Pentagon officials acknowledged that military services could inflate cyber readiness levels as the Defense Department works to standardize how it manages its cyber workforce, but said the effort is still in its early stages and validation mechanisms are being developed to prevent “rubber-stamping” qualifications.
While the Pentagon is moving away from relying solely on individual military services to self-assess cyber readiness, it still largely depends on self-reported data, which raises concerns about the accuracy of readiness reporting.
But Timothy Beard, associate civilian cyberspace and information technology career field manager at the Department of the Air Force, said commands are engaging with the process more seriously instead of treating it as paperwork and “making efforts to do that validation at those levels themselves.”
“It’s a concern of ours. We don’t want the, ‘Hey, it’s time to report. Just fill in something and send it. There needs to be some accuracy, there needs to be some validation in that process. And we know we’re in the early stages of reporting … I would expect at some point validation is going to come into play, whether it’s happening at the local level or somewhere within the command,” Beard said Friday during an Air & Space Forces Association Warfighters in Action event.
“Right now, it’s a ‘be honest,’ but we expect and we hope that, for the sake of your mission, you are doing the right things to qualify your folks,” he added.
Matthew Eisner, the department’s cyberspace workforce development lead, said readiness reporting shouldn’t be treated as a “compliance drill,” but rather a tool the services can use to better understand their workforce and advocate for additional resources.
“We need to change the script. We want to change what the way people are looking at this is. This is a benefit for you,” Eisner said.
“There isn’t a single organization out there that hires an individual, lets them in the front door and says, ‘You can start doing all the defensive networks right now.’ They all run them through something, that’s the intent of residential qualifications to make sure that people have the capability. That’s all we’re trying to codify, is understanding what people can do and make that from a broader perspective in the department so we can present that to our senior leaders, and then we can advocate for resources for you, go to our congressional members and really push the envelope,” he added.
The Pentagon is moving toward an enterprise-wide approach to managing its cyber workforce as it works to bring consistency to how it identifies and qualifies cyber talent across the military services.
At the center of that effort is the DoD Cyber Workforce Framework, or DCWF, which establishes an “authoritative lexicon based on the work an individual is performing, not their position titles, occupational series, or designator.” The framework supports implementation of the department’s 8140 policy for developing its cyber workforce. Under that policy, the Pentagon has broadened its definition of cyber work to include roles spanning cyber operations, artificial intelligence, data and software engineering, among other job categories.
One of the promises of the new framework is improved visibility. Beard said the cyber workforce dashboard is a primary tool for gaining a “wide, big picture view of the overall cyber workforce.” The Defense Department uses its Advana data platform to integrate data from multiple systems and present a department-wide view of cyber readiness.
But integrating data across the services is an ongoing effort. Both the services and the Defense Department are still learning how to report, aggregate and interpret cyber workforce data consistently.
“It’s a learning side on both ends. Just on the HR side, that’s 10 different systems, because we separate manpower and personnel across each of the military departments, and then we’re still working through how we’re collecting some of the qualification data. Some people have systems. Some people are doing that manually. I’m having to integrate all that up at the Department of War level so we can paint the department’s posture,” Alfredo Rodriguez, workforce innovation directorate deputy director, said.
The Senate approved 97 Trump administration appointees before leaving town for the holidays on Thursday, with the confirmed list including top officials at the Defense Department, the General Services Administration and the Department of Veterans Affairs.
The vote on Thursday leaves just 15 nominations awaiting confirmation in the Senate heading into 2026. It also brings the total number of confirmed presidential appointees to 417 so far in Trump’s second term.
Tech officials confirmed
Ethan Klein was confirmed to serve as the fifth U.S. chief technology officer and as associate director of the White House Office of Science and Technology Policy.
Klein’s confirmation comes as the Trump administration has embraced artificial intelligence and related technologies. The White House CTO position has been vacant since 2021, as the Biden administration never named an official to the post.
OSTP said Klein will “lead and coordinate national policy efforts to advance American leadership across critical and emerging technologies, including AI, quantum, nuclear energy, and biotechnology.” Klein is a nuclear engineer who served at OSTP during the first Trump administration.
“I’ve worked with Dr. Ethan Klein for nearly a decade and seen firsthand his expertise as a policymaker and technologist. He brings unparalleled experience, thoughtful leadership, and results-driven energy to the role of U.S. CTO,” OSTP Director Michael Kratsios said in a statement. “I’m thrilled to once again be working together to fulfill the president’s agenda and ensure global American leadership in science and technology,”
The Senate also confirmed Kirsten Davies to serve as the DoD chief information officer. As CIO, Davies will nominally serve as the top advisor to Defense Secretary Pete Hegseth on IT and cybersecurity. Her confirmations comes as Hegseth has pushed DoD to adopt AI technologies rapidly.
Davies has extensive private sector executive experience, most recently as chief information security officer at British multinational company Unilever.
During her September confirmation hearing, Davies said “great change” is needed within the defense IT enterprise.
“There are great people, but at today’s speed of change, skills must be constantly refreshed and future fit. New entrants with innovative tech solutions struggle with red tape and lack of access. Cyberattacks are pervasive,” Davies said. “America’s adversaries are motivated and capable to inflict massive impact, and there is little deterrence. Great change is needed in this time and in this hour.”
DoD CFO, R&E chief confirmed
In addition to Davies, the Senate confirmed a raft of other DoD officials yesterday. They include Michael Powers to be DoD comptroller and chief financial officer; Amy Henninger to serve as director of operational test and evaluation; and James Mazol as deputy undersecretary of defense for research and engineering.
Senate Armed Services Committee Chairman Roger Wicker (R-Miss.) applauded Mazol’s confirmation in a Dec. 19 statement.
“James has a sharp understanding of the threat environment the United States faces, particularly as it pertains to China’s advancements in critical technology areas,” Wicker said. “I look forward to partnering with him and his office to meet America’s defense needs.”
GSA gets first permanent chief under Trump administration
The Senate confirmed Edward Forst, a real estate and financial services executive, to serve as the Trump administration’s first permanent head of the General Services Administration.
Forst told the Senate Homeland Security and Governmental Affairs Committee in October that GSA “stands at the tip of the spear” of the Trump administration’s government efficiency agenda.
A major part of that efficiency agenda, Forst said, is the need to “right-size” its real estate portfolio, and address a growing maintenance backlog for the properties it owns.
Forst said offloading these underutilized and deteriorating properties will “ensure taxpayers no longer pay for underutilized space and properties that may never fully be repaired,” and ensure federal employees have better office space.
Federal real estate is on the Government Accountability Office’s list of high-risk federal programs, because of the ballooning backlog of maintenance and repair needs. According to GAO, the backlog more than doubled between fiscal 2017 and 2024, from $170 billion to $340 billion.
“Deferred maintenance is a very gentle term for, I’ll say, delinquent maintenance,” Forst said.
GSA is supporting the Trump administration’s return-to-office mandate for federal employees by moving agencies out of underutilized office space that falls short of a 60% average utilization goal
Forst said GSA is falling short of its own return-to-office goals, because 25% of its headquarters building is falling behind on its own deferred maintenance projects and has been deemed “uninhabitable.”
VA’s top health care official to oversee reorganization
The Senate also confirmed a new permanent leader of the Department of Veterans Affairs’ health care operations, ahead of its biggest reorganization in decades.
John Bartrum, a former senior advisor to VA Secretary Doug Collins, will serve as VA’s under secretary for health. Bartrum, a combat veteran with more than 40 years of active-duty and reserve military service, previously oversaw policy and funding at the National Institutes of Health and the Centers for Disease Control and Prevention.
Collins said in a statement that VHA’s current leadership structure “is riddled with redundancies that slow decision making, sow confusion and create competing priorities”
“When everyone’s in charge of everything, no one’s in charge of anything,” Collins said.
VA says the changes aren’t expected to result in a significant change in overall staffing levels. But the Washington Post first reported that the VA no longer plans to fill tens of thousands of vacant health care positions.
The VA says it’s briefed lawmakers on the reorganization, and that implementation will take place over the next 18-24 months.
“The department’s history shows that adding more employees to the system doesn’t automatically equal better results,” Collins told lawmakers in May.
Senate VA Committee Chairman Jerry Moran (R-Kan.) said a statement that he applauded Bartrum for his commitment to allow more veterans to seek health care outside the VA system.
“I look forward to working closely with him and Secretary Collins to improve the health of veterans in Kansas and across the country,” Moran said.
The top Democrat on the Senate VA Committee, Richard Blumenthal (D-Conn.), said in a statement Friday that Bartrum “played a key role in stonewalling and slow walking Congress and veterans” on requests for information about VA’s budget, community care wait times, contract cancellations and staffing plans.
The Senate confirmed William Kirk to be inspector general of the Small Business Administration, Anthony D’Esposito to serve as IG at the Labor Department and Platte Moring to serve as IG at DoD.
Lawmakers also confirmed Thomas Bell to be inspector general at the Department of Health and Human Services and John Walk to be inspector general at the Agriculture Department.
The nominations of Bell, D’Esposito and Walk, respectively, drew some concern from Democrats about their political backgrounds. In his written testimony prepared for an October confirmation hearing, Bell pledged to “examine, evaluate, audit, and investigate to support the initiatives of President [Donald] Trump and Secretary [Robert] Kennedy.”
DHS nominees approved, but CISA still waits
Several Department of Homeland Security officials have also gotten through the confirmation process this week. Most notably, the Senate approved Adm. Kevin Lunday’s nomination to be commandant of the Coast Guard.
Sen. Jacky Rosen (D-Nev.) had placed a hold on Lunday’s nomination after the Coast Guard called some hate symbols “potentially divisive” in a new policy, setting off a firestorm of criticism. The Coast Guard removed those references in the policy Thursday, clearing the way for Rosen to remove her hold on Lunday’s nomination.
However, Rosen is reportedly still holding the nomination of Sean Plankey to serve as director of the Cybersecurity and Infrastructure Security Agency over concerns about the Coast Guard implementing the change. Plankey is currently serving as a senior advisor in the Coast Guard.
Meanwhile, the Senate on Thursday also confirmed James Percival to serve as general counsel at DHS and Pedro Allende to serve as under secretary for science and technology at the department.
President Donald Trump’s orders for most agencies to end collective bargaining are preventing the enforcement of a recent contract violation at the Environmental Protection Agency, according to a federal union.
In a decision issued last week, a third-party arbitrator found that EPA violated its collective bargaining agreement earlier this year by failing to negotiate with the American Federation of Government Employees over a return-to-office policy. But any further action related to that ruling cannot currently be enforced, since the arbitrator’s Dec. 12 decision came months after EPA terminated its agreement in response to Trump’s orders.
“Without these union protections, it’s basically just open season on public service,” Justin Chen, president of AFGE Council 238, which represents EPA employees, told Federal News Network.
In February, AFGE had filed grievances over EPA’s withdrawal of employees’ telework and remote work agreements. At the time, AFGE alleged that EPA violated its union contract by implementing return-to-office changes without giving the union advance notice or the opportunity to negotiate, despite the contract requiring it.
EPA, however, maintained that it did not need to negotiate over the return-to-office changes. The agency argued that the union’s proposals were already addressed in the contract and therefore “non-negotiable,” according to the Dec. 12 arbitration document.
“Every employee on remote work and telework agreements understood that they might be recalled to the office or that their agreements could be terminated,” EPA wrote. “The agency is not obligated to bargain over the recall to agency worksites, as this was done consistent with the contract.”
An EPA spokesperson declined to comment for this story, stating that the agency has a longstanding practice of not commenting on pending litigation.
In the Dec. 12 decision, the third-party arbitrator determined that the union was “fully justified” in its demands for collective bargaining over the return-to-office changes. The arbitrator found that EPA violated the contract by implementing the return-to-office policy and rescinding telework and remote work agreements, without giving the union prior notice or the opportunity to negotiate.
“The agency has refused, and continues to refuse, to bargain with the union,” the decision reads.
But because EPA terminated its collective bargaining agreement in August, the agency stated that it would no longer engage in arbitration — and that any arbitration decisions were “non-binding,” according to the Dec. 12 document.
EPA’s return-to-office requirements came in response to an executive order on Trump’s first day in office, directing agencies in the executive branch to end all telework and remote work agreements and return staff to the office full-time. Most agencies fulfilled the president’s orders within the first several weeks of the administration.
In response to Trump’s orders, EPA required employees to return to fully on-site work earlier this year and canceled telework and remote work agreements for agency staff.
“There was already quite a significant tightening regarding telework and remote work, but once the Trump administration came in, there was just a unilateral cancellation and violation of our contract,” Chen said.
In a February memo from the Office of Personnel Management, the Trump administration told agencies that “provisions of collective bargaining agreements that conflict with management rights are unlawful and cannot be enforced.”
Since then, an appeals court has also allowed agencies to move forward with “de-recognizing” their unions, reversing a court order that had previously held up Trump’s orders for most agencies to cancel their union contracts. Following the appeals court decision in August, several agencies — including EPA — rescinded their agreements.
AFGE’s Chen said the loss of the contract means EPA employees can no longer exercise “Weingarten rights,” or the ability for a bargaining unit employee to have a union representative present during investigatory interviews that have the potential of leading to discipline.
As an example, Chen pointed to the union’s inability to bargain prior to the suspensions and firings of EPA employees who signed a letter criticizing EPA Administrator Lee Zeldin earlier this year. Some of the terminated EPA employees later filed a legal challenge against the agency in December. Their case is now pending at the Merit Systems Protection Board.
“Typically, any sort of change in working conditions would have to be negotiated with the union, but that’s not happening,” Chen said. “We have to continue pushing and organizing to get our contract rights back.”
AFGE is urging the Senate to take up the Protect America’s Workforce Act, which would reverse Trump’s orders from earlier this year, and allow arbitration decisions — like the one at EPA — to move forward.
The House passed the legislation Dec. 11, with the entire Democratic Caucus and 20 Republicans voting in favor of the bill. The Senate companion bill for the Protect America’s Workforce Act was first introduced in September by Sen. Mark Warner (D-Va.), and has two Republican cosponsors, Sens. Lisa Murkowski (R-Alaska) and Susan Collins (R-Maine).
Vendors who file frivolous bid protests will now be held more accountable under a provision in the 2026 defense authorization bill.
The “loser pays” language is trying to actively discourage incumbent contractors from filing protests just to keep getting paid.
But experts say new data from the Government Accountability Office shows vendors are becoming more discerning when it comes to filing complaints, seemingly making this new language less necessary.
“The fact that the bid protest effectiveness rate is higher than 50% and has been for the last four years, is compelling evidence to me that the GAO protest process is working as it’s supposed to, and that frivolous protests aren’t a significant problem,” Hunter Bennett, a government contracts lawyer with Covington and Burling, said in an interview with Federal News Network. “Most government contractors don’t hold only one contract, this is their business and the agencies are their customers. The idea that you would just file a frivolous protest and risk ticking off your customer and engendering all sorts of bad will going forward, I think does not square with my experience with the contractors we work with. They take protesting very seriously and they only do it when they have a real concern and feel as though they’re not being heard.”
In its annual bid protest report to Congress released last week, GAO found the number of protests filed decreased year over year. Vendors filed 1,688 protests in fiscal 2025, which is 6% fewer than in 2024. It’s down 17% over the last two years.
Source: GAO bid protest report to Congress for fiscal 2025.
The effectiveness rate is the percentage of vendors who file protests and get some sort of relief, whether the agency pulls back the award and reopens considerations or GAO decides on the case for the protestor.
Bennett said another reason why frivolous protests are less of a concern is agencies are more often offering debriefings to losing bidders.
“For a long time, agencies thought that if we don’t tell them anything during the debriefing, they’ll just go away. When, in fact, they would take that approach, then the contractors would get kind of suspicious and be like, they must be hiding something, even if they weren’t. They would say, ‘We’ve got to file a protest so we can find out what’s really going on here,’” Bennett said. “The enhanced debriefing process for the DoD agencies has, I think by and large, been successful. It’s been something that has reduced the number of protests that are being filed, and I think it’s actually been helpful in terms of building more trust between agencies and disappointed offerors.”
DoD to develop new rules
Despite the decrease in protests for much of the past five years, with only 2023 being an outlier, lawmakers added a provision to the defense authorization bill to create the “loser’s pay” statute.
In Section 875 of the NDAA, which President Donald Trump signed into law on Dec. 18, Congress mandated that DoD update their acquisition regulations by May to establish procedures for a contracting officer to withhold payment of not greater than five percent of the total amount to be paid to an incumbent contractor during the protest period. Then, if GAO finds that the protest lacked any “reasonable legal or factual basis,” the contractor would lose that money that DoD withheld.
Bennett said the idea of a “loser’s pay” provision isn’t a new one, but something lawmakers have tried to include in the NDAA or through other bills several times over the past five years or so.
There is a lot still to be determined because Congress is leaving a lot of discretion to DoD as it creates the regulations.
In the meantime, Bennett said that while the GAO report provided few surprises, there are some interesting data points.
For example, the number of task or delivery order protests came in at 359, which is in line with what GAO has seen over the last decade since Congress gave it the authority to entertain certain task order protests. In 2024, GAO received 346 task or delivery order protests.
The effectiveness rate came in at 52% for the second year in a row. GAO says it’s been fairly consistent that vendors are more likely than not to gain some sort of relief if they file a complaint over the last five years.
“[The effectiveness rate] tells me that the protest process is working exactly as it should. I think disappointed offerors are coming to GAO with valid concerns and agencies are taking those concerns seriously, and they’re willing to address those problems in their, any problems they see in their procurements by taking voluntary corrective action, whether that, rather than digging in their heels and continuing to litigate,” Bennett said. “When a client comes to me, what I would tell them is, ‘Let’s talk about what your concerns are.’ Then, if we can boil them down into the type of concern that GAO typically takes seriously, and it looks like a real concern, I would say it’s definitely worth filing a protest and getting your hands on the agency report and seeing whether your concerns have legs.”
Bennett said the number of sustained protests, which came in at 53 and is the lowest in the last five years, was also interesting. GAO only decided the merits of 380 cases, which too was the lowest number in five years.
He said the sustained protests were interesting because of the reasons why GAO decided in favor of the vendor.
GAO says the top 3 reasons for a sustained protest were:
Unreasonable technical evaluation;
Unreasonable cost or price evaluation;
Unreasonable rejection of proposal
Bennett said GAO gives agencies a lot of discretion when it comes to evaluating proposals because it’s, in many ways, an overly subjective process. He said these three reasons mean the protests are based on objective or factual reasons.
“That the number one protest ground is an unreasonable technical evaluation might, to the people that don’t do a whole lot of protest work, might suggest to them that if you just say, ‘Hey, our proposal was great and you evaluated it as not being as good as we think it was,’ that is a virtually impossible claim to win,” he said. “I think when you take a look at those actual, at the facts of those unreasonable technical evaluation cases where GAO sustains, what you’ll find is that there is some sort of aspect of the technical evaluation that the agency was supposed to look at that it didn’t look at. So in other words, it’s much more of a process or procedural problem than one where the agency didn’t assign the right rating.”
The War Department released updated pay tables for Federal Wage System employees nationwide to ensure that skilled and talented workers earn the prevailing wages they deserve, no matter where they serve.
Cybersecurity Maturity Model Certification requirements have officially descended upon the defense industrial base, the global network of businesses that produce materials, components and services to support the Defense Department, setting off something of a witching hour for a huge number of companies.
With DoD’s September publication of final rules, it could formally include CMMC requirements in its solicitations and contracts starting Nov. 10. It will be a phased-in scenario: within three years, nearly all DoD solicitations will stipulate that contractors must conform to one of three levels of cybersecurity requirements.
A number of forward-thinking companies are proceeding as if third-party certification of CMMC compliance for themselves and subcontractors is already a must today. In fact, that will be the case for a big chunk of the DoD contracting ecosystem over the next 12 months, as supply chains recognize both the risks of waiting and the advantages of racing forward.
Yet industry estimates suggest that only around 200 companies have been assessed so far by authorized third parties — even though up to 80,000 firms, plus many of their subcontractors, will be required to be officially vetted soon under Level 2 cyber hygiene certification.
A crisis brewing
Given the small number of early adapters, it’s reasonable to assume that a CMMC crisis is brewing at many companies, with some panicking, some in denial that a certification requirement is really here, and some underestimating what compliance and certification really entail. Others are travelling a complex, expensive path toward compliance that may lead to success, or may lead to more complexity and expense.
We know of many, many companies that have backburnered taking action on the latest phase of CMMC because there had been no firm timetable for roll-out for so long. That approach has undoubtedly created significant risk and disadvantage for many businesses — because there is now very little time to act.
Taking a step back, the CMMC framework aims to ensure that defense contractors can adequately protect controlled unclassified information and federal contract information. Several hundred thousand companies have been self-reporting at Level 1 CMMC certification level, which does not involve third-party assessment. Level 2 not only demands an assessment, but it also requires compliance with 93 more practices than Level 1 does.
The challenges
We convened some of our counterparts in the IT and compliance world, including cybersecurity risk management expert Gray Analytics, to discuss CMMC compliance issues percolating for defense contractors. Here are some of the collective observations:
Limited qualified resources: As mentioned, nearly 80,000 firms will need Level 2 certification. But there are only about 70 firms authorized to provide assessments and certification. These companies are known as certified third-party assessor organizations (C3PAOs), and they are accredited by the cyber accreditation body. They, along with a subset of CMMC certified assessors who work under them, may be among the only sources of truly effective gap analyses and guidance for Defense contractors and subcontractors needing to succeed with Level 2 CMMC certification.
Too many unqualified resources: Many companies are relying on or bringing in in-house capabilities to conduct a gap analysis and then address the subsequent remediation. Or they’re entrusting work to consultants that may not be well-versed and experienced enough with CMMC. Accordingly, many of their customers could fail the certification assessment and have to go back to the drawing board — and thus lose more time, money and contracts, both current and prospective ones.
Narrowing opportunities: Many big Defense contractors are starting to weed out their subcontractors — sticking with those that have been assessed by a C3PAO and are certain to be in Level 2 compliance. In these contractors’ view, it’s critical to be well along in preparation, as remediation takes time and waiting will be costly.
And then there’s the challenge of a company’s actual IT environment: hardware, software, processes, procedures, workflows and continuous updates. CMMC puts pressure on that function. Some companies may be best served finding a qualified provider of an external IT platform they can use as a service or utility. That raises the questions of whether it’s feasible and which one to go with.
Important steps
Given this daunting, time-compressed backdrop, what’s a company to do? Here are key steps to consider:
Review contracts carefully. Companies with DoD contracts or subcontracts should review what they’ve signed, or are planning to sign, extremely carefully. If there’s Defense Federal Acquisition Regulation Supplement language in the contract, it means you’ll probably need to be CMMC compliant, perhaps at Level 2.
Understand CUI. If that’s the case, then you’ll need to do the work to really understand CUI and whether you’ll be working with that kind of information. The National Archives offers the detailed information, and DoD offers free CUI training, which may be mandatory for you.
Assess business impact. Look at the company’s book of business and pipeline to determine whether it will be worthwhile to move toward assessment-proof CMMC compliance. If Defense work involving CUI is only a tiny part of the corporate strategy, it may not be and make more sense to forego certain contracts. Or it may be extremely worthwhile — an imperative.
Identify internal expertise. If the latter, determine if there’s someone at the company well-versed in CUI and what CMMC compliance entails who can spearhead the process and gather the right resources.
Choose the right partner. If there’s not a superb internal resource, look for outside help. But that’s easier said than done. As noted, there’s only a small group of firms that qualify as C3PAOs. Some outfits that are CCAs are also effective; others may have less — or no — experience doing the work.
More due diligence. If you cannot engage a C3PAO and must turn to the cyberab.org marketplace for a list of CCA firms, it’s critical to ask the ones you speak with for references at companies they’ve helped successfully pass the assessments. If they have not done so yet, it’s probably best to move on.
These steps should help you get through a gap analysis to understand the necessary actions to successfully pass an assessment.
From there, you’ll need to make sure your IT environment can handle all the requirements. If the company uses a managed service provider or cloud service provider, you’ll need to evaluate — with the help of a C3PAO or reliable CCA — whether your service provider is CMMC-focused enough and will stay ahead of evolving requirements and updates.
If you need to switch service providers, it may be worth searching for one with a compliant, CMMC-ready platform that amounts to IT-as-a-service. This would probably be a service provider moving rapidly toward FedRAMP certification. That would signal that the program continuously evolves its approach to the security requirements of federal agencies.
An existential challenge for the whole defense industrial base
Looking at the big picture, CMMC compliance represents an existential challenge not just to companies that know they’ll be subject to Level 2 certification; companies in the Level 1 category — where they simply have to self-report — may, in actuality, need to pass assessments. If there’s a data breach at the firm, DoD will automatically assess with Level 2 standards what was self-reported. If the company doesn’t live up to what it reported, it will, at best, need to scramble. At worst it could be a business-destroying problem.
The bottom line: The reality of CMMC compliance is accelerating and demanding, impacting the defense industrial base with force and speed. Be prepared.
Business checking quality assurance QA or QC management. certification Standardization, certification. Compliance to regulations service and standards, Digital Guarantee Checkmark
Terry Gerton PopVox has been advocating for a long time for a number of reforms to congressional operations. Three have kind of risen to the top of your stack lately. Talk us through what those three are and how you think if they pass, they would improve congressional operations?
Danielle Stewart Beginning of this year at the beginning of the appropriations process, we spoke with offices on both sides of the aisle to advocate for recommendations and reforms in the legislative branch bill text that would address the pacing problem. And that is everything from AI training to caseworker office support. And the way that we have been able to work with offices and continue this work over many years really speaks to the continued need in the House to prioritize these items, but also we’ve been able to prioritize them and champion them because there have been members that have been alongside us working towards these reforms as well. And so the importance here is that modernization is an ongoing project for the legislative branch. This is something that’s personal and important for me because I was a staffer on the Select Committee on the Modernization of Congress in the 116th Congress when the committee was first stood up. As a then-House staffer, being able to work with our member offices to advance over 100 recommendations on a bipartisan basis to deliver that final report in what was then still a very divided Congress really speaks to how meaningful this work can be for people. And so there was a second select committee in the 117th Congress. And last Congress, the select committee was enveloped and turned into a subcommittee under the Committee on House Administration. And so that subcommittee has helped to continue that work on a bipartisan basis and has continued to work with us for Congress to have improved technology and a better resourced workforce. And so getting back to what was included in the ledge bill was the highlighted importance of AI training and continued use of AI tools in the House. The continued emphasis on the need for caseworkers to have access to better resources and better tools, which we are seeing in what’s called the Case Compass Project. And a congressional liaison directory, which is housed and managed by the Congressional Research Service, which also helps, speaks to supporting staff and ensuring that they have the tools they need to better do their jobs, which in turn they can better help their constituents and provide results for their districts.
Terry Gerton I’m speaking with Danielle Stewart. She serves as the PopVox Foundation’s advisor for congressional initiatives. Danielle, let’s take each one of those in turn. The data map or the legislative branch data map, what would it really take to implement that now that it’s in law? And how will it change how the congressional offices operate?
Danielle Stewart Sure. Yeah, that’s a great question. So I believe last Congress, they started the process of, of starting to put this together, at least within the House. We have said, and we’ve advocated for a full legislative branch data map, which would include all of the agencies in addition to Congress, right? So not just Congressional offices and everything within the Congressional complex. It would include GAO, CRS, Library of Congress. Everything that you see touched sort of through that legislative branch operations umbrella. There’s no complete map showing how the data flows through each of these branches or agencies through its life cycle. So this isn’t something that necessarily each member office or each congressional staffer would need to sort of think about or manage. This is something that is more of an institutional entity and in what would need to be managed at the technical level. But data maps at their core are, you know, visualization diagrams of data ownership formats, where the data is being transferred and they help an organization better understand the who, what, when and where of data to be able to maximize use and ensure its security. And so included in the legislative branch bill was language — or, the bill report — was language highlighting the need to continue putting this data map for Congress together. And so that is in the works, we’re very encouraged by that. It’s being increasingly, become increasingly essential as government entities begin responding to the emergence of AI and other technologies. And so, that is something that was certainly a priority for us, and we were encouraged to see the language included.
Terry Gerton Talk to us about Case Compass because that’s really interesting in terms of getting a more synchronized picture of how constituent offices are working.
Danielle Stewart Yeah, Case Compass, we’re incredibly excited about this project. And a lot of credit goes to my colleague, Anne Meeker, who is a former district staffer constituent services representative, and this is a real passion of hers. So the Case Compass project is, we’ve seen the development over the last couple of years. Right now, 50 member offices have opted into the pilot project. And what the pilot does is it anonymizes and aggregates constituent casework data. And the data then feeds into Case Compass. And so Case Compass itself is a dashboard that we have championed to track this data to be able to identify systemic issues and areas for improvement within the federal government. And so this helps caseworkers at the local level, better understand agency trends, they get to have potential issues or concerns within their districts. And also, caseworkers as PopVox Foundation has learned and helped really cultivate through a lot of Ann’s work — caseworkers are some of the best, well-connected congressional staffers because they see and hear everything that’s going on on the ground in these districts. And they are able to talk to each other and help each other regardless of party affiliation. And that is something that has always been worth celebrating and worth supporting. And so continued resources for caseworkers through this Case Compass project, this is a bipartisan achievement. The report language encourages continued development of the project. And through this project, Congress will be able to have the data to act when caseworkers see trends or issues. For example, you know, a couple of years ago, I think you probably remember, there was a huge, huge uptick after the COVID pandemic in passport delays, passport processing. And being able to get ahead of that, ahead of time, while caseworkers are being able to see sort of this creep up of these cases coming in, being able say, hey, red flag, we see this is happening. How can we get ahead of it and try to provide more resources to fix the problem, or to speak with the agency head and identify ways that we can work together to better support the American people. So that’s a huge win, and it’s better inter-branch communication and coordination, which is critically important.
Terry Gerton That makes a lot of sense. And it seems like the third initiative is closely related to that, a congressional liaison directory, maybe to help those awesomely connected local case workers stay even better connected.
Danielle Stewart Yes, and this is, I’m simplifying this tremendously, but I always, when I think about this one and I read about it in our materials, I always think about it as like a mega yellow pages for caseworkers, just a giant, beautiful phone book, which you would be disappointed and shocked to learn does not really exist. Like, you know, I have been able to open multiple freshman member offices and when you walk in the door and you open a district office, you’re not handed a packet of agency contacts, who to get in touch with at the VA, who to call if you have a Medicare question. Those contacts, they are available, but it is not as easy as a Google search. And so CRS maintains the only extensive list of congressional liaisons at executive branch and independent agencies. But the scope of casework is bigger than just those executive branch agencies as you would think of executive branch agencies just being here in D.C., right? There are D.C.-based liaisons, but regional contacts, processing center contacts and more. And so the language in this year’s report requests that CRS examine the feasibility of expanding this list and the appropriations committee will be working with them to do so. So that is huge. And the more resources that caseworkers and district staff and congressional staff as a whole have to better do their jobs, or more efficiently and effectively do their job, the better the service and representation will be for constituents.
Businessman with cloud computing diagram show on virtual screen. Cloud technology. Data storage, data transfer, Networking and internet service concept, technology internet storage network.
A driver has been found guilty of murder after killing one man and ploughing into several others during a drink-fuelled spree in London's West End on Christmas Day.
Resident doctors in Scotland have voted to go on strike in January – as their union called on the devolved government to present a "credible" pay offer.
House Republicans are seeking annual reauthorization of key programs at the Veterans Affairs Department. Top lawmakers on the House VA Committee are leading a series of bills that would reauthorize the department’s Veteran Readiness and Employment program. This is the third wave of VA reauthorization bills lawmakers have introduced. The legislation would also move the Labor Department’s Veterans Education and Training Service program to the VA.
The protests of GSA's OneGov deals for AI tools don't make the grade. The Government Accountability Office dismissed the complaints filed by AskSage over the low-cost contracts for artificial intelligence tools made by GSA under its OneGov program. In a decision released yesterday, GAO says its dismissal is on jurisdictional grounds as it does not review matters of contract administration. GAO says because GSA modified existing contracts under its schedule program, it doesn't generally review protests of allegedly improper contract modifications because such matters are related to contract administration and therefore not subject to review pursuant to its bid protest function. AskSage filed multiple protests in August, claiming GSA's deals for these AI tools are inconsistent with commercial practices and risked “an impermissible vendor lock-in scenario."
President Trump has tapped Lt. Gen. Joshua Rudd to lead both U.S. Cyber Command and the National Security Agency. NSA and Cyber Command have been without a permanent leader since April when Trump fired Gen. Timothy Haugh from the role. The Defense Department also announced the nomination of Marine Corps Maj. Gen. Lorna Mahlock to serve as deputy commander of U.S. Cyber Command. The role does not require congressional approval.
Most civilian federal employees are set for a 1% pay bump beginning in January. President Trump signed an executive order Thursday afternoon, finalizing the 1% pay raise for 2026, for most feds on the General Schedule. It’s the smallest annual increase civilian employees have received since 2021, and does not include any locality pay adjustments. Both law enforcement officers and military members will likely receive a larger pay raise of 3.8% in the new year.
Federal employees are in for a holiday treat, with two additional days off next week. President Donald Trump signed an executive order yesterday declaring both the day before and the day after Christmas as holidays for the federal workforce this year. Christmas Day is already a federal holiday, but presidents will often give additional days off for feds around the holidays. Certain employees, however, will still need to report for duty those days for national security, defense and other public needs.
The IRS is moving 1,000 IT employees out of its tech shop with few signs of what work they’ll do next. Impacted employees say they have few details about what work they’ll be doing, and have been told by the agency to instead “focus on completing an orderly transition of your current work.” The notice they received states that they will no longer be working on IRS IT projects. Employees must upload their resumes to be considered for other jobs at the IRS and the Treasury Department. Last month, IRS IT directed hundreds of its employees to complete a “technical skills assessment.”
More than 4,300 8(a) small businesses have extra time to collect and submit data to the Small Business Administration as part of the agency's ongoing program audit. SBA set a new deadline of Jan. 19, giving vendors nearly two more weeks to compile 13 different datasets. Along with deadline extension, SBA also posted answers to 14 questions it received from firms to help inform the process. SBA asked every company in the 8(a) program on Dec. 5 to submit information to help inform its ongoing audit seeking to root out fraud.
President Trump’s “Warrior Dividend” bonus for service members, which he suggested would be funded by tariff revenue, is actually a one-time basic allowance for housing stipend already approved by Congress. The $1,776 bonus payment Trump announced while addressing the nation Wednesday night will be paid using funds Congress appropriated to the Defense Department in the One Big Beautiful Bill Act to supplement the basic allowance for housing. The funding was originally intended to address rising housing costs and reduce service members’ out-of-pocket housing expenses. The Pentagon will disburse $2.6 billion of that funding as a one-time payment to roughly 1.28 million active-duty service members.
Federal employees have a final chance to weigh in on their experience in the workplace this year. The window for taking the Partnership for Public Service’s “Public Service Viewpoint Survey” closes at midnight tonight. The Partnership launched its own external questionnaire for federal employees, after the Trump administration canceled the 2025 Federal Employee Viewpoint Survey earlier this year.
Veteran Affairs building near the White House in Washington, Feb. 14, 2018. An internal watchdog's investigation has found that Veterans Affairs Secretary David Shulkin improperly accepted Wimbledon tennis tickets and likely wrongly used taxpayer money to cover his wife's airfare for an 11-day European trip. (AP Photo/Pablo Martinez Monsivais)
The Marine Corps is implementing changes to its physical fitness test and body composition standards in accordance with the secretary of war's military fitness standards memorandum issued Sept. 30.
Login
