Tag Archives: Government blog

Government-Wide Technology Funding and Measurement in Flux

Posted on by

For more than a decade, the Federal Information Technology Acquisition Reform Act (FITARA) and the Technology Modernization Fund (TMF) have served as twin pillars of accountability and investment. Together, they helped move federal IT away from fragmented decision-making and aging systems toward a more strategic, enterprise-focused approach.

However, both programs are in a sort of holding pattern while Congress decides on 2026 funding, and while it re-examines how best to measure the agency IT modernization process against the quickly evolving tech environment and ongoing changes in the current administration's goals. Continue reading

Exploring the State of State and Local Cyber Resources

Posted on by

State and local organizations are highly targeted by cyber criminals due to the value of the data they hold and the criticality of the systems they operate. In 2024, there were over 40,000 potential cyber attacks targeting state, local, and tribal governments. Despite this very real threat, these same organizations are largely underfunded and understaffed when it comes to cyber protection.

The federal government has looked to fill this gap between risk and preparedness. The State and Local Cybersecurity Grant Program (SLCGP) was established under the Infrastructure Investment and Jobs Act of 2021, providing (when combined with the Tribal Cybersecurity Grant Program) $1 billion in funding available over four years for state, local, tribal, and territorial cybersecurity efforts. This program ended at the close of the 2025 government fiscal year but received a short-term extension under the stopgap funding agreement that reopened the government in November 2025. Continue reading

Tracking the Rollout of CMMC

Posted on by

The Cybersecurity Maturity Model Certification (CMMC) is a framework that requires companies contracting with the Department of Defense (DoD) to meet security standards based on the sensitivity of the data they manage. These standards, based on the National Institute of Standards and Technology's (NIST) SP 800-171 standard, have been in place for eight years, but CMMC further formalizes compliance.

As of November 10, 2025, Defense agencies now require at least a Level 1 certification to award any new contract. To meet this requirement, companies must self-certify that they comply with 15 controls--specified by 800-171--that cover basic cyber hygiene. Next November 10 (in 2026), DoD will require that Level 2 status for contracts dealing with Controlled Unclassified Information (CUI), which currently can be self-assessed, be verified through a third-party assessment of compliance with all 110 controls in the NIST standard. Then in 2027, contracting officers can start requiring those seeking Level 3 certification to undergo an assessment by the Defense Industrial Base Cybersecurity Assessment Center. A Level 3 requirement would apply to technology dealing with highly sensitive data or systems, where a breach could have far-reaching impact. Continue reading

Securing Our Healthcare Infrastructure

Posted on by

We don't typically think of healthcare as infrastructure, but the functioning of our healthcare facilities is just as essential as that of our roads and utilities. Because of this criticality, healthcare systems require 100% uptime, a necessity that is vulnerable to the reality of cyber threats.

According to the FBI's Internet Crime Report, the healthcare industry reported 444 cyber-related incidents in 2024, the most out of any critical infrastructure industry. Despite this reality, many hospitals and health systems feel unprepared to respond and recover from these threats. The Travelers Risk Index survey found that only 51% of healthcare respondents were confident their organizations have best practices in place to prevent or mitigate a cyber event. Key challenges driving this lack of confidence include: Continue reading

How Technology Is Improving Citizen-Government Relations

Posted on by

When it comes to modernizing government, implementing new technology should not be the goal. The driver should be mission achievement improving service. Technology should not be the end solution, but an enabler of better processes.

With that in mind, we wanted to take a look at some of the buzziest technology solutions and see how they are enabling better citizen service.

Geospatial Data

A good deal of government service involves knowledge of a location. City, state, and federal governments need geospatial data to inform their work--from efficient emergency response to disaster preparedness and response, to the coordination of major events like Mardi Gras, marathons, and the upcoming World Cup and 2028 Olympics. Continue reading