/
AFSPC Seeks Input on SDA Novel Innovation Pipeline for Enhanced Resilience
Published on
DAF seal. The AFSPC has started seeking input for the SDA Novel Innovation Pipeline for Enhanced resilience.

The U.S. Air Force Space Command has started conducting market research on potential contractors for the Space Domain Awareness Novel Innovation Pipeline for Enhanced Resilience, or SNIPER, initiative.

Enhancing Software Tools Through Rapid Prototyping

According to the sources sought notice issued on SAM.gov Sunday, the potential contractor will develop advanced software tools to enhance existing SDA systems. The notice seeks vendors with expertise in engineering, research and development capable of performing rapid prototyping of an existing software-based SDA technology, upgrading it from Technology Readiness Level 5 to TRL 8 or 9 for deployment into an operational baseline.

The government can benefit from existing tools, processes and technologies developed and utilized by the industry. This includes innovations at TRL 5 leveraged by the private sector, academia and research laboratories. Federal agencies can facilitate the tools’ transition to government use by integrating them into representative environments, enabling contractors to access them and conduct rapid prototyping.

Interested vendors can submit their responses until Oct. 6.

/
War Department Awards $39.6M to Strengthen Domestic Solid Rocket Motor Supply Chain
Published on
Michael Duffey, under secretary of war for acquisition and sustainment. Duffey comments about new DPA Title III funding award

The Department of War is awarding funding totaling $39.6 million to Materials Resources LLC, or MRL; ICF Mercantile; and SPARC Research to expand domestic solid rocket motor production.

Michael Duffey, under secretary of war for acquisition and sustainment, said Friday that the strategic investments ensure that the department will have access to crucial munition propulsion systems to support national security missions.

The funding awards were made via Title III of the Defense Production Act, or DPA, which aims to build a robust and resilient domestic supply chain and fill gaps in the defense industrial base.

“By partnering with industry through the Defense Production Act, we are strengthening the resilience of our supply chains and growing domestic manufacturing capacity that is vital to maintaining our technological edge,” Duffey added.

New Round of DPA Title III Funding Recipients

MRL received the largest award at $25.2 million to demonstrate its prototype additive manufacturing cells to rapidly produce metallic cases used in solid rocket motors. Based in Xenia, Ohio, the company said it can switch materials and component designs quickly.

ICF secured $9.3 million for the first domestic production source of rayon filament cellulose precursor rayon, a critical component for manufacturing carbon phenolic ablatives used in solid rocket motor and re-entry body heatshields. The Warren, New Jersey-headquartered firm will employ ionic liquid technology, which is said to be environmentally safe and will increase rayon fiber capacity while lowering the material cost of manufacturing solid rocket motors.

SPARC, based in Warrenton, Virginia, was awarded $5.1 million to make affordable components to support solid rocket motor manufacturing.

The War Department has so far made a total of $777.1 million in DPA Title III awards since the beginning of fiscal year 2025. In January, Anduril Industries received $14.3 million to expand and modernize its solid rocket motor production facility in McHenry, Mississippi.

//
SSC Establishes System Delta 81 to Strengthen Guardian Training at Peterson SFB
Published on
Space Systems Command logo. SSC established a new system delta for guardian training capabilities

The Space Systems Command has established System Delta 81, or SYD 81, during a recent ceremony at Peterson Space Force Base in Colorado.

Col. Corey Klopstein, who assumed command of SYD 81, said the new system delta will build and field capabilities to ensure that the Space Training and Readiness Command and the Space Operations Command can meet mission requirements.

“We leverage partnerships across field commands, the intelligence community, laboratories, Federally Funded Research and Development Centers, and University Affiliated Research Centers, to rapidly deliver capabilities needed to support operational testing, combat training, and tactics validation,” Klopstein stated. “SYD 81 members come to work every day with a laser focus– every system tested, every tactic proven, and every Guardian ready!”

System Delta 81 Responsibilities

SYD 81 would be responsible for the High-End Advanced Test, Training and Tactics, or HEAT3, development. HEAT3 is designed to provide a high-fidelity simulated environment. The new system delta is also expected to strengthen the underlying training infrastructure to connect and integrate events and support wargames and exercises.

“The efforts across SYD 81 will ensure our Guardians are equipped with the right tools, able to validate capabilities and enhance combat effectiveness,” Klopstein added.

SYD 81 has one system program director, formerly known as senior materiel leader, and five system program managers, previously called materiel leaders. The system program director and system program managers will validate weapon systems performance, support cross-mission tactics and ensure guardians are capable of fighting skilled and motivated adversaries.

The new SYD follows the activation of SYD 85 to support the Battle Management, Command, Control, Communication and Space Intelligence program executive office.

/
GAO Report Details SSA IT Acquisition Workforce Challenges, Recommendations
Published on
SSA seal. GAO has issued a report detailing the challenges of SSA's IT acquisition workforce challenges.

The Government Accountability Office has released a new report noting the significant challenges facing the Social Security Administration, particularly its IT acquisition workforce.

SSA Staffing & Training Deficiencies

According to the GAO report published Monday, SSA has limited data on staff workloads, particularly of contracting officials involved in awarding and managing contracts for acquiring and maintaining over $1.4 billion of IT hardware and software purchased annually since 2020. In addition to the lack of acquisition staff workload data, SSA has not upgraded its training plan since 2019, resulting in a lack of necessary skills within the workforce.

GAO Recommendations

GAO issued three recommendations to address said challenges. First, the SSA commissioner should ensure the senior procurement executive assesses and documents staffing needs using quality workload data. Second, a training plan should be developed and implemented to resolve competency gaps in acquisition. Finally, the SSA commissioner must also ensure the chief information officer will evaluate and document the staffing needs of the IT contracting officer’s representatives.

//
Army Operationalizes Zero Trust
Published on
Zero trust. The Army’s CECOM SEC and West Point tested the SEC-developed mapping between zero trust and RMF.

The U.S. Army’s Communications-Electronics Command Software Engineering Center, or CECOM SEC, and the U.S. Military Academy at West Point have collaborated to evaluate the feasibility of the CECOM SEC-developed mapping between zero trust and the Pentagon’s Risk Management Framework, or RMF.

The Army said Thursday the testing sought to collect feedback on the mapping’s application.

Zero trust is a modern cybersecurity framework built on the “never trust, always verify” principle. RMF is a systematic structure that authorizes and manages risk in the Department of War’s systems.

Helping West Point Enhance Zero Trust Posture

According to the Army, the mapping developed by CECOM SEC helped USMA develop cybersecurity configurations, manage risk with a zero-trust mindset and prioritize zero-trust activities by focusing on relevant control correlation identifiers, or CCIs.

CCI is a unique identifier assigned to a specific security requirement and serves as a bridge between security control sets and compliance frameworks, enabling consistent mapping and tracking of individual security requirements across different standards.

CCIs are a key component of the Security Technical Implementation Guides and are maintained by the Defense Information Systems Agency.

The service branch said the approach provided West Point with a repeatable process for incorporating security concepts into established risk management practices and enabled the organization to determine its zero trust maturity while leveraging RMF compliance status.

//
FAR Council Issues Changes to 4 Parts of Acquisition Regulation
Published on
Government contracting. The FAR Council released model deviation text for FAR Parts 3, 17, 27 and 45.

The Federal Acquisition Regulatory Council on Thursday issued new model deviation text for four parts of the FAR as part of the Revolutionary FAR Overhaul, or RFO, initiative.

In April, President Donald Trump signed an executive order directing his administration to amend FAR to streamline the federal procurement process and eliminate barriers to doing business with the government.

The FAR Council released new text for Part 3 – Improper Business Practices and Personal Conflicts of Interest; Part 17 – Special Contracting Methods; Part 27 – Patents, Data, and Copyrights; and Part 45 – Government Property. These parts are open for feedback through Oct. 27.

Meanwhile, FAR Part 8: Required Sources of Supplies and Services was updated to conform with Aug. 29 updates to the model deviation text.

Special Contracting Methods

FAR Part 3 concerning special contracting methods has been streamlined to organize information in a way that is easier to use and understand; combine related topics and remove repeated information; and make the language clearer through simpler sentences and better formating.

Subpart 17.1 that covers multiyear contracting, for instance, has been restructured. A subpart that addresses interagency acquisitions has been updated for clarity.

The council has removed the criteria for identifying management and operating contracts.

Patents, Data & Copyrights

FAR Part 27 governing intellectual property rights in government contracts has been updated for clarity.

A section covering royalties and a subpart tackling patent rights under government contracts have been streamlined.

The council has eliminated a section that provides unnecesary detail of the U.S. government’s policy and objectives for patent rights and title under contracts. 

A subsection addressing the status of a small business or nonprofit organization has been removed as the content is duplicative of FAR Part 19.

///
MITRE Report Calls for Increased Warfighter Involvement in Defense Acquisition
Published on
Soldiers on the battlefield. MITRE cited the importance of making warfighters active stakeholders in defense acquisition.

MITRE has released a report highlighting the need for the defense acquisition system, or DAS, to be more warfighter-centric to facilitate the delivery of capabilities that keep pace with the rapidly evolving battlefield conditions.

The nonprofit corporation said Friday uniformed engineers and scientists should have sufficient acquisition training and authorities to rapidly innovate and address emerging problems at the tactical edge.

Extreme Product Ownership

MITRE cited U.S. Special Operations Command’s adoption of “Extreme Product Ownership,” an agile approach that focuses on users and value to reduce risks to development and combat operations.

In the report, MITRE mentioned the 160 Special Operations Aviation Regiment and its use of Extreme Product Ownership, which led to the development of new software that provided new capabilities and addressed cybersecurity vulnerabilities.

Models for Pushing Agile Acquisition to the Tactical Edge

According to the report, the “MacGyver” model and the Air Force tactical battle labs are the two models for moving agile acquisition to the tactical edge.

Under the MacGyver model, operational units are required to adapt mature technology through iterative experiments and implement field innovation. With this approach, some additional acquisition authorities are delegated to group commanders to ensure that detachments can acquire commercial platforms needed to develop minimum viable products to meet unit requirements and “potentially form the basis of an Urgent Capability Acquisition.”

With the Air Force tactical battle labs, adapted mature tech platforms are paired with novel operating concepts to develop new warfighting systems and address known capability gaps.

//
DHS OIG: CISA Mismanaged $138M Cyber Retention Incentive Program
Published on
Cybersecurity and Infrastructure Security Agency logo. DHS OIG found that CISA mismanaged its cyber retention program.

The Department of Homeland Security Office of Inspector General has found significant weaknesses in the Cybersecurity and Infrastructure Security Agency’s Cybersecurity Retention Incentive program, which was designed to help the agency attract and retain high-demand cybersecurity professionals.

In an audit released Thursday, the OIG reported that CISA distributed more than $138 million between fiscal years 2020 and 2024 but failed to adequately target payments to mission-critical personnel. Instead, broad eligibility rules and weak oversight led to unauthorized back payments and retention incentives being awarded to employees who did not meet program requirements.

DHS OIG: CISA Mismanaged $138M Cyber Retention Incentive Program

The Potomac Officers Club’s 2025 Homeland Security Summit will convene senior DHS and industry leaders to address urgent challenges in national security, including workforce retention, cyber resilience and the protection of critical infrastructure. The summit offers a timely forum to examine how oversight, innovation and collaboration can strengthen homeland security missions. Register now to secure your place at this exciting homeland security event.

CISA’s Incentive Payments to Ineligible Employees

The OIG identified $1.41 million in questioned costs tied to back pay provided to 348 employees ineligible under program criteria. Incentives generally ranged from $21,000 to $25,000 per recipient each year, yet the agency often lacked documentation that recipients possessed “unusually high or unique qualifications” or that they were at risk of leaving federal service without additional compensation.

The watchdog further found that CISA broadened eligibility beyond approved guidelines by lowering the threshold of time employees needed to spend on NICE Framework cybersecurity work from 51 percent to 30 percent. The temporary change expired, but continued in practice, the report noted.

Oversight and Tracking Gaps

According to the OIG, the Office of the Chief Human Capital Officer did not maintain accurate, centralized records of recipients and payments, making it difficult to verify compliance. Required certifications attesting to mission-critical duties and retention risk were often missing or incomplete.

These management failures, the report said, undermine the program’s effectiveness and risk wasting taxpayer dollars while also discouraging highly qualified cyber professionals if incentives are not directed appropriately.

The watchdog warned that the deficiencies increase the risk of fraud, waste and abuse and undermine CISA’s ability to ensure that incentive funds are used effectively to retain critical cybersecurity talent.

OIG Recommendations and CISA’s Response

The OIG issued eight recommendations, including developing a formal risk management plan, tightening eligibility rules, reinstating clear criteria for cybersecurity work percentages, consolidating program oversight under a single office, improving recordkeeping and tracking, and recovering unallowed payments.

CISA agreed with all recommendations. The DHS Office of the Chief Human Capital Officer has set target dates in 2026 to implement updated policies, new tracking mechanisms and recovery actions.

/
FedRAMP Seeks Public Comments on KSI Changes, New Cloud Security Configuration Standard
Published on
FedRAMP logo. FedRAMP seeks comments on proposed KSI updates and a new configuration standard for cloud service providers.

The Federal Risk and Authorization Management Program has issued two requests for comment on proposed changes to its Key Security Indicators and a new standard for secure configurations of cloud service offerings.

The public comment period for both RFCs started on Sept. 10 and will close on Oct. 10.

Updated & New Key Security Indicators

KSIs outline the security capabilities expected from cloud service providers that intend to achieve and sustain a FedRAMP 20x authorization. The proposed updates to existing Phase One KSIs aim to address ineffective or insufficient ones. The changes also include new KSIs for the FedRAMP Low and Moderate baseline to bridge gaps and incorporate additional controls.

Cloud service providers pursuing Moderate authorization during the Phase Two pilot must showcase advanced maturity in depth and automation.

New Secure Configuration Standard

FedRAMP is also seeking public comment on a recommended secure configuration standard, required by Executive Order 14144, titled “Strengthening and Promoting Innovation in the Nation’s Cybersecurity,” as amended by EO 14306, “Sustaining Select Efforts to Strengthen the Nation’s Cybersecurity and Amending Executive Order 13694 and Executive Order 14144.”

The new standard aims to formalize FedRAMP’s requirements and recommendations, detailing the security configurations federal agencies need to attain before deploying a cloud service. Once finalized, the standard will be applicable to both FedRAMP 20x and FedRAMP Rev5, with the latter proceeding without a beta testing phase.

//
Government Leaders Discuss Using AI to Streamline ATO Review
Published on
Artificial intelligence. DOD tech leaders shared that AI can accelerate the ATO process.

Katie Arrington, acting chief information officer at the Department of Defense and a Wash100 Award winner, is keen on automating and applying artificial intelligence to accelerate the process of granting an authority to operate, or ATO, to software for integration into Pentagon networks.

The official said at the Billington Cybersecurity Summit, as reported by Breaking Defense, that taxpayers pay for ATO, which is why she wants to use advanced tools to accelerate the process and cut associated costs.

Government Looks to Automation, AI to Streamline ATO

Other government leaders at the event discussed how their respective organizations are implementing technologies to enhance the ATO process.

Dave Raley, who leads a team called Operation Stormbreaker at Marine Corps Community Services, shared that automation is already improving the process of granting an ATO. He shared that the Marine Corps’ Authorizing Officer approves an ATO package within 24 hours, whereas, traditionally, the process would take much longer.

Doug Cossa, the intelligence community CIO, revealed that the IC has an “espresso ATO” or “the minimum set of controls” software needs to have in place to automatically get an authorization.

“Right now, while we define those, it’s a manual process,” he added. “We’re looking to automate that evaluation … over the next year.”

More Than Just Technology

Dave McKeown, the Pentagon’s chief information security officer and a two-time Wash100 awardee, explained that vendors who want to speed up the process and get their products approved for use at the DOD need to submit a software bill of materials and provide proof of Secure Software Development Framework compliance. The documentation would enable AI to check the cybersecurity soundness of a software and grant authority, he said.

Moreover, McKeown divulged that defense leaders plan to overhaul the Risk Management Framework, or RMF. While he said the DOD is not getting rid of RMF, the framework will be modified to shift focus from “compliance and checklists and humans to cybersecurity and cyber survivability and automation.”

1 5 6 7 8 9 2,617