The Cyberspace Solarium Commission’s (CSC 2.0) annual implementation report has sparked fresh concern from representatives and cybersecurity leaders that U.S. cyber progress is slowing. Bureaucratic delays, budget constraints and uneven policy follow-through, particularly around the Cybersecurity and Infrastructure Security Agency’s authorities and funding, are all apparent.

But does this paint the full picture of the technical implementation and enforcement of U.S. cybersecurity? Hardly.

Beneath the policy layer, the technical and strategic modernization of U.S. cybersecurity is actually accelerating faster than ever. While there’s a lot of doom and gloom at the civilian policy level, it’s important we acknowledge the progress individual agencies have made and provide constructive steps to continue to capitalize on that progress.

A defining moment came with the finalization of the CMMC 2.0 rule, which is now effective and entered its first implementation phase on Nov. 10. More than 80,000 defense industrial base vendors will be required by contract to comply with rigorous cybersecurity controls aligned to NIST 800-171, with a hard assessment deadline in 2026.

CMMC 2.0 ensures that cybersecurity is no longer a checkbox exercise or a “nice-to-have” policy objective. It’s now a legal and contractual requirement. By the time full assessments begin in 2026, the Defense Department will have reshaped the entire DIB into a verified ecosystem of secure software and systems providers.

That’s a significant milestone that will set the stage for the operationalization of accountability for government technology.

Equally as transformative is the DoD’s quiet revolution in risk management. In September 2025, the DoD introduced its Cybersecurity Risk Management Construct (CRMC). This is a long-awaited, direct successor to the outdated, paperwork-heavy Risk Management Framework.

The new construct adopts the continuous authority to operate (cATO) model, enabling near-real-time monitoring and risk response. It’s a move away from static compliance documentation toward dynamic, data-driven assurance, reflecting the pace of modern software delivery.

The DoD’s transformation is being powered by the Software Fast Track (SWFT) initiative, launched in mid-2025 to modernize acquisition. SWFT brings DevSecOps automation directly into the authorization process, ensuring secure software can reach warfighters faster and without compromising security. It’s a fundamental shift from compliance to continuous validation.

Lastly, the CSC 2.0’s report doesn’t touch on the work being done by the National Institute of Standards and Technology to operationalize the AI Risk Management Framework for 2026. This will bring much-needed clarity to secure and responsible AI adoption across government and industry.

It’s easy to equate stalled legislation or delayed budgets with a lack of progress. But in cybersecurity, the most impactful advancements rarely happen in congressional hearings. They happen in codebases, acquisition reforms and audit protocols. The policy narrative may be sluggish, but in those areas, we are actually seeing healthy progress as the technical foundation of U.S. cyber defense is advancing rapidly.

Through CMMC enforcement, cATO adoption, automated software assurance and AI governance, federal cybersecurity is entering an implementation era where secure software supply chains and continuous monitoring are not aspirations, but expectations.

With all that said, does this mean the CSC 2.0’s findings should be ignored? Absolutely not.

The reality is that we don’t have a cybersecurity problem; we have an insecure software problem. By not driving forward policy at the civilian-level to change the economics in such a way that incentivizes ensuring the delivery of secure software, we may be ceding the very progress I just outlined.

However, to say “U.S. cyber progress stalls” is to overlook this reality. The truth is that 2025 marks the year where U.S. cybersecurity finally shifted from policy to practice.

Antoine Harden is the vice president of federal sales at Sonatype.

The post US cyber progress isn’t stalled — it’s evolving first appeared on Federal News Network.

© Getty Images/Phimprapha Kitaiamphaisan

A little more than a century ago, the US Army Air Service came up with a scheme for naming the military’s multiplying fleet of airplanes.

The 1924 aircraft designation code produced memorable names like the B-17, A-26, B-29, and P-51—B for bomber, A for attack, and P for pursuit—during World War II. The military later changed the prefix for pursuit aircraft to F for fighter, leading to recognizable modern names like the F-15 and F-16.

Now, the newest branch of the military is carving its own path with a new document outlining how the Space Force, which can trace its lineage back to the Army Air Service, will name and designate its “weapon systems” on the ground and in orbit. Ars obtained a copy of the document, first written in 2023 and amended in 2024.

Read full article

Comments

© York Space Systems

A bipartisan bill that would end the Trump administration’s rollback of collective bargaining rights for most federal employees is guaranteed to get a full House vote, now that a majority of lawmakers support it.

As of Monday, 218 House lawmakers signed onto a discharge petition, forcing the House to vote on the Protect America’s Workforce Act.

The bill, led by Reps. Brian Fitzpatrick (R-Pa.) and Jared Golden (D-Maine) would restore collective bargaining rights for tens of thousands of federal employees, if approved by Congress.

President Donald Trump signed an executive order in March that barred unions from bargaining on behalf of federal employees at many agencies, on the grounds that those agencies work primarily in national security. In August, he signed another executive order that expanded the list of agencies barred from negotiations with federal employee unions.

Lawmakers estimate the executive order impacts about 67% of the federal workforce. The Trump administration’s policy has barred unions from representing employees at the departments of Defense, State, Veterans Affairs, Justice and Energy.

A group of six unions led by the American Federation of Government Employees sued the Trump administration over its rollback of collective bargaining rights, arguing that the administration has taken an overly broad view of agencies that work primarily in national security.

A federal judge blocked the administration from enforcing the executive order in April, but an appeals court stayed that decision this summer and allowed agencies to keep canceling collective bargaining agreements that cover broad swaths of the federal workforce. Since the appeals court’s ruling, several agencies have rescinded their collective bargaining rights with unions.

Reps. Mike Lawler (R-N.Y.) and Nick Lalota (R-N.Y.) contributed the last two signatures for the discharge petition on Monday. Lawler said in a statement that “restoring collective bargaining rights strengthens our federal workforce and helps deliver more effective, accountable service to the American people.”

“Every American deserves the right to have a voice in the workplace, including those who serve their country every single day. Supporting workers and ensuring good government are not opposing ideas. They go hand in hand,” Lawler said.

Everett Kelley, national president of the American Federation of Government Employees, applauded Republican lawmakers for supporting the bill, and called on the House to quickly vote on it.

“Collective bargaining gives employees a fundamental voice in making the government work better for the American people, and we thank Congressman Lawler for recognizing that America functions best when labor and management cooperate toward common goals,” Kelley said.

AFGE’s National VA Council recently filed a lawsuit challenging the VA’s selective enforcement of the administration’s executive order. The complaint states that VA Secretary Doug Collins scrapped collective bargaining agreements with unions opposed to the Trump administration’s federal workforce polices, but spared labor contracts for unions that represent VA police, security guards and firefighters.

Meanwhile, another bipartisan group of lawmakers is also leading a bill that would restore collective bargaining rights for VA employees. Sens. Richard Blumenthal (D-Conn.), Lisa Murkowski (R-Alaska), Chuck Schumer (D-N.Y.), and Rep. Delia Ramirez (D-Ill.) are leading that bill.

The National Treasury Employees Union, as well as the National Weather Service Employees Organization and the Patent Office Professional Association, are also suing the Trump administration over its collective bargaining rollback.  Federal courts in D.C. will hold proceedings in both cases next month.

The post House majority forces vote on bill to restore collective bargaining for most federal employees first appeared on Federal News Network.

© AP Photo/J. Scott Applewhite

Following the longest shutdown in U.S. history, the federal workforce is now trying to get back to at least some sense of normalcy.

While federal employees who have been furloughed for the last 43 days return to work Thursday, the Office of Personnel Management is setting expectations for agencies as they begin to update pay, leave and benefits for those impacted by the lapse in appropriations.

In new guidance, OPM said it is “is committed to ensuring that retroactive pay is provided as soon as possible.” Compensation will be provided for both furloughed and excepted federal employees, as the spending agreement that was enacted Wednesday evening reaffirmed. A 2019 law previously called for retroactive compensation for all federal employees impacted by a shutdown.

A senior Trump administration official said the White House “has urged agencies to get employee paychecks out expeditiously and accurately to not leave anyone waiting longer than necessary.”

But the timing of employees receiving their back pay varies, depending on what payroll provider an agency uses, and the different pay schedules across the federal workforce.

Sending out retroactive payments to employees involves working across agency HR offices, federal payroll providers and shared service centers. Agency HR offices, for instance, have to submit timecards for federal employees, which are then processed by the government’s various payroll providers.

According to the senior administration official, employees from the General Services Administration and OPM will be among the first to receive their retroactive paychecks, with an expected deposit date set for Saturday.

Employees at the departments of Veterans Affairs, Energy, and Health and Human Services, as well as civilian employees from the Defense Department, will receive their deposits shortly after that — this Sunday.

On Monday, affected employees from the departments of Education, State, Interior and Transportation, as well as the Environmental Protection Agency, National Science Foundation, Nuclear Regulatory Commission, Social Security Administration and NASA, are all expected to receive their back pay.

Then on Wednesday, employees from the departments of Agriculture, Commerce, Treasury, Labor and Justice, along with the Department of Homeland Security, the Department of Housing and Urban Development and the Small Business Administration, are projected to get their paychecks. The timing of the retroactive payments for feds was first reported by Semafor.

The National Finance Center, a payroll provider housed under the Agriculture Department, confirmed that employees at agencies using NFC’s services should expect a payroll deposit by the middle of next week.

“In order to provide backpay for employees as quickly as possible, the National Finance Center will be expediting pay processing for pay period 22 and backpay for pay periods 19 (October 1-4), 20 (October 5-18), and 21 (October 19-November 1),” USDA wrote in an all-staff email Wednesday evening, obtained by Federal News Network.

Federal News Network has reached out to several other federal payroll providers requesting details on the timeline for processing retroactive payments.

The National Treasury Employees Union urged immediate back pay for all federal employees who have been going without compensation for the last six weeks.

“This is an emergency for federal employees across the country, and they should not have to wait another minute longer for the paychecks they lost during the longest government shutdown in history,” NTEU National President Doreen Greenwald said. “We call on all federal agencies to process the back pay immediately.”

In its new guidance, OPM also noted that to make payments as quickly as possible, payroll providers may need to “make some adjustments.” That could mean, for instance, that the initial retroactive payments employees receive might not reflect the exact calculations of their pay and leave hours.

“Payroll providers will work with agencies to make any necessary adjustments as soon as practicable,” OPM said.

Who receives back pay, and how much?

Furloughed employees will receive their “standard rate of pay” for the hours they would have worked if the government shutdown hadn’t occurred, OPM said in its guidance Wednesday evening.

But there are some exceptions to that. If a furloughed employee, for example, had been scheduled for overtime hours that would have occurred during the shutdown, OPM said they should be paid their premium rate for those hours.

Additionally, OPM said that allowances, differentials and other types of payments, like administratively uncontrollable overtime pay or law enforcement availability pay, should be paid as if the furloughed employee continued to work.

Although most employees impacted by the shutdown are ensured back pay, there are some smaller exceptions carved out where employees may not receive retroactive pay, OPM added.

If a furloughed employee was in a non-pay status before the shutdown began, for instance, then they are not entitled to receive back pay.

Excepted employees who were considered “absent without leave” (AWOL) — or in other words, took unapproved time off — will also not receive back pay for that time.

Guidance on leave, post-shutdown

Although excepted employees are not required to use paid leave for taking time off during the shutdown — and can instead enter a “furlough” period — there may still have been some instances where excepted employees took leave during the funding lapse, OPM wrote in its guidance.

In those cases, excepted employees who were approved to take paid leave during the shutdown will be charged for the hours from their leave bank, OPM said.

Agencies are also expected to begin adjusting leave accrual for furloughed employees. Now that the shutdown is over, furloughed employees should be placed in a “pay status” for the time they would have otherwise spent working during the funding lapse. That means accrual of annual and sick leave will be retroactively adjusted as if the employees were in a pay status, OPM said.

Excepted employees continued to accrue leave during the shutdown, which should be reflected in their leave banks, OPM said.

What happens to RIFs of federal employees?

On top of reaffirming back pay, the spending bill that was enacted Wednesday evening also rescinds the roughly 4,000 reductions in force that have occurred since Oct. 1. Federal employees will be temporarily protected from additional RIFs, at least until the end of January.

Agencies have five days to inform federal employees who received RIF notices in October that those actions are rescinded.

“Agencies should issue those notices and confirm to OPM the rescissions have been issued,” OPM’s guidance states.

At least 670,000 federal employees have been furloughed, and 730,000 employees have been working without pay during the shutdown. Agencies have been putting plans in the works to return all furloughed federal employees to their duties as of Thursday.

OPM also said agencies “may consider” providing flexibility for employees who might not be able to return to work immediately, such as by approving personal leave or adjusting individual work schedules.

The post Post-shutdown, here’s how soon federal employees can expect back pay first appeared on Federal News Network.

© AP Photo/Mark Schiefelbein

Interview transcript: 

Terry Gerton You, I’m sure, paid very close attention to Secretary Hegseth’s speech last Friday on the arsenals of democracy. What was your takeaway?

Stephanie Kostro Thanks so much for asking, Terry. And not only was I listening with bated breath, I was actually in the room. And for any Hamilton fans out there, it was the room where it happened. There were roughly 250 folks in an auditorium on Fort McNair when Secretary of War Hegseth rolled out his ideas for transforming acquisition. And there was a lot to be said, Terry, he spoke for well over an hour, nonstop, no questions, just kept going. I would say it’s fair to characterize the audience as a rapt. We were waiting for everything he had to say. There were three main topics he wanted to talk about. One was reforming or transforming the requirements process. The second was transforming the acquisition process. And the third was reforming foreign sales processes, and that’s including both foreign military sales and direct commercial sales. So all of that were key topics for everyone in that room.

Terry Gerton Well, let’s take those one by one and the requirements topic, of course, came up first. He talked about the end of the JCIDS and a realignment of the JROC. What did you take away?

Stephanie Kostro So the requirements process has long been an issue of great concern to industry, as well as from my time as a congressional committee staffer on House Armed Services Committee, talking about by the time you go through the several years to validate a requirement, it may actually be obsolete by the end time you roll out of that process. And so the idea of transforming the requirements process has been long anticipated. And I really appreciate what the secretary said regarding being flexible. Going for combining the requirements process with the acquisitions process so that it’s modular, that it does leverage available commercial technologies and products, that it really looks forward to getting a faster delivery times and getting weapons both developed and then deployed and in the hands of the warfighters who need them. So that was very much appreciated. No one, I think, will cry over the demise of JCIDS, but the question becomes, what rises to replace it. And, of course, the under secretary of war for acquisition and sustainment owes guidance on this issue to be released 45 days from the date of that directive, and then the military services have to come up with plans of action within 60 days. So the next two months are going to be very, very busy.

Terry Gerton All right. Part two was a reform of the acquisition process itself. The headline here is the elimination of PEOs and the replacement of them with program acquisition executives, right?

Stephanie Kostro PAEs, that is correct. So I think the other piece of this that goes hand in hand with requirements transformation is the reform and the transformation of the war fighting acquisition system, as they call it now, not the defense acquisition system. And it really focuses on the war-fighting piece of it. I think what I took away, and he said this a few times, Secretary Hegseth, and I’m going to quote him here, they want to increase acquisition risk in order to reduce operational risk. And for me that means putting flexibility in the hands of contracting officers and those in the programs to pursue modular, multi-source solutions throughout the development of a requirement, or rather the development, of a capability. And then actually to get it into the hands of the warfighter. They want to reward and incentivize speed and performance over bureaucratic processes. And that is music to a lot of industry’s ears.

Terry Gerton So a big part of that speed increases buying commercial first. Secretary Hegseth said they are willing to settle for 85% functionality and work toward 100%.

Stephanie Kostro So that was, I think, an interesting turn of phrase for him, mostly because he did say a few times to increase acquisition risk to reduce operational risk. And of course, you’re going to have to have a balance there of what is that 85% and what 15% are you going to be missing? And so I think as they move forward with embracing modularity, fostering competition and pursuing multi-source procurement, that you do want to move fast to contract. He also did mention not over-relying on the testing element. And so we’ve seen that in previous memos, particularly back in May, where Secretary Hegseth signed some memos about operational test and evaluation and streamlining that process in those offices. And so what I also found interesting is talking about putting contracting officers within the program offices too, so they can sit alongside the requirements developers and the folks who are responsible for fielding the capability, so they get a better sense of what the requirements are and how to incorporate those into contracts, leveraging commercial technologies as much as they are available.

Terry Gerton I’m speaking with Stephanie Kostro. She’s the president of the Professional Services Council. Stephanie, let’s touch on topic number three quickly, the foreign military sales reform.

Stephanie Kostro Part of this reform, or they keep saying transformation, not reformation, so I’ll key into that, transforming what military sales looks like. We’ve had lots of conversations, and I was at the Pentagon, in particularly the European office, talking with our allies and partners about how they could access U.S. solutions, and it always was a multi-year process to go from all of that pre-work where we talk about requirements to a letter of offer and acceptance at the end of it, and actually delivering the materials. It’s multi-year and it is so frustrating, particularly when companies want to compete with non-U.S. companies who don’t have the layers of bureaucracy. And so I look at the reorganization that the secretary laid out, that is to move the Defense Security Corporation Agency and the Defense Technology Security Administration, so I’ll say DSCA and DITSA, which is how we call them, over to the acquisition undersecretary. I think those are smart moves if in fact you want to speed up the fielding of compatible and interoperable equipment with our friends and allies. That said, I think it’s important to note that we need to incentivize folks in order to speed those situations up. And one thing that works really well, and it’s something that PSC has talked about in the past, is if you’re going to have an assistant secretary in a military service responsible for acquisition, and each of the military services has that individual, you need to put into their performance metrics foreign sales. They need to be measured on how well they are doing on that front as well. And that is something that I will be talking to the Pentagon folks and our CEO at PSC, Jim Carroll, will be taking to his Pentagon friends as well regarding how to actually incentivize this behavior.

Terry Gerton So this speech on Friday was the tip of the iceberg, much remains to follow in terms of detail, right? What will you be watching for there?

Stephanie Kostro I will be watching for the number of times and the depth of availability of Department of War individuals to speak with industry. This needs to be a collaboration. When you’re talking about speeding up requirements and speeding up contracting and speeding up foreign sales, you really need to talk to the industry that will be responsible for that. One thing that I did take away from the speech on Friday was an openness for profit. And I say that because a lot of times industry gets demonized for making a profit. But what happens is when you have profits, you can actually turn them back into the company and then make investments in future opportunities. And so if companies are allowed to make a profit, then they can have more money to invest in their companies and their technologies and actually move the ball forward faster. And so as we go through this, I will be looking at opportunities not only to comment formally through written comments, whether that’s through the Federal Register or the System of Acquisition Management, or SAM.gov, but also having round tables. We’ve offered to Department of War individuals, we at PSC are happy to schedule and facilitate a round table to have industry speak candidly with their government partners about how to make this happen faster, better and more efficiently.

Terry Gerton So you’d say that the speech was pretty well received by the folks in the room, then.

Stephanie Kostro I would say it was very well received as a rhetorical device. The proof is always in the pudding. The devil is always in the details. I think as we move forward, there will be more enthusiasm. Enthusiasm will grow, but it really depends on what those reports look like, that guidance from the undersecretary in 45 days, the military service plans of actions in 60 days, and how much input it reflects from industry. I think there is generally a recognition across the board, industry, executive branch and Congress, that something needs to change here. And in fact, a lot of what was in the speech reflected things that are under negotiation in the National Defense Authorization Act conference right now. And I think we are all rowing in the same direction. And I hope we stay doing that.

The post The Pentagon wants faster weapons and it’s giving industry just 60 days to help make it happen first appeared on Federal News Network.

© Andrew Harnik/Pool via AP

The White House’s nominee to lead the Pentagon’s Cost Assessment and Program Evaluation office, long criticized for overstepping its advisory role, told lawmakers he would work to restore the office’s credibility by refocusing it on its statutory mission as an independent advisory rather than a decision-maker.

“I have seen CAPE take on an advocacy role that I think is inappropriate for an independent analytic organization,” Michael Payne, who is currently serving as the acting director of CAPE, told the Senate Armed Services Committee Thursday.

CAPE has faced scrutiny over the years for operating beyond its statutory responsibilities — in 2023, the House Armed Services Committee even proposed eliminating the office altogether. While Congress ultimately decided against shutting down the office, the fiscal 2024 defense policy bill required the Defense Department to overhaul how it operates.

The annual legislation required the Pentagon to create an analysis working group, which would work with CAPE, the Joint Staff and DoD components to improve analytic standards across the force. The bill also required the department to stand up an analytical team, or the “program evaluation competitive analysis cell” — an independent team to review CAPE’s methodologies, assumptions and data. 

In addition, the law mandated a pilot program on alternative analysis to test new approaches for evaluating defense programs.

So far, only one of those requirements has been met. “We have stood up the analysis working group, but we absolutely need to do more. Red teaming is an important part of any scientific or analytic endeavor, and if I’m confirmed, I will make it a priority to ensure that we comply fully,” Payne said. 

Sen. Roger Wicker (R-Miss.), who leads the Senate Armed Services Committee, voiced frustration during the confirmation hearing that little progress has been made, even though Payne has been in a leadership role at CAPE since the bill was signed into law.

“You’ve been deputy director since the law passed, and since January, you’ve been acting director. And yet, the second and third directives of the statute passed by the Congress and signed into law by the commander-in-chief have not been implemented — that is a concern,” Wicker said. 

In his written responses to lawmakers’ questions ahead of his confirmation hearing, Payne said steering the office back to its roots and away from advocacy would be his biggest challenge. The effort, he said, would require reforming the office’s cost-estimating and program-evaluation processes to better align with department-wide ongoing acquisition reform initiatives.

“I would address the program-evaluation process by reforming the analysis of alternatives approach to better align with the reformed requirements and acquisition processes, including early engagement with industry. For cost estimating, I would focus on ensuring cost reporting requirements for industry are less burdensome in order to better facilitate the entry of non-traditional vendors into the acquisition process,” Payne said.

When asked if he believes that the CAPE office would benefit from outside reviews of its processes, Payne said he recommends “using existing government entities to conduct such reviews, that the reviews be targeted with specific objectives, and that DCAPE be given an opportunity to address the findings directly in order to implement improvements.”

‘Strained’ workforce

Payne said while the team is still capable of meeting existing legal requirements by pushing some of its cost-estimation work to the military services, CAPE’s workforce is stretched thin.

“The recent addition of statutory requirements for military construction and sustainment review cost estimating has necessitated increased delegation to the services,” Payne said.

“I believe the workforce is sufficient, though strained in certain areas as it adapts to broader national workforce demographic and skill shifts,” he added.

The post Senators press nominee for Pentagon CAPE director on failure to implement NDAA reforms first appeared on Federal News Network.

© AP Photo/Ben Curtis