/
GAO Report Details SSA IT Acquisition Workforce Challenges, Recommendations
Published on
SSA seal. GAO has issued a report detailing the challenges of SSA's IT acquisition workforce challenges.

The Government Accountability Office has released a new report noting the significant challenges facing the Social Security Administration, particularly its IT acquisition workforce.

SSA Staffing & Training Deficiencies

According to the GAO report published Monday, SSA has limited data on staff workloads, particularly of contracting officials involved in awarding and managing contracts for acquiring and maintaining over $1.4 billion of IT hardware and software purchased annually since 2020. In addition to the lack of acquisition staff workload data, SSA has not upgraded its training plan since 2019, resulting in a lack of necessary skills within the workforce.

GAO Recommendations

GAO issued three recommendations to address said challenges. First, the SSA commissioner should ensure the senior procurement executive assesses and documents staffing needs using quality workload data. Second, a training plan should be developed and implemented to resolve competency gaps in acquisition. Finally, the SSA commissioner must also ensure the chief information officer will evaluate and document the staffing needs of the IT contracting officer’s representatives.

//
Army Operationalizes Zero Trust
Published on
Zero trust. The Army’s CECOM SEC and West Point tested the SEC-developed mapping between zero trust and RMF.

The U.S. Army’s Communications-Electronics Command Software Engineering Center, or CECOM SEC, and the U.S. Military Academy at West Point have collaborated to evaluate the feasibility of the CECOM SEC-developed mapping between zero trust and the Pentagon’s Risk Management Framework, or RMF.

The Army said Thursday the testing sought to collect feedback on the mapping’s application.

Zero trust is a modern cybersecurity framework built on the “never trust, always verify” principle. RMF is a systematic structure that authorizes and manages risk in the Department of War’s systems.

Helping West Point Enhance Zero Trust Posture

According to the Army, the mapping developed by CECOM SEC helped USMA develop cybersecurity configurations, manage risk with a zero-trust mindset and prioritize zero-trust activities by focusing on relevant control correlation identifiers, or CCIs.

CCI is a unique identifier assigned to a specific security requirement and serves as a bridge between security control sets and compliance frameworks, enabling consistent mapping and tracking of individual security requirements across different standards.

CCIs are a key component of the Security Technical Implementation Guides and are maintained by the Defense Information Systems Agency.

The service branch said the approach provided West Point with a repeatable process for incorporating security concepts into established risk management practices and enabled the organization to determine its zero trust maturity while leveraging RMF compliance status.

//
FAR Council Issues Changes to 4 Parts of Acquisition Regulation
Published on
Government contracting. The FAR Council released model deviation text for FAR Parts 3, 17, 27 and 45.

The Federal Acquisition Regulatory Council on Thursday issued new model deviation text for four parts of the FAR as part of the Revolutionary FAR Overhaul, or RFO, initiative.

In April, President Donald Trump signed an executive order directing his administration to amend FAR to streamline the federal procurement process and eliminate barriers to doing business with the government.

The FAR Council released new text for Part 3 – Improper Business Practices and Personal Conflicts of Interest; Part 17 – Special Contracting Methods; Part 27 – Patents, Data, and Copyrights; and Part 45 – Government Property. These parts are open for feedback through Oct. 27.

Meanwhile, FAR Part 8: Required Sources of Supplies and Services was updated to conform with Aug. 29 updates to the model deviation text.

Special Contracting Methods

FAR Part 3 concerning special contracting methods has been streamlined to organize information in a way that is easier to use and understand; combine related topics and remove repeated information; and make the language clearer through simpler sentences and better formating.

Subpart 17.1 that covers multiyear contracting, for instance, has been restructured. A subpart that addresses interagency acquisitions has been updated for clarity.

The council has removed the criteria for identifying management and operating contracts.

Patents, Data & Copyrights

FAR Part 27 governing intellectual property rights in government contracts has been updated for clarity.

A section covering royalties and a subpart tackling patent rights under government contracts have been streamlined.

The council has eliminated a section that provides unnecesary detail of the U.S. government’s policy and objectives for patent rights and title under contracts. 

A subsection addressing the status of a small business or nonprofit organization has been removed as the content is duplicative of FAR Part 19.

///
MITRE Report Calls for Increased Warfighter Involvement in Defense Acquisition
Published on
Soldiers on the battlefield. MITRE cited the importance of making warfighters active stakeholders in defense acquisition.

MITRE has released a report highlighting the need for the defense acquisition system, or DAS, to be more warfighter-centric to facilitate the delivery of capabilities that keep pace with the rapidly evolving battlefield conditions.

The nonprofit corporation said Friday uniformed engineers and scientists should have sufficient acquisition training and authorities to rapidly innovate and address emerging problems at the tactical edge.

Extreme Product Ownership

MITRE cited U.S. Special Operations Command’s adoption of “Extreme Product Ownership,” an agile approach that focuses on users and value to reduce risks to development and combat operations.

In the report, MITRE mentioned the 160 Special Operations Aviation Regiment and its use of Extreme Product Ownership, which led to the development of new software that provided new capabilities and addressed cybersecurity vulnerabilities.

Models for Pushing Agile Acquisition to the Tactical Edge

According to the report, the “MacGyver” model and the Air Force tactical battle labs are the two models for moving agile acquisition to the tactical edge.

Under the MacGyver model, operational units are required to adapt mature technology through iterative experiments and implement field innovation. With this approach, some additional acquisition authorities are delegated to group commanders to ensure that detachments can acquire commercial platforms needed to develop minimum viable products to meet unit requirements and “potentially form the basis of an Urgent Capability Acquisition.”

With the Air Force tactical battle labs, adapted mature tech platforms are paired with novel operating concepts to develop new warfighting systems and address known capability gaps.

//
DHS OIG: CISA Mismanaged $138M Cyber Retention Incentive Program
Published on
Cybersecurity and Infrastructure Security Agency logo. DHS OIG found that CISA mismanaged its cyber retention program.

The Department of Homeland Security Office of Inspector General has found significant weaknesses in the Cybersecurity and Infrastructure Security Agency’s Cybersecurity Retention Incentive program, which was designed to help the agency attract and retain high-demand cybersecurity professionals.

In an audit released Thursday, the OIG reported that CISA distributed more than $138 million between fiscal years 2020 and 2024 but failed to adequately target payments to mission-critical personnel. Instead, broad eligibility rules and weak oversight led to unauthorized back payments and retention incentives being awarded to employees who did not meet program requirements.

DHS OIG: CISA Mismanaged $138M Cyber Retention Incentive Program

The Potomac Officers Club’s 2025 Homeland Security Summit will convene senior DHS and industry leaders to address urgent challenges in national security, including workforce retention, cyber resilience and the protection of critical infrastructure. The summit offers a timely forum to examine how oversight, innovation and collaboration can strengthen homeland security missions. Register now to secure your place at this exciting homeland security event.

CISA’s Incentive Payments to Ineligible Employees

The OIG identified $1.41 million in questioned costs tied to back pay provided to 348 employees ineligible under program criteria. Incentives generally ranged from $21,000 to $25,000 per recipient each year, yet the agency often lacked documentation that recipients possessed “unusually high or unique qualifications” or that they were at risk of leaving federal service without additional compensation.

The watchdog further found that CISA broadened eligibility beyond approved guidelines by lowering the threshold of time employees needed to spend on NICE Framework cybersecurity work from 51 percent to 30 percent. The temporary change expired, but continued in practice, the report noted.

Oversight and Tracking Gaps

According to the OIG, the Office of the Chief Human Capital Officer did not maintain accurate, centralized records of recipients and payments, making it difficult to verify compliance. Required certifications attesting to mission-critical duties and retention risk were often missing or incomplete.

These management failures, the report said, undermine the program’s effectiveness and risk wasting taxpayer dollars while also discouraging highly qualified cyber professionals if incentives are not directed appropriately.

The watchdog warned that the deficiencies increase the risk of fraud, waste and abuse and undermine CISA’s ability to ensure that incentive funds are used effectively to retain critical cybersecurity talent.

OIG Recommendations and CISA’s Response

The OIG issued eight recommendations, including developing a formal risk management plan, tightening eligibility rules, reinstating clear criteria for cybersecurity work percentages, consolidating program oversight under a single office, improving recordkeeping and tracking, and recovering unallowed payments.

CISA agreed with all recommendations. The DHS Office of the Chief Human Capital Officer has set target dates in 2026 to implement updated policies, new tracking mechanisms and recovery actions.

/
FedRAMP Seeks Public Comments on KSI Changes, New Cloud Security Configuration Standard
Published on
FedRAMP logo. FedRAMP seeks comments on proposed KSI updates and a new configuration standard for cloud service providers.

The Federal Risk and Authorization Management Program has issued two requests for comment on proposed changes to its Key Security Indicators and a new standard for secure configurations of cloud service offerings.

The public comment period for both RFCs started on Sept. 10 and will close on Oct. 10.

Updated & New Key Security Indicators

KSIs outline the security capabilities expected from cloud service providers that intend to achieve and sustain a FedRAMP 20x authorization. The proposed updates to existing Phase One KSIs aim to address ineffective or insufficient ones. The changes also include new KSIs for the FedRAMP Low and Moderate baseline to bridge gaps and incorporate additional controls.

Cloud service providers pursuing Moderate authorization during the Phase Two pilot must showcase advanced maturity in depth and automation.

New Secure Configuration Standard

FedRAMP is also seeking public comment on a recommended secure configuration standard, required by Executive Order 14144, titled “Strengthening and Promoting Innovation in the Nation’s Cybersecurity,” as amended by EO 14306, “Sustaining Select Efforts to Strengthen the Nation’s Cybersecurity and Amending Executive Order 13694 and Executive Order 14144.”

The new standard aims to formalize FedRAMP’s requirements and recommendations, detailing the security configurations federal agencies need to attain before deploying a cloud service. Once finalized, the standard will be applicable to both FedRAMP 20x and FedRAMP Rev5, with the latter proceeding without a beta testing phase.

//
Government Leaders Discuss Using AI to Streamline ATO Review
Published on
Artificial intelligence. DOD tech leaders shared that AI can accelerate the ATO process.

Katie Arrington, acting chief information officer at the Department of Defense and a Wash100 Award winner, is keen on automating and applying artificial intelligence to accelerate the process of granting an authority to operate, or ATO, to software for integration into Pentagon networks.

The official said at the Billington Cybersecurity Summit, as reported by Breaking Defense, that taxpayers pay for ATO, which is why she wants to use advanced tools to accelerate the process and cut associated costs.

Government Looks to Automation, AI to Streamline ATO

Other government leaders at the event discussed how their respective organizations are implementing technologies to enhance the ATO process.

Dave Raley, who leads a team called Operation Stormbreaker at Marine Corps Community Services, shared that automation is already improving the process of granting an ATO. He shared that the Marine Corps’ Authorizing Officer approves an ATO package within 24 hours, whereas, traditionally, the process would take much longer.

Doug Cossa, the intelligence community CIO, revealed that the IC has an “espresso ATO” or “the minimum set of controls” software needs to have in place to automatically get an authorization.

“Right now, while we define those, it’s a manual process,” he added. “We’re looking to automate that evaluation … over the next year.”

More Than Just Technology

Dave McKeown, the Pentagon’s chief information security officer and a two-time Wash100 awardee, explained that vendors who want to speed up the process and get their products approved for use at the DOD need to submit a software bill of materials and provide proof of Secure Software Development Framework compliance. The documentation would enable AI to check the cybersecurity soundness of a software and grant authority, he said.

Moreover, McKeown divulged that defense leaders plan to overhaul the Risk Management Framework, or RMF. While he said the DOD is not getting rid of RMF, the framework will be modified to shift focus from “compliance and checklists and humans to cybersecurity and cyber survivability and automation.”

/
NASA, War Department Partner to Advance Cargo Drone Operations
Published on
Cargo drone. NASA and the Department of War have partnered to develop advanced cargo drones for long-distance operations.

NASA and the Department of War have conducted a flight demonstration aimed at fast-tracking the development of modern cargo drones for long-distance transportation.

Advancing Long-Distance Cargo Drone Flights

The initiative, part of the Federal USS Synthesis Effort, is intended to enhance the efficiency and safety of cargo drone operations while minimizing human workload, NASA said Friday.

The live flight test, part of the War Department’s UAS Logistics, Traffic, Research and Autonomy effort, showcased how drones can fly beyond visual line of sight, or BVLOS, of their operators. During the demonstration, conducted by FUSE researchers, including experts from Ames Research Center, the cargo drones flew for over 75 miles across North Dakota while carrying different payloads.

The flight test utilized NASA’s UAS Service Supplier, or USS, technology to ensure the unmanned systems could safely operate within shared airspace. The system transmitted real-time flight data, including location and altitude, ensuring full situational awareness.

Remarks From NASA Executive

“FUSE builds upon our interagency cooperation to contribute enhanced capabilities for drones flying beyond the visual line of sight. This mission is the next big step toward true autonomous flight and will yield valuable insights that we can leverage as both the commercial drone, cargo and urban air taxi industries continue to expand and innovate,” said Todd Ericson, senior adviser to the NASA administrator.

/
BizINT: The Rising Intelligence Crime-Fighting Resource
Published on
Jason Lee. The Moody's chief intelligence officer talked about BizINT ahead of a panel discussion at the 2025 Intel Summit.

Criminal enterprises and terrorist groups are becoming more sophisticated and capable every day. National security threats including drug trafficking, forced labor and financial scam rings from sub-state organizations like drug cartels are becoming more difficult to address because they are increasingly being run like legitimate businesses.

These sub-state organizations often have structured processes, a current strategy and even key performance indicators. But intelligence officers have a new tool that is gaining prominence in fighting crime: business activity intelligence, or BizINT.

What Is BizINT?

Jason LeeMoody’s senior director and chief intelligence officer, told ExecutiveGov in an exclusive interview that BizINT, or digital footprints left behind by bad actors, provides insights through publicly-available business records about how bad actors utilize legitimate professional activities to serve the interest of parallel criminal activity.

The use of BizINT is growing so fast in the intelligence community that it has been coined by units in the Office of Naval Intelligence, or ONI, and the Department of Treasury. BizINT, Lee said, provides extremely valuable targeting activities that further the discovery of new entities and people. It also provides tips and cues for where an investigation should go next.

Be the first to learn about the newest crime-fighting tools in intelligence at the Potomac Officers Club’s 2025 Intel Summit on October 2! Learn about the latest threats to U.S. national security at the “Addressing the Triple D of Bad Actor Threats – Disproportionality, Disinformation, and Deception” panel discussion, moderated by Lee. Discover the latest in how the federal government is thinking about industry partnerships. Sign up today for this prestigious GovCon event and prepare for increased revenues in FY 2026! Use the promocode Intel25AI for a 10 percent discount.

How Is BizInt Used?

Lee said BizINT also provides substantial contextual information, or the “how” and “why” behind criminal schemes. These are non-obvious gaps in fragmented pieces of classified information that agencies collect through clandestine means.

“The one thing intelligence professionals need to keep in mind with BizINT is that it can be used to address non-financial crime issues as much as it can with obvious financial crime problems such as anti-money laundering and threat finance,” Lee shared.

What makes BizINT even more valuable, Lee said, is that sub-state organizations are patient and think longer-term than individuals, who can be impulsive. Organizations can also have associations with governments, either officially or with corrupt officials, without a witting legitimate government.

“[Criminal] organizations have a support system that facilitates obfuscation much earlier and [provides] the ability for global reach to operate in countries [where] unsuspecting victims don’t think it is even possible for such bad actors to have a presence,” Lee said.

BizINT’s value to investigations is large but often understated: it can provide insight to not only financial crimes such as money laundering, but also to physical crimes with a financial core such as human smuggling, terrorism, counterfeiting and more. Importantly, BizINT’s detail is sufficient enough to allow investigators to conduct pattern and trend analysis.

Learn More About BizINT at the 2025 Intel Summit

Threats from bad actors in intelligence is a dynamic and fast-moving topic. At the 2025 Intel Summit, attendees of the “Addressing the Triple D of Bad Actor Threats – Disproportionality, Disinformation, and Deception” panel discussion will dig into countering adversary tactics built on misdirection and strategic surprise. They’ll also be part of the conversation about understanding how “Triple D” challenges vary across signals, geospatial and open-source intelligence disciplines and how to build resilient frameworks to disrupt information at speed.

Find out more about our industry-leading panel participants:

BizINT: The Rising Intelligence Crime-Fighting Resource

Jason Lee (moderator)

Senior director & chief intelligence officer, Moody’s

Lee possesses 30 years of expertise in national security analysis and the investigation of financial crimes. For 17 years, he was employed as an intelligence analyst with the FBI, during which he was detailed to the CIA, Office of the Director of National Intelligence and the Intelligence Advanced Research Projects Activity. Lee ultimately achieved the position of senior national intelligence officer, a senior executive role within the federal government. Previously, Lee was also associated with UBS and Guidehouse and he established the security consulting firm ThreatPlaybook in 2018.

BizINT: The Rising Intelligence Crime-Fighting Resource

Austin Wang

Vice president of intelligence, MITRE

Wang spearheads MITRE’s initiatives to foster comprehensive, collaborative and multi-agency solutions. He integrates efforts across the IC and the broader national security framework while also influencing MITRE’s, and the nation’s, approach to addressing national security issues.

With nearly three decades of experience in leadership roles within the IC, Wang became part of MITRE in 2022 after dedicating 21 years to the CIA, where he most recently served as a senior executive and led clandestine technical operations.

During his time at the CIA, he oversaw the human intelligence, or HUMINT, technology office for the directorate of science and technology, a.k.a DS&T. Wang also managed a global organization within the intelligence community, overseeing comprehensive activities related to unique intelligence, encompassing collection, processing, analysis, and dissemination.

 

BizINT: The Rising Intelligence Crime-Fighting Resource

Joe Landino

[Retired] chief information officer and director of mission systems, National Counterterrorism Center

Landino committed 40 years to U.S. national security efforts in roles both in and out of government. He was an officer in the Air Force, held the title of vice president at two major technology research and development companies, and worked in the CIA’s senior intelligence service, overseeing technology development and operations in the geospatial intelligence, or GEOINT, open-source intelligence, a.k.a. OSINT, and counter-terrorism fields. He also completed assignments at agencies including the National Reconnaissance Office; the National Geospatial Intelligence Agency; and the National Counterterrorism Center.

BizINT: The Rising Intelligence Crime-Fighting Resource

David Marlowe

Vice president at Amentum, former CIA deputy director

Marlowe spent more than 30 years at the CIA, mostly living and working across the Middle East. Most recently, he served as the deputy director of CIA operations, supervising the operational workforce and global clandestine intelligence collection activity.

Marlowe earlier served as assistant director of the CIA for the near east, managing all CIA work such as intelligence collection and analysis related to the Middle East and north Africa.

 

BizINT: The Rising Intelligence Crime-Fighting Resource

Catherine Aucella

[Retired] National Security Agency executive director

Aucella spent 41 years at the NSA, ultimately serving as the executive director, the second-highest civilian position within the agency. In this capacity, she collaborated with the NSA’s director and deputy director to lead the agency’s global operations and to represent the NSA at numerous external engagements.

These included the IC, congressional committees, industry representatives, academia and various professional organizations. Aucella was responsible for directing strategic initiatives and corporate responses to the nation’s most intricate cryptologic challenges and requirements.

Aucella began her NSA career as a linguist and intelligence analyst. She later held numerous operational and corporate leadership roles. Notable achievements in her career include overseeing NSA’s Office of Counterterrorism in the aftermath of the 9/11 attacks, acting as senior liaison and chief of the NSA’s integrated workforce at the UK’s Government Communications Headquarters, or GCHQ.

 

BizINT: The Rising Intelligence Crime-Fighting Resource

Dr. Dan Taninecz Miller

Director of NLP & LLMs at BigBear.ai

Taninecz Miller is an AI and machine learning director and practitioner focused on national language, information campaigns and geopolitics. His doctoral research examined using computational tools to analyze issues including state-sponsored propaganda on social media, Chinese international foreign investment policy and extremist group behavior on YouTube.

As a computational social scientist, Taninecz Miller has used programming languages such as Python and R to treat “text as data” and evaluate large collections of qualitative data in new ways. As principal data scientist at BigBear.ai, he works to use large language models, or LLMs, and other national language processing, a.k.a NLP, models to better understand national language data.

BizINT: The Rising Intelligence Crime-Fighting Resource

/
Treasury, GSA Launch SAVE Program to Curb Wasteful Contract Spending
Published on
Treasury logo. Treasury partnered with GSA to launch the SAVE program to eliminate wasteful contract spending.

The Department of the Treasury has partnered with the GSA to launch the Savings Award for Verified Efficiencies, or SAVE, Program to reduce wasteful federal contract spending. The joint initiative aims to deliver considerable savings while keeping focus on mission readiness, Treasury said Wednesday.

Building on Defend the Spend Success

The SAVE Program builds on lessons from GSA’s Defend the Spend initiative, which highlighted ways to use federal contracting funds more efficiently. Treasury has expanded the model to involve federal employees in savings initiatives and recognize and reward them for their efforts.

Under the SAVE program, Treasury GS and GS-equivalent employees not classified under the Senior Executive Service may propose contract cancellations, descopes or other cost-reduction measures within their program areas. If the approved proposals generate verified savings, employees can earn awards of up to 5 percent of the savings, at a maximum of $10,000 per contract action.

Learn more about innovative federal contracting vehicles at the Potomac Officers Club’s 2025 Homeland Security Summit on November 12!

Treasury & GSA Leaders on Collaborating

“Through this strengthened partnership, Treasury and GSA are setting a new standard for responsible stewardship of public funds. Together, we are building a cost-saving model that can be scaled across government. We look forward to working with our partners across the Trump Administration to ensure that every taxpayer dollar is spent wisely and efficiently,” said Treasury Secretary Scott Bessent.

GSA Acting Administrator Mike Rigas called the initiative an example of strong interagency collaboration. “By empowering frontline federal employees to act decisively on wasteful contracts, we are driving a cultural shift toward greater accountability and efficiency government wide,” he explained.

“Through this incentive program, the initiative places the tool directly in the hands of federal workers across agencies. By rewarding the federal workforce, we are democratizing savings efforts across government and strengthening our collective role as responsible fiduciaries to the American taxpayer,” said Federal Acquisition Service Commissioner Josh Gruenbaum, a 2025 Wash100 Award winner.

1 92 93 94 95 96 2,704