidance. This coincided with the executive branch’s move to revise its AI guidance in early 2025.

Aside from issues with its adoption, generative AI also poses a risk to national security and the environment and can be used to spread misinformation, GAO said.

1 67 68 69 70 71 2,656