This week, the National Association of State Chief Information Officers (NASCIO) released it annual State CIO Top Ten Policy and Technology Priorities list for 2026, signaling where state technology leaders are focusing their efforts, and limited resources, in the new year. This year’s list is reflective of the current policy, priority, and funding shifts that have affected SLED agencies most, coupled with the apparent drive towards innovation and modernization.

The National Defense Authorization Act (NDAA) is passed annually to define the Department of Defense’s priorities and guide how funds are allocated. While it doesn’t directly appropriate money, it shapes the direction of defense spending and sets the framework for future contracts. This makes it a key indicator of where IT investments and opportunities will emerge.

As the U.S. marks Cybersecurity Awareness Month, a critical pillar of the nation’s digital defense has expired. On September 30th, Congress failed to pass a continuing resolution, furloughing many federal cybersecurity staff and allowing the Cybersecurity Information Sharing Act (CISA) of 2015 to lapse as cyber threats are reaching unprecedented levels. The Cybersecurity and Infrastructure Security Agency, which spearheaded much of the law’s implementation, has also furloughed nearly two-thirds of its workforce.

Over the last decade, technology has profoundly transformed U.S. state, local government, and higher education (SLED). As digital landscapes evolve, a skilled workforce is crucial. Pluralsight has proudly supported state and local governments for a decade by partnering with NASCIO through sponsorships and workforce development initiatives. Explore the top ten tech trends reshaping public service, and see how Pluralsight helps leaders build resilient, future-ready teams.

The United States is facing a significant cybersecurity workforce shortage, with NIST identifying over 500,000 open cyber positions and estimating there are 74 workers for every 100 cyber jobs. This shortage threatens both the nation’s private sector security profile and federal agencies struggling to compete for cybersecurity professionals. As such, the government is working to support cyber education in the United States. In the meantime, departments will also likely need to implement cyber solutions that can aid in accommodating for the workforce shortfall.

Cybersecurity and Infrastructure Security Agency (CISA) budget reductions might seem like a government-only problem. But the ripple effects are already hitting private organizations hard. 

While these cuts don't directly take money out of a private company's bank account, they send a powerful message. It can inadvertently signal that security threats are diminishing or no longer a top-tier concern. This perception, however wrong, can echo in boardrooms across the country. 

October is Cybersecurity Awareness Month. 2025 has been a year sprinkled with updates to security needs across federal agencies, with new rules and enforcement attempting to reshape how IT vendors and partners engage with the government. Here’s the most prominent Need to Know topics and insights across the space, starting with CMMC.

CMMC 2.0

The Department of Defense is set to begin enforcing the Cybersecurity Maturity Model Certification (CMMC) regulations on November 10, 2025.

In August, the Department of the Air Force (DAF) held the annual Department of the Air Force IT Conference (DAFITC) in Montgomery, Alabama. They brought together leading voices from the U.S. Air Force, U.S. Space Force, industry and academia centered on the theme “Lethality, Readiness and Efficiency.” The event spotlighted how modern IT infrastructure, cybersecurity, data and workforce development are all coming together to shape a more agile, secure and mission-ready force.

The DoD is rolling out aggressive updates to its supply chain cybersecurity framework. If you sell software, services or infrastructure into the Defense Industrial Base (DIB), expect tighter requirements, faster timelines and zero tolerance for compliance gaps. These changes affect your ability to win and keep DoD contracts—especially with new programs like:

In early June, President Trump released an Executive Order designed to modify sections of Orders 13694 and 14144 previously released by former administrations and “strengthen the nation’s cybersecurity by focusing on critical protections against foreign cyber threats and enhancing secure technology practices.” We’ll look at the latest provisions and implications therein specifically to software, quantum and AI development.