This year’s Beyond the Beltway conference highlighted key strategic findings from IT leaders that signal where 2026 technology investments will be made and where to focus efforts for success. In 2026, state and local governments are at an inflection point: with rising expectations evolving alongside tightening budgets, staffing and timelines, success will depend on alignment of solutions to modernization requirements, workforce challenges and measurable ROI-driven outcomes.

The Golden Fleet, a US Navy initiative introduced by the administration in December of 2025, aims to revitalize the US shipbuilding industry, develop and sustain a new class of naval fleet and change how it does business to rapidly address maritime threats, particularly from China, in the Indo-Pacific region. The first frigate is planned for full operation in 2028.

In early February, Chief of Naval Operations Admiral Daryl Caudle unveiled the details of the US Navy’s 2026 Hedge Strategy. As the Navy is facing a great power competition, rapid technological change and strain on the defense industrial base, it is critical to adapt an innovative operational and strategic approach to maintain adversarial advantage. The strategy shifts away from dominance by mass towards a risk-balanced operational approach that has asymmetric, combat-ready capability. In other words, they are “hedging their bets” on more tailored capabilities and nimble operations.

The National Defense Authorization Act (NDAA) is passed annually to define the Department of Defense’s priorities and guide how funds are allocated. While it doesn’t directly appropriate money, it shapes the direction of defense spending and sets the framework for future contracts. This makes it a key indicator of where IT investments and opportunities will emerge.

In August 2025, President Trump signed an executive order titled “Improving Our Nation Through Better Design,” establishing the new “America by Design” initiative. The order aims to enhance both the digital and physical experiences of government services and facilities, signaling a major modernization effort focused on design, technology and user experience.

As the U.S. marks Cybersecurity Awareness Month, a critical pillar of the nation’s digital defense has expired. On September 30th, Congress failed to pass a continuing resolution, furloughing many federal cybersecurity staff and allowing the Cybersecurity Information Sharing Act (CISA) of 2015 to lapse as cyber threats are reaching unprecedented levels. The Cybersecurity and Infrastructure Security Agency, which spearheaded much of the law’s implementation, has also furloughed nearly two-thirds of its workforce.

The United States is facing a significant cybersecurity workforce shortage, with NIST identifying over 500,000 open cyber positions and estimating there are 74 workers for every 100 cyber jobs. This shortage threatens both the nation’s private sector security profile and federal agencies struggling to compete for cybersecurity professionals. As such, the government is working to support cyber education in the United States. In the meantime, departments will also likely need to implement cyber solutions that can aid in accommodating for the workforce shortfall.

Cybersecurity and Infrastructure Security Agency (CISA) budget reductions might seem like a government-only problem. But the ripple effects are already hitting private organizations hard. 

While these cuts don't directly take money out of a private company's bank account, they send a powerful message. It can inadvertently signal that security threats are diminishing or no longer a top-tier concern. This perception, however wrong, can echo in boardrooms across the country. 

October is Cybersecurity Awareness Month. 2025 has been a year sprinkled with updates to security needs across federal agencies, with new rules and enforcement attempting to reshape how IT vendors and partners engage with the government. Here’s the most prominent Need to Know topics and insights across the space, starting with CMMC.

CMMC 2.0

The Department of Defense is set to begin enforcing the Cybersecurity Maturity Model Certification (CMMC) regulations on November 10, 2025.

The DoD is rolling out aggressive updates to its supply chain cybersecurity framework. If you sell software, services or infrastructure into the Defense Industrial Base (DIB), expect tighter requirements, faster timelines and zero tolerance for compliance gaps. These changes affect your ability to win and keep DoD contracts—especially with new programs like: